Hello, what is the easiest way to search for CVE IDs in bulk? For example, I have a list of 140+ CVEs for Node.js. I want to see if any of these CVEs are present in my organization. I am aware of how to run a CVE-ID “IS” boolean search in the dynamic asset group builder but there must be another do search for all of these CVEs in bulk, right?
The easiest way to search for the CVEs in bulk would most likely be to use the API and either write a script to check OR use something like postman which would take a csv as input and do a run job to do the same query 140 times just swapping out the CVE every time. Alternatively you could do roughly the same thing with the API to build out a Dynamic Asset Group or Saved Query I assume though I don’t actually know off the top of my head what the upper limit is for the amount of items you can put into one search.
Other than that, there’s no easy way to pass a large list like that into InsightVM. An alternative may be to do an SQL query and do something like
SELECT *
FROM dim_vulnerability
WHERE title LIKE '%node%'
There is a column “nexpose_id” that would contain the CVEs. You could take that sql output and compare the column with that of your other list of CVEs after doing a little excel magic to remove the sources from our nexpose id line.