Build APIs for importing additional CVE sources, in addition to the NVD

[Patagonia121]

Problem

The customer is using data gathered by Fleet, and wants to leverage a commercial vulnerability feed called VulnDB to extract additional CVE characteristics not found in Fleet, to create a temporary risk code for vulnerabilities when they are initially discovered. This code will allow them to quickly determine if immediate remediation is necessary or if it is a false positive, or not as critical or relevant for their systems, even if it has a high EPSS or CVSS score.

Some of the CVE datapoints that they will obtain from VulnDB, which will assist in creating the risk score for a vulnerability, include:

• Break down vulnerabilities by attack type
• Provide social risk scores
• Assess likelihood of ransomware
• Identify presence in CISA KEV
• Determine fix availability (some of this information can be grabbed from Fleet)
• Classify attack type and location
• Evaluate attack complexity

The example source to build from is https://vulndb.cyberriskanalytics.com/, but for us to prioritize it, it will be a generic integration that can support CVEs from any source.

Requestors: @mikermcneil @Patagonia121

[noahtalerman]

Heads up @Patagonia121 this request was discussed during feature fest last week and didn't make it into the current design sprint.