/CVE-to-EIQ

Feed parser for converting CVE information into EIQ reports

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

Introduction

CVE-to-EIQ is a simple Python script that will collect CVEs from a timewindow and import them as reports into EclecticIQ

For configuration options, refer to the README.md in the config/ directory.

Requirements

  • Python 3 (uses 'requests', 'urllib3', 'datetime')
  • EIQlib module from Sebastiaan Groot (eiqjson.py and eiqcalls.py)
  • An EclecticIQ account (user+pass) and EIQ 'Source' token

Getting started

  • Clone the repository
  • Rename settings.py.sample file in the config/ directory to settings.py and update settings accordingly.
  • Run ./cve_to_eiq.py -h for help/options

Options

Running ./cve_to_eiq.py with -h will display help:

-v / --verbose will display progress/error info
-s / --simulate do not actually ingest anything into EclecticIQ, just pretend (useful with -v)
-d / --duplicate do not update the existing entity in EclecticIQ, but create duplicates (default: disabled)

Copyright

(c) 2020 Arnim Eijkhoudt and Sebastiaan Groot (for his great EIQ lib / submodule)

This software is GPLv3 licensed, except where otherwise indicated.