himynamesdave commented 3 days ago

 python3 -m unittest tests/test_12_0_cve_epss.py

See 2 Notes created. There should only ever be one note for a CVE, with multiple EPSS scors

e.g.

"x_epss": [
 {
  "score": "0.000450000",
  "percentile": "0.163990000",
  "date": "2024-10-10"
},
 {
  "score": "0.000450000",
  "percentile": "0.163990000",
  "date": "2024-10-11"
}

]

    "external_references": [
      {
        "source_name": "cve",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4165",
        "external_id": "CVE-2024-4165"
      }
    ],

[
  {
    "_key": "note--008cc7df-b92b-5753-9451-62a4588dccc1+2024-10-11T05:17:08.421163Z",
    "_id": "nvd_cve_vertex_collection/note--008cc7df-b92b-5753-9451-62a4588dccc1+2024-10-11T05:17:08.421163Z",
    "_rev": "_ilmAdCS---",
    "type": "note",
    "spec_version": "2.1",
    "id": "note--008cc7df-b92b-5753-9451-62a4588dccc1",
    "created_by_ref": "identity--562918ee-d5da-5579-b6a1-fae50cc6bad3",
    "created": "2024-04-25T12:15:07.540Z",
    "modified": "2024-10-08T00:00:00.000Z",
    "content": "EPSS Score for CVE-2024-4165",
    "object_refs": [
      "vulnerability--008cc7df-b92b-5753-9451-62a4588dccc1"
    ],
    "external_references": [
      {
        "source_name": "cve",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4165",
        "external_id": "CVE-2024-4165"
      }
    ],
    "object_marking_refs": [
      "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487",
      "marking-definition--562918ee-d5da-5579-b6a1-fae50cc6bad3"
    ],
    "extensions": {
      "extension-definition--efd26d23-d37d-5cf2-ac95-a101e46ce11d": {
        "extension_type": "toplevel-property-extension"
      }
    },
    "x_epss": {
      "date": "2024-10-08",
      "percentile": "0.163710000",
      "score": "0.000450000"
    },
    "_bundle_id": "bundle--1c60929d-3196-42d9-bf92-e4ea1d4f4c38",
    "_file_name": "epss-cves.json",
    "_stix2arango_note": "test_12_0_cve_epss",
    "_record_md5_hash": "51035a3bfca9aab533e4edea0ee215f0",
    "_is_latest": false,
    "_record_created": "2024-10-11T05:17:08.421163Z",
    "_record_modified": "2024-10-11T05:17:08.421163Z"
  },
  {
    "_key": "note--030ac571-6dab-5214-b0e3-0ee2c09e1ce5+2024-10-11T05:17:08.421187Z",
    "_id": "nvd_cve_vertex_collection/note--030ac571-6dab-5214-b0e3-0ee2c09e1ce5+2024-10-11T05:17:08.421187Z",
    "_rev": "_ilmAdCW---",
    "type": "note",
    "spec_version": "2.1",
    "id": "note--030ac571-6dab-5214-b0e3-0ee2c09e1ce5",
    "created_by_ref": "identity--562918ee-d5da-5579-b6a1-fae50cc6bad3",
    "created": "2024-05-26T18:15:08.547Z",
    "modified": "2024-10-08T00:00:00.000Z",
    "content": "EPSS Score for CVE-2024-5370",
    "object_refs": [
      "vulnerability--030ac571-6dab-5214-b0e3-0ee2c09e1ce5"
    ],
    "external_references": [
      {
        "source_name": "cve",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5370",
        "external_id": "CVE-2024-5370"
      }
    ],
    "object_marking_refs": [
      "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487",
      "marking-definition--562918ee-d5da-5579-b6a1-fae50cc6bad3"
    ],
    "extensions": {
      "extension-definition--efd26d23-d37d-5cf2-ac95-a101e46ce11d": {
        "extension_type": "toplevel-property-extension"
      }
    },
    "x_epss": {
      "date": "2024-10-08",
      "percentile": "0.163710000",
      "score": "0.000450000"
    },
    "_bundle_id": "bundle--1c60929d-3196-42d9-bf92-e4ea1d4f4c38",
    "_file_name": "epss-cves.json",
    "_stix2arango_note": "test_12_0_cve_epss",
    "_record_md5_hash": "46bc29abbdc13964302bae7603e679c9",
    "_is_latest": false,
    "_record_created": "2024-10-11T05:17:08.421187Z",
    "_record_modified": "2024-10-11T05:17:08.421187Z"
  },
  {
    "_key": "note--008cc7df-b92b-5753-9451-62a4588dccc1+2024-10-11T05:17:09.915608Z",
    "_id": "nvd_cve_vertex_collection/note--008cc7df-b92b-5753-9451-62a4588dccc1+2024-10-11T05:17:09.915608Z",
    "_rev": "_ilmAdCW--_",
    "type": "note",
    "spec_version": "2.1",
    "id": "note--008cc7df-b92b-5753-9451-62a4588dccc1",
    "created_by_ref": "identity--2e51a631-99d8-52a5-95a6-8314d3f4fbf3",
    "created": "2024-04-25T12:15:07.540Z",
    "modified": "2024-10-10T00:00:00.000Z",
    "content": "EPSS Score for CVE-2024-4165",
    "object_refs": [
      "vulnerability--008cc7df-b92b-5753-9451-62a4588dccc1"
    ],
    "external_references": [
      {
        "source_name": "cve",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4165",
        "external_id": "CVE-2024-4165"
      }
    ],
    "object_marking_refs": [
      "marking-definition--562918ee-d5da-5579-b6a1-fae50cc6bad3",
      "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487",
      "marking-definition--2e51a631-99d8-52a5-95a6-8314d3f4fbf3"
    ],
    "extensions": {
      "extension-definition--efd26d23-d37d-5cf2-ac95-a101e46ce11d": {
        "extension_type": "toplevel-property-extension"
      }
    },
    "x_epss": {
      "score": "0.000450000",
      "percentile": "0.163990000",
      "date": "2024-10-10"
    },
    "_arango_cti_processor_note": "cve-epss",
    "_record_md5_hash": "b837e1c1601a5b9c36bbca876b32d5d4",
    "_is_latest": true,
    "_record_created": "2024-10-11T05:17:09.915608Z",
    "_record_modified": "2024-10-11T05:17:09.915608Z"
  },
  {
    "_key": "note--030ac571-6dab-5214-b0e3-0ee2c09e1ce5+2024-10-11T05:17:09.915642Z",
    "_id": "nvd_cve_vertex_collection/note--030ac571-6dab-5214-b0e3-0ee2c09e1ce5+2024-10-11T05:17:09.915642Z",
    "_rev": "_ilmAdCW--A",
    "type": "note",
    "spec_version": "2.1",
    "id": "note--030ac571-6dab-5214-b0e3-0ee2c09e1ce5",
    "created_by_ref": "identity--2e51a631-99d8-52a5-95a6-8314d3f4fbf3",
    "created": "2024-05-26T18:15:08.547Z",
    "modified": "2024-10-10T00:00:00.000Z",
    "content": "EPSS Score for CVE-2024-5370",
    "object_refs": [
      "vulnerability--030ac571-6dab-5214-b0e3-0ee2c09e1ce5"
    ],
    "external_references": [
      {
        "source_name": "cve",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5370",
        "external_id": "CVE-2024-5370"
      }
    ],
    "object_marking_refs": [
      "marking-definition--562918ee-d5da-5579-b6a1-fae50cc6bad3",
      "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487",
      "marking-definition--2e51a631-99d8-52a5-95a6-8314d3f4fbf3"
    ],
    "extensions": {
      "extension-definition--efd26d23-d37d-5cf2-ac95-a101e46ce11d": {
        "extension_type": "toplevel-property-extension"
      }
    },
    "x_epss": {
      "score": "0.000450000",
      "percentile": "0.163990000",
      "date": "2024-10-10"
    },
    "_arango_cti_processor_note": "cve-epss",
    "_record_md5_hash": "90e3a22d04e94098c40c5b22389d9413",
    "_is_latest": true,
    "_record_created": "2024-10-11T05:17:09.915642Z",
    "_record_modified": "2024-10-11T05:17:09.915642Z"
  }
]

fqrious commented 3 days ago

arango_cti_processor is not built for this

fqrious commented 3 days ago

this requires structural change

himynamesdave commented 3 days ago

@fqrious can you explain more?

himynamesdave commented 10 hours ago

python3 -m unittest tests/test_12_0_cve_epss.py

see test 03 is failing.

The original date in the note exists, but the EPSS data for today (when test run) is not added to the note as expected

fqrious commented 5 hours ago

all the test cases are wrong

test 2

expected = 2 (2 for the CVEs with EPSS, nothing for the CVE with no EPSS)

all three objects have EPSS

test 3

fails because only 2 expected, same as above

test 4

fails because I used acp's identity in created_by_ref

muchdogesec / arango_cti_processor

cve-epss mode not returning correct results #31

test 2

test 3

test 4