NOTE: This Intelligence card extension has been suspended. The vulnDB API endpoints upon which this extension depends have changed and/or been deprecated by RBS; further information on how to make this integration compatible with the new API has not been provided to Recorded Future.
This article describes the Intelligence Card Extension for RiskBased Security's VulnDB.
Introduction
Risk Based Security (RBS) offers VulnDB - an API endpoint that offers comprehensive vulnerability intelligence through a continuously updated data feed. Based on the largest and most comprehensive vulnerability database, VulnDB allows organizations to poll for the latest in software security vulnerability information.
The extension is available for vulnerability intelligence cards. To use this extension you need a Client Secret Key and Client ID which can be obtained from VulnDB. This is done from the API menu item in the VulnDB portal - select the "register a new application" button under the list of OAuth applications (the list might be empty if no applications have been registered before). When asked for the application url, type in "https://app.recordedfuture.com"
Please also see the Getting Started With Intelligence Card Extensions page if you're interested in enabling this extension.
Extending Vulnerability Cards
The RBS extension will retrieve information from VulnDB for a given vulnerability. Key elements include
- vulnDB ID
- vulnerability Title
- disclosure date
- vulnerability descriptions (general, technical and solution)
- CVSS metrics
- Vendors
- NVD info
- Classifications (of different aspects of the vulnerability)
- Link to the RBS webportal
Below is an example of the RBS extension response for CVE-2017-8804:
Another example for CVE-2017-0199:
For more information on Risk Based Security's VulnDB visit: https://vulndb.cyberriskanalytics.com/