Comments (4)
Using the MSRC API you get the productname and its CVE.
Using additional code, you can then visit for example https://nvd.nist.gov/vuln/detail/CVE-2021-1675 and parse the page to extract CPE.
NIST may also have an API to match the product name to its CPE format.
from msrc-microsoft-security-updates-api.
We want to correlate the CVE/CPE from NIST, with the CVE/ProductName from the CVRF API, because scanning tools report CVE & Installed CPE's, and we want to calculate the KB specific to the product to apply to the devices. Fuzzy matching the product name isn't yielding the best result. For example, values like "Service Pack 1" vs "SP1".
I see some of the other vendors have included CPE values as separate fields in the XLM/JSON, which works well for us.
Can you at least comma separate the segments for product, vendor, version and anything else, in the full product name?
from msrc-microsoft-security-updates-api.
up ? We are also interested having CPE in the MSRC update json files
Thnks !
from msrc-microsoft-security-updates-api.
hi, do you find any approach to match
product name VS CPE
Microsoft Exchange Server 2016 Cumulative Update 17 VS
cpe:2.3
from msrc-microsoft-security-updates-api.
Related Issues (20)
- Azure Automation is freezing if this module is used HOT 2
- Incorrect supercedence chain in several cases
- Get-MsrcCvrfDocument -ID 2022-Jan not returning expected results HOT 1
- https://api.msrc.microsoft.com/cvrf/v2.0/swagger/index returning 503 HOT 1
- APIs in python HOT 4
- Get-MsrcSecurityUpdate gives InternalServerError HOT 3
- This repo is missing important files HOT 1
- URL to get KB details https://support.microsoft.com/app/content/api/content/help/en-us/5018410 no longer working HOT 1
- Regarding https://api.msrc.microsoft.com/sug/v2.0/ HOT 2
- Servicing stack update SSUs missing from MSRC KB5011570 HOT 1
- Me
- April updates is showing January updates for this release as well HOT 1
- KB5022303 Listed as Remediation for Windows Server 2022 HOT 1
- CVE to KB mapping, revised date HOT 1
- Sept 12th after release, API didn't return full set of MSRC data HOT 3
- Provide an API to get the CVRF for a single CVE (previously worked in old portal site)
- Contradiction between two NTLM documents in "doc.microsoft.com".
- Need to fix the URL created HOT 2
- Microsoft Docs: Bookmarks option and Collection total percentage gone HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from msrc-microsoft-security-updates-api.