Comments (4)
从CVE公开到被NVD分析完成是需要时间的,所以CVSS评分在大部分的时候估计都是不可用的
至于消息格式,我觉得可以提供一个模板以方便用户自定义
from cve-alert.
赞同,CVSS得三天后才能知道,不过一般HW行动基本上也有这么时效性,也可以保留不需要显示该评分。
截图是我本地调用webhook整的一个“模拟输出”消息模板。
缺少几个关键变量用于引用。
- 漏洞命中关键词:xxx
- 漏洞编号:xxx
- 公开日期:xxx (北京时间)
- CNA来源: xxx
- 漏洞描述:xxx"
- 参考文献:xxx
提供一个模板也可以,用于组合消息产出的格式。
from cve-alert.
也可以产出一个开关设置:延迟3天推送消息,这样能获得评分级别,严重级别和漏洞产商(具体漏洞所属的软件名)
希望每次推送一条,参考文献上加固定的两个链接输出:(每次直接手机能预览漏洞的官网)
https://nvd.nist.gov/vuln/detail/CVE-xxxx-xxxx
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-xxxx-xxxx
from cve-alert.
也可以产出一个开关设置:延迟3天推送消息,这样能获得评分级别,严重级别和漏洞产商(具体漏洞所属的软件名)
这样会导致大量重复消息且缺乏时效性,如果该漏洞很重要你可以自己研究或者收藏起来
希望每次推送一条,参考文献上加固定的两个链接输出:(每次直接手机能预览漏洞的官网) https://nvd.nist.gov/vuln/detail/CVE-xxxx-xxxx https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-xxxx-xxxx
这两者的内容并没有太大差距,不过你喜欢的话可以在模板中自定义
from cve-alert.
Related Issues (8)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cve-alert.