Document toolboxDocument toolbox

vuln.nist

Introduction

The tags beginning with vuln.nist identify events generated by Nist as part of the National Vulnerability Database.

Valid tags and data tables 

The full tag must have two levels. The first two are fixed as vuln.nist. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Nist

vuln.nist.cve.db

vuln.nist.cve.db

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

Field name

Type

Extra fields

Field transformation

Source field name

Field name

Type

Extra fields

Field transformation

Source field name

eventdate

timestamp

 

 

 

host

str

 

split(hostchain, "=", 0)

hostchain

cve

str

 

 

 

cpe

str

 

 

 

cvss

str

 

 

 

access_complexity

str

 

 

 

access_vector

str

 

 

 

access_authentication

str

 

 

 

impact_integrity

str

 

 

 

impact_confidentiality

str

 

 

 

impact_availability

str

 

 

 

cwe

str

 

 

 

description

str

 

 

 

message

str

 

 

rawMessage

hostchain

str

✓ 

 

 

tag

str

✓ 

 

 

rawMessage

str

✓ 

 

 

Â