search

ornl-sava / nv

Nessus Vulnerability visualization for the web
http://ornl-sava.github.io/nv/
Other
31 stars 6 forks source link

Update vulnIds.json -- out of date #15

Open codementum opened 8 years ago

codementum commented 8 years ago

https://github.com/ajmokotoff/nv/blob/master/source/data/vulnIDs.json

@jgoodall Do you remember anything about how we pulled these? @ajmokotoff has a working parser for v2 but our vulnerability ids are out of date

jgoodall commented 8 years ago

Wow, no - it has been too long, I don't remember. I imagine it probably came from nvd, but they only have xml. Is the number that is from the nessus file the CVE ID?

On Apr 25, 2016, at 5:34 PM, Lane Harrison notifications@github.com<mailto:notifications@github.com> wrote:

https://github.com/ajmokotoff/nv/blob/master/source/data/vulnIDs.json

@jgoodallhttps://github.com/jgoodall Do you remember anything about how we pulled these? @ajmokotoffhttps://github.com/ajmokotoff has a working parser for v2 but our vulnerability ids are out of date

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHubhttps://github.com/ornl-sava/nv/issues/15

John Goodall | jgoodall@ornl.govmailto:jgoodall@ornl.gov | (865) 446-0611 Team Lead, Situation Awareness and Visual Analytics team Cyber & Information Security Research group Oak Ridge National Laboratory

codementum commented 8 years ago

I think there was a script that pulled a subset from Tenable. The data we have lines up with theirs, at least.

So, thinking longer term, we need to move to something more neutral if we want to support more than just Nessus v2.

Maybe the CVE csv here? https://cve.mitre.org/data/downloads/

It's large, though, so we'll need to figure out a way to scale.

jgoodall commented 8 years ago

I just came across an open source scanner vuls. Would be cool to support that.

I don't even remember - did Riley do that part of it?

On Apr 28, 2016, at 7:21 PM, Lane Harrison notifications@github.com<mailto:notifications@github.com> wrote:

I think there was a script that pulled a subset from Tenable. The data we have lines up with theirs, at least.

So, thinking longer term, we need to move to something more neutral if we want to support more than just Nessus v2.

Maybe the CVE csv here? https://cve.mitre.org/data/downloads/

It's large, though, so we'll need to figure out a way to scale.

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHubhttps://github.com/ornl-sava/nv/issues/15#issuecomment-215590937

John Goodall | jgoodall@ornl.govmailto:jgoodall@ornl.gov | (865) 446-0611 Team Lead, Situation Awareness and Visual Analytics team Cyber & Information Security Research group Oak Ridge National Laboratory