4.0 KiB
CVE Tracking & NVD Sync Guide
Overview
The Home page (CVE Management) is where you track individual CVEs across vendors, store supporting documentation, and link Archer risk acceptance tickets. It serves as the reference library for all vulnerability research and evidence.
Adding a CVE
- Click "Add CVE" on the Home page
- Enter the CVE ID (format: CVE-YYYY-NNNNN, e.g., CVE-2024-6387)
- Click the NVD lookup button to auto-populate fields from the National Vulnerability Database:
- Description
- Severity (Critical, High, Medium, Low)
- Published date
- Select or type the Vendor/Platform (e.g., Cisco, Juniper, ADTRAN)
- Review and adjust any fields as needed
- Click Save
NVD Auto-Population
The NVD lookup queries the NIST NVD 2.0 API and extracts:
- English description
- CVSS severity using a cascade: v3.1 → v3.0 → v2.0
- Published date
If the NVD API is rate-limited (429 response), wait a few seconds and try again. Having an NVD API key configured in the backend .env file increases the rate limit.
CVE Details
Each CVE entry tracks:
| Field | Description |
|---|---|
| CVE ID | The CVE identifier (e.g., CVE-2024-6387) |
| Vendor | The affected vendor/platform |
| Severity | Critical, High, Medium, or Low |
| Description | Vulnerability description (from NVD or manual entry) |
| Published Date | When the CVE was published |
| Status | Open, In Progress, Addressed, or Resolved |
Document Storage
Each CVE/vendor pair can have supporting documents attached. These serve as evidence for FP workflows, Archer tickets, and audit purposes.
Uploading Documents
- Open a CVE entry
- Click "Upload Document"
- Select the file (max 10 MB)
- Documents are stored in
uploads/cves/{cveId}/{vendor}/on the server
Document Types
- Advisory — vendor security advisories
- Email — vendor communications or support ticket responses
- Screenshot — device screenshots showing version info
- Patch — patch notes or release documentation
- Other — any other supporting evidence
Why Store Documents Here?
Documents uploaded to CVE entries can be reused across multiple FP workflows. When an FP expires and needs renewal, the evidence is already in the dashboard rather than having to track it down again.
Archer Ticket Tracking
Archer risk acceptance tickets (EXC-XXXXX) are linked to CVE/vendor pairs.
Adding an Archer Ticket
- Open a CVE entry
- Click "Add Archer Ticket"
- Enter the EXC number (e.g., EXC-12345)
- Optionally add the Archer URL and status
EXC Badge Integration
Once an EXC number is entered:
- An EXC badge appears on the CVE card on the Home page
- Clicking the badge navigates to the Reporting page pre-filtered to findings with that EXC number in their notes
- The Action Coverage chart on the Reporting page classifies findings with EXC numbers as "Archer Exception"
Vendor Tracking
CVEs can be tracked across multiple vendors. Each CVE/vendor combination is a separate entry, allowing you to:
- Track different remediation statuses per vendor
- Store vendor-specific documentation
- Link different Archer tickets per vendor
Editing CVEs
- Click the edit icon on a CVE card
- Modify any fields
- Use the NVD lookup button to refresh data from NVD if needed
- Click Save
Quick Check
The Quick Check feature on the Home page lets you look up a CVE ID without adding it to the database:
- Type a CVE ID in the Quick Check field
- Press Enter — the NVD data is fetched and displayed
- If you want to track it, click "Add CVE" to create an entry
Tips
- Always upload screenshots and vendor advisories to the CVE entry before submitting an FP workflow — reviewers may ask for this evidence
- Use the status field to track progress: Open → In Progress → Addressed → Resolved
- Link Archer EXC numbers as soon as the ticket is created — this updates the Action Coverage chart immediately
- The search bar on the Home page searches across CVE ID, vendor, and description
- Filter by vendor or severity using the dropdowns to focus on specific areas