nautobot · bminnix · Jun 4, 2024 · Aug 12, 2024 · Aug 12, 2024 · Aug 12, 2024
@@ -22,19 +22,20 @@ When creating a CVE object, the following fields are available. Fields in **bold
 | Fix | The software fix (if available) for the CVE |
 | Comments | Any additional comments or details about the CVE |
 | Tags | Arbitrary [tag objects](https://docs.nautobot.com/projects/core/en/stable/models/extras/tag/) that can be applied to this CVE |
+| Last Modified Date | The date that the CVE record was last modified |
 
 !!! note
     In addition to these standard fields, you can also add one or more [Custom Fields](https://docs.nautobot.com/projects/core/en/stable/models/extras/customfield/) to the model.
 
 ### Software Association
 
-As stated previously, you can associate a CVE to one or many [Software objects](./software_lifecycle.md#software-objects). These relationships will present themselves as breadcrumb links on each item's detail view.
+As stated previously, you can associate a CVE to one or many [Software objects](./software_lifecycle.md#software-objects). These relationships will present themselves as breadcrumb links on the CVE item's detail view, and as the "Related CVEs" tab on the Software item's detail view.
 
 Example of a breadcrumb link on a CVE item's view:
 
 ![](../images/lcm_cve_breadcrumb.png)
 
-Example of a breadcrumb link on a Software item's view:
+Example of the "Related CVEs" tab on a Software item's view:
 
 ![](../images/lcm_software_breadcrumb.png)
 
@@ -60,3 +61,42 @@ After a Vulnerability object has been generated, the CVE, Software, Device and I
     In addition to these standard fields, you can also add one or more [Custom Fields](https://docs.nautobot.com/projects/core/en/stable/models/extras/customfield/) to the model.
 
 As was stated previously, running the ``Generate Vulnerabilities`` Job will not modify (or delete) any existing Vulnerability objects - **even if the associations that existed previously no longer exist**. You do have the ability to delete one or more Vulnerability objects via the GUI or API. In addition to manually removing a Vulnerability, if any CVE, Software, Device or Inventory Item objects are removed, any Vulnerability objects that reference the deleted items will also be removed automatically.
+
+## Automated CVE Discovery via NIST API 2.0
+The NTC Nautobot Device Lifecycle Management app now supports automated CVE discovery via the NIST NVD API 2.0.  This feature is optional and can be enabled by obtaining an API key, updating the necessary Secret, and running the ``NIST - Software CVE Search`` Job. Continue reading for more information.
+
+### External Integration
+An External Integration must be created and configured in order to use the NIST NVD API for automatic software CVE discovery. On this note, the following is installed for you:
+
+- A new External Integration object named ``NAUTOBOT DLM NIST EXTERNAL INTEGRATION`` that allows you to control the following behaviors of the integration:
+    - ``api_call_delay``: A delay between API calls in seconds (default: 6).  NIST Recommends a minimum value of 6 to prevent overloading resources.
+    - ``retries``: Even with using a delay, the NIST API may return a 500 error.  The settings in this dictionary allows you to control the number of retries and backoff.
+        - ``max_attempts``: The maximum number of retry attempts (default: 3).
+        - ``backoff``: The backoff factor for the retry attempts (default: 2).  This is the multiplier for the delay between retries.
+- A new Secrets Group object named ``NAUTOBOT DLM NIST SECRETS GROUP`` used for access to the NIST API Key from the External Integration.
+- A new Secret object named ``NAUTOBOT DLM NIST API KEY``.  This object is created for you during setup with minimum defaults.  The Secret name must be exactly as above, but you will need to configure the Secret to properly access the NIST API Key.
+    - To obtain your NIST API Key go [here]('https://nvd.nist.gov/developers/request-an-api-key').
+
+NOTE: You may change the name of the External Integration or create your own using other configuration settings, but the SecretsGroup and Secret objects must be named as above.  The External Integration is selected when starting the Job run.
+
+
+### Run Job
+Automated discovery is used by running the ``NIST - Software CVE Search`` Job.
+
+To run this job, use the "Jobs" menu dropdown and navigate to the **CVE Tracking** section. The jobs will appear here and all you will need to do is click the play button in order to use the default External Integration[^1].  If you have configured additional Integrations, you may select the External Integration that you want to use.  **As stated previously, the name of the External Integration does not matter, but the External Integration must contain a SecretsGroup and Secret named as above**.
+
+![](../images/lcm_cve_nist_job.png)
+
+![](../images/lcm_cve_nist_job_run.png)
+
+The job output should indicate the softwares checked and the amount of CVEs received for that software, as well as the amount of CVEs created.  These will not always be the same.  New CVE will be created for software with existing CVE, also software will share CVEs.
+
+![](../images/lcm_cve_nist_job_log.png)
+
+[^1] Warning: If play button is grayed out. You will need to enable the job by clicking on edit button in the row and navigate to "Job" portion and click on "Enable"
+
+
+### Additional Notes:
+Due to the way vendor platform entries vary in NIST, some platforms may work without issue, others may not work so well (false positives/negatives).  Juniper JunOS is a great example and has a custom parser in netutils to handle this.
+
+If the platform you are attempting to gather information from does not work, a custom parser will likely be needed to build a proper NIST search URL.
@@ -750,6 +750,10 @@ class CVELCMFilterSet(NautobotFilterSet, StatusModelFilterSetMixin):  # , Custom
     published_date__gte = django_filters.DateFilter(field_name="published_date", lookup_expr="gte")
     published_date__lte = django_filters.DateFilter(field_name="published_date", lookup_expr="lte")
 
+    last_modified_date = django_filters.DateTimeFromToRangeFilter()
+    last_modified_date__gte = django_filters.DateFilter(field_name="last_modified_date", lookup_expr="gte")
+    last_modified_date__lte = django_filters.DateFilter(field_name="last_modified_date", lookup_expr="lte")
+
     cvss__gte = django_filters.NumberFilter(field_name="cvss", lookup_expr="gte")
     cvss__lte = django_filters.NumberFilter(field_name="cvss", lookup_expr="lte")
 

@@ -666,6 +666,7 @@ class CVELCMForm(NautobotModelForm):
     """CVE Lifecycle Management creation/edit form."""
 
     published_date = forms.DateField(widget=DatePicker())
+    last_modified_date = forms.DateField(widget=DatePicker(), required=False)
     severity = forms.ChoiceField(choices=CVESeverityChoices.CHOICES, label="Severity", required=False)
     tags = DynamicModelMultipleChoiceField(queryset=Tag.objects.all(), required=False)
     affected_softwares = DynamicModelMultipleChoiceField(queryset=SoftwareVersion.objects.all(), required=False)
@@ -679,6 +680,7 @@ class Meta:
 
         widgets = {
             "published_date": DatePicker(),
+            "last_modified_date": DatePicker(),
         }
 
 
@@ -722,6 +724,9 @@ class CVELCMFilterForm(NautobotFilterForm):
     published_date_before = forms.DateField(label="Published Date Before", required=False, widget=DatePicker())
     published_date_after = forms.DateField(label="Published Date After", required=False, widget=DatePicker())
 
+    last_modified_date_before = forms.DateField(label="Last Modified Date Before", required=False, widget=DatePicker())
+    last_modified_date_after = forms.DateField(label="Last Modified Date After", required=False, widget=DatePicker())
+
     cvss__gte = forms.FloatField(label="CVSS Score Above", required=False)
     cvss__lte = forms.FloatField(label="CVSS Score Below", required=False)
 
@@ -755,6 +760,8 @@ class Meta:
             "q",
             "published_date_before",
             "published_date_after",
+            "last_modified_date_before",
+            "last_modified_date_after",
             "severity",
             "status",
             "affected_softwares",

@@ -2,7 +2,7 @@
 
 from nautobot.core.celery import register_jobs
 
-from .cve_tracking import GenerateVulnerabilities
+from .cve_tracking import GenerateVulnerabilities, NistCveSyncSoftware
 from .lifecycle_reporting import (
     DeviceHardwareNoticeFullReport,
     DeviceSoftwareValidationFullReport,
@@ -14,5 +14,6 @@
     DeviceSoftwareValidationFullReport,
     InventoryItemSoftwareValidationFullReport,
     GenerateVulnerabilities,
+    NistCveSyncSoftware,
 ]
 register_jobs(*jobs)