Add importer for CSAF
Rafiot opened this issue · 4 comments
Rafiot commented
The instrumentation is there -> https://oasis-open.github.io/csaf-documentation/tools.html which comes with a downloader: https://github.com/csaf-poc/csaf_distribution/blob/main/docs/csaf_downloader.md
One sample source is there: https://wid.cert-bund.de/.well-known/csaf/provider-metadata.json
So the goal will be to fetch from a provider, store them locally and add an importer in vuln lookup.
Rafiot commented
Notes for CSAF importer:
-
csaf_downloader work fine for domains that have a
provider-metadata.json
-
there is no obvious way to tell the downloader "only get new stuff since last time you ran" the hacky solution is (initial import):
- to fetch the
provider-metadata.json
- get the
last_updated
key - store that in kvrocks
last_updates
hash - run
csaf_downloader
& wait for a long time
Then, for updates:
- get the last update from the
last_updates
hash - Throw that in the timerange option
- get only the updated entries
- Then, maybe use the log file to find the updated entries, or just re-iterate over all the files.
- to fetch the
adulau commented
Some additional CSAF sources
adulau commented
- https://www.cisco.com/.well-known/csaf
- https://wid.cert-bund.de/.well-known/csaf-aggregator/aggregator.json (listed some more CSAF feed)