From 4650e8dd0b553205866756eb38985b1bb54e25a1 Mon Sep 17 00:00:00 2001 From: Raymond <74218035+security-penguin@users.noreply.github.com> Date: Sat, 18 Jan 2025 16:46:50 +1100 Subject: [PATCH 1/2] Fix for updating existing vulnerabilities 80 and 100 are the same confidence level (1- Confirmed by other sources) but if the score is already at 100 the hardcoded 80 prevents the object being updated. Passing the update=True is also required to update existing vulnerabilities, otherwise this connector has to create the vulnerability and won't update exisiting vulnerabilities. --- .../cisa-known-exploited-vulnerabilities/src/main.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/external-import/cisa-known-exploited-vulnerabilities/src/main.py b/external-import/cisa-known-exploited-vulnerabilities/src/main.py index 4d1d6ac587..c0a6c08ca8 100644 --- a/external-import/cisa-known-exploited-vulnerabilities/src/main.py +++ b/external-import/cisa-known-exploited-vulnerabilities/src/main.py @@ -156,7 +156,7 @@ def build_bundle(self, data): description=f"{description}", created_by_ref=self.created_by_stix["id"], created=f"{created}", - confidence=80 if description is not None and len(description) > 0 else 50, + confidence=100 if description is not None and len(description) > 0 else 50, object_marking_refs=[f"{marking_id}"], custom_properties={"x_opencti_cisa_kev": True}, ) @@ -320,6 +320,7 @@ def send_bundle(self, work_id: str, serialized_bundle: str) -> None: self.helper.send_stix2_bundle( serialized_bundle, work_id=work_id, + update=True ) except Exception as e: self.helper.log_error(f"Error while sending bundle: {e}") From a459aa4f21481133dd76b876da9ba32901cb8faa Mon Sep 17 00:00:00 2001 From: Raymond <74218035+security-penguin@users.noreply.github.com> Date: Tue, 21 Jan 2025 15:51:07 +1100 Subject: [PATCH 2/2] Added flag for update and fixed formating --- .../src/config.yml.sample | 3 ++- .../cisa-known-exploited-vulnerabilities/src/main.py | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/external-import/cisa-known-exploited-vulnerabilities/src/config.yml.sample b/external-import/cisa-known-exploited-vulnerabilities/src/config.yml.sample index fe7e55ea18..844cd2c0a2 100644 --- a/external-import/cisa-known-exploited-vulnerabilities/src/config.yml.sample +++ b/external-import/cisa-known-exploited-vulnerabilities/src/config.yml.sample @@ -14,4 +14,5 @@ connector: cisa: catalog_url: 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json' create_infrastructures: false - tlp: 'TLP:CLEAR' \ No newline at end of file + tlp: 'TLP:CLEAR' + update_existing: true \ No newline at end of file diff --git a/external-import/cisa-known-exploited-vulnerabilities/src/main.py b/external-import/cisa-known-exploited-vulnerabilities/src/main.py index c0a6c08ca8..1f72a7c3e6 100644 --- a/external-import/cisa-known-exploited-vulnerabilities/src/main.py +++ b/external-import/cisa-known-exploited-vulnerabilities/src/main.py @@ -61,7 +61,9 @@ def __init__(self): self.cisa_interval = get_config_variable( "CISA_INTERVAL", ["cisa", "interval"], config, default=7 ) - + self.update_exisiting = get_config_variable( + "CISA_UPDATE_EXISTING", ["cisa", "update_exisiting"], config, default=True + ) self.created_by_stix = None self.tlp_marking = None self.org = "Cybersecurity and Infrastructure Security Agency" @@ -318,9 +320,7 @@ def run(self): def send_bundle(self, work_id: str, serialized_bundle: str) -> None: try: self.helper.send_stix2_bundle( - serialized_bundle, - work_id=work_id, - update=True + serialized_bundle, work_id=work_id, update=self.update_exisiting ) except Exception as e: self.helper.log_error(f"Error while sending bundle: {e}")