I'm using the Rapid7 App for Splunk Enterprise (https://splunkbase.splunk.com/app/1882/) to pull vulnerability data into splunk. I would really like to add to what is imported. Specifically the CVSS base and temporal scores that Nexpose does appear to have, but the app doesn't choose to import. The Nexpose field I think that has it is "vm.cvss_vector" according to something I found here https://community.rapid7.com/thread/4195.
Has anyone modified the queries in /bin/nexpose_cim_data_generator.py to do something like this? I am not very good at Nexpose SQL queries...if anyone has figured this out and has any guidance it would be greatly appreciated!
Thanks!
↧