CVE Tracking System Expert Эксперт по отслеживанию уязвимостей и управлению безопасностью. Core Competencies CVE Management CVE database monitoring CVSS scoring interpretation Vulnerability prioritization NVD/MITRE integration Vulnerability Workflow Triage и assessment Remediation planning Patch management Verification testing Compliance & Reporting Security advisories Audit reporting SLA tracking Executive dashboards CVE Data Standards CVE ID Format CVE-YYYY-NNNNN │ │ │ │ │ └─ Sequential number (4-7 digits) │ └────── Year of assignment └─────────── Prefix CVSS v3.1 Metrics Base Score (0-10) : Attack Vector (AV) : - Network (N) : 0.85 - Adjacent (A) : 0.62 - Local (L) : 0.55 - Physical (P) : 0.20 Attack Complexity (AC) : - Low (L) : 0.77 - High (H) : 0.44 Privileges Required (PR) : - None (N) : 0.85 - Low (L) : 0.62/0.68 - High (H) : 0.27/0.50 User Interaction (UI) : - None (N) : 0.85 - Required (R) : 0.62 Scope (S) : - Unchanged (U) - Changed (C) Impact (CIA) : - Confidentiality : None/Low/High - Integrity : None/Low/High - Availability : None/Low/High Severity Levels Score Rating Color 9.0-10.0 Critical Red 7.0-8.9 High Orange 4.0-6.9 Medium Yellow 0.1-3.9 Low Green 0.0 None Gray NVD API Integration import requests from datetime import datetime , timedelta class NVDClient : BASE_URL = "https://services.nvd.nist.gov/rest/json/cves/2.0" def init ( self , api_key : str = None ) : self . api_key = api_key self . headers = { "apiKey" : api_key } if api_key else { } def get_recent_cves ( self , days : int = 7 ) -

list : """Fetch CVEs from the last N days.""" end_date = datetime . utcnow ( ) start_date = end_date - timedelta ( days = days ) params = { "pubStartDate" : start_date . strftime ( "%Y-%m-%dT%H:%M:%S.000" ) , "pubEndDate" : end_date . strftime ( "%Y-%m-%dT%H:%M:%S.000" ) } response = requests . get ( self . BASE_URL , params = params , headers = self . headers ) response . raise_for_status ( ) return self . _parse_cves ( response . json ( ) ) def search_by_keyword ( self , keyword : str ) -

list : """Search CVEs by keyword.""" params = { "keywordSearch" : keyword } response = requests . get ( self . BASE_URL , params = params , headers = self . headers ) return self . _parse_cves ( response . json ( ) ) def get_by_cpe ( self , cpe : str ) -

list : """Get CVEs affecting a specific CPE.""" params = { "cpeName" : cpe } response = requests . get ( self . BASE_URL , params = params , headers = self . headers ) return self . _parse_cves ( response . json ( ) ) def _parse_cves ( self , data : dict ) -

list : """Parse NVD response into structured CVE objects.""" cves = [ ] for item in data . get ( "vulnerabilities" , [ ] ) : cve = item . get ( "cve" , { } ) cves . append ( { "id" : cve . get ( "id" ) , "published" : cve . get ( "published" ) , "description" : self . _get_description ( cve ) , "cvss" : self . _get_cvss ( cve ) , "affected_products" : self . _get_cpe ( cve ) } ) return cves def _get_description ( self , cve : dict ) -

str : descriptions = cve . get ( "descriptions" , [ ] ) for desc in descriptions : if desc . get ( "lang" ) == "en" : return desc . get ( "value" , "" ) return "" def _get_cvss ( self , cve : dict ) -

dict : metrics = cve . get ( "metrics" , { } ) if "cvssMetricV31" in metrics : return metrics [ "cvssMetricV31" ] [ 0 ] [ "cvssData" ] if "cvssMetricV30" in metrics : return metrics [ "cvssMetricV30" ] [ 0 ] [ "cvssData" ] return { } CVSS Calculator class CVSSCalculator : """CVSS v3.1 Base Score Calculator.""" WEIGHTS = { "AV" : { "N" : 0.85 , "A" : 0.62 , "L" : 0.55 , "P" : 0.20 } , "AC" : { "L" : 0.77 , "H" : 0.44 } , "PR" : { "U" : { "N" : 0.85 , "L" : 0.62 , "H" : 0.27 } , "C" : { "N" : 0.85 , "L" : 0.68 , "H" : 0.50 } } , "UI" : { "N" : 0.85 , "R" : 0.62 } , "C" : { "H" : 0.56 , "L" : 0.22 , "N" : 0 } , "I" : { "H" : 0.56 , "L" : 0.22 , "N" : 0 } , "A" : { "H" : 0.56 , "L" : 0.22 , "N" : 0 } } def calculate ( self , vector : dict ) -

dict : """Calculate CVSS score from vector components.""" scope = vector . get ( "S" , "U" )

Impact Sub Score

isc_base

1

( ( 1 - self . WEIGHTS [ "C" ] [ vector [ "C" ] ] ) * ( 1 - self . WEIGHTS [ "I" ] [ vector [ "I" ] ] ) * ( 1 - self . WEIGHTS [ "A" ] [ vector [ "A" ] ] ) ) if scope == "U" : impact = 6.42 * isc_base else : impact = 7.52 * ( isc_base - 0.029 ) - 3.25 * pow ( isc_base - 0.02 , 15 )

Exploitability Sub Score

exploitability

( 8.22 * self . WEIGHTS [ "AV" ] [ vector [ "AV" ] ] * self . WEIGHTS [ "AC" ] [ vector [ "AC" ] ] * self . WEIGHTS [ "PR" ] [ scope ] [ vector [ "PR" ] ] * self . WEIGHTS [ "UI" ] [ vector [ "UI" ] ] )

Base Score

if impact <= 0 : base_score = 0 elif scope == "U" : base_score = min ( impact + exploitability , 10 ) else : base_score = min ( 1.08 * ( impact + exploitability ) , 10 ) return { "base_score" : round ( base_score , 1 ) , "impact" : round ( impact , 1 ) , "exploitability" : round ( exploitability , 1 ) , "severity" : self . _get_severity ( base_score ) } def _get_severity ( self , score : float ) -

str : if score = 9.0 : return "CRITICAL" if score = 7.0 : return "HIGH" if score = 4.0 : return "MEDIUM" if score

0 : return "LOW" return "NONE" Asset Inventory & CPE Matching class AssetInventory : """Track software assets and match against CVEs.""" def init ( self ) : self . assets = [ ] def add_asset ( self , asset : dict ) : """Add software asset to inventory.""" self . assets . append ( { "name" : asset [ "name" ] , "vendor" : asset [ "vendor" ] , "version" : asset [ "version" ] , "cpe" : self . _generate_cpe ( asset ) , "criticality" : asset . get ( "criticality" , "medium" ) , "environment" : asset . get ( "environment" , "production" ) } ) def _generate_cpe ( self , asset : dict ) -

str : """Generate CPE 2.3 string for asset.""" return f"cpe:2.3:a: { asset [ 'vendor' ] } : { asset [ 'name' ] } : { asset [ 'version' ] } :::::::*" def find_affected ( self , cve_cpes : list ) -

list : """Find assets affected by CVE.""" affected = [ ] for asset in self . assets : for cve_cpe in cve_cpes : if self . _cpe_matches ( asset [ "cpe" ] , cve_cpe ) : affected . append ( asset ) break return affected def _cpe_matches ( self , asset_cpe : str , cve_cpe : str ) -

bool : """Check if asset CPE matches CVE CPE pattern.""" asset_parts = asset_cpe . split ( ":" ) cve_parts = cve_cpe . split ( ":" ) for i , ( a , c ) in enumerate ( zip ( asset_parts , cve_parts ) ) : if c == "*" : continue if a != c : return False return True Vulnerability Workflow Auto-Triage System class VulnerabilityTriage : """Automated vulnerability triage based on risk factors.""" SLA = { "CRITICAL" : { "response" : 24 , "remediation" : 72 } , "HIGH" : { "response" : 48 , "remediation" : 168 } , "MEDIUM" : { "response" : 168 , "remediation" : 720 } , "LOW" : { "response" : 720 , "remediation" : 2160 } } def calculate_priority ( self , vuln : dict , asset : dict ) -

dict : """Calculate priority score for vulnerability.""" base_score = vuln . get ( "cvss_score" , 5.0 )

Adjust for asset criticality

criticality_multiplier

{ "critical" : 1.5 , "high" : 1.2 , "medium" : 1.0 , "low" : 0.8 } adjusted_score = base_score * criticality_multiplier . get ( asset . get ( "criticality" , "medium" ) , 1.0 )

Adjust for exploit availability

if vuln . get ( "exploit_available" ) : adjusted_score *= 1.3

Adjust for internet exposure

if asset . get ( "internet_facing" ) : adjusted_score *= 1.2

Cap at 10

adjusted_score

min ( adjusted_score , 10.0 ) severity = self . _get_severity ( adjusted_score ) return { "priority_score" : round ( adjusted_score , 1 ) , "severity" : severity , "sla_response_hours" : self . SLA [ severity ] [ "response" ] , "sla_remediation_hours" : self . SLA [ severity ] [ "remediation" ] } def _get_severity ( self , score : float ) -

str : if score = 9.0 : return "CRITICAL" if score = 7.0 : return "HIGH" if score = 4.0 : return "MEDIUM" return "LOW" Compliance Reporting Executive Dashboard Data def generate_executive_summary ( vulnerabilities : list ) -

dict : """Generate executive summary metrics.""" total = len ( vulnerabilities ) by_severity = { "CRITICAL" : 0 , "HIGH" : 0 , "MEDIUM" : 0 , "LOW" : 0 } sla_breaches = 0 remediated_count = 0 avg_remediation_time = 0 for vuln in vulnerabilities : by_severity [ vuln [ "severity" ] ] += 1 if vuln . get ( "status" ) == "remediated" : remediated_count += 1 avg_remediation_time += vuln . get ( "remediation_hours" , 0 ) if vuln . get ( "sla_breached" ) : sla_breaches += 1 if remediated_count

0 : avg_remediation_time /= remediated_count return { "total_vulnerabilities" : total , "by_severity" : by_severity , "sla_compliance_rate" : round ( ( 1 - sla_breaches / total ) * 100 , 1 ) if total

0 else 100 , "remediation_rate" : round ( remediated_count / total * 100 , 1 ) if total

0 else 0 , "avg_remediation_hours" : round ( avg_remediation_time , 1 ) , "critical_open" : by_severity [ "CRITICAL" ] , "high_open" : by_severity [ "HIGH" ] } Compliance Framework Mapping NIST Cybersecurity Framework : ID.RA-1 : Asset vulnerabilities identified ID.RA-2 : Threat intelligence received PR.IP-12 : Vulnerability management plan DE.CM-8 : Vulnerability scans performed RS.MI-3 : Vulnerabilities mitigated ISO 27001 : A.12.6.1 : Technical vulnerability management A.18.2.3 : Technical compliance review SOC 2 : CC7.1 : Vulnerability management procedures CC7.2 : Security event monitoring PCI DSS : 6.1 : Vulnerability identification process 6.2 : Security patches installation 11.2 : Quarterly vulnerability scans Integration Patterns SIEM Integration : - Forward high/critical alerts - Enrich events with CVE data - Automated incident creation Ticketing Systems : - Auto - create tickets for new vulns - Track remediation progress - SLA monitoring CI/CD Pipeline : - Pre - deployment vulnerability check - Block deployments with critical CVEs - Automated dependency updates Notification : - Slack : Critical alerts - Email : Daily/weekly summaries - PagerDuty : SLA breaches Best Practices Data Quality : - Deduplicate findings - Validate against authoritative sources - Enrich with threat intelligence - Track remediation history Performance : - Incremental updates (not full sync) - Batch processing for analysis - Cache CVSS calculations - Index by CPE for fast matching Security : - API rate limiting - Data encryption at rest - Role - based access control - Audit logging Лучшие практики Prioritize by risk — не все CVEs равны, учитывайте контекст Automate triage — автоматизируйте рутинную классификацию Track SLAs — мониторьте время реагирования Integrate everywhere — связывайте с CI/CD, ticketing, SIEM Report to executives — регулярные отчёты руководству Continuous monitoring — не только periodic scans