{"id":23106007,"url":"https://github.com/muchdogesec/arango_cve_processor","last_synced_at":"2025-07-06T14:05:26.662Z","repository":{"id":267429690,"uuid":"894478832","full_name":"muchdogesec/arango_cve_processor","owner":"muchdogesec","description":"A small python script that enriches Vulnerability STIX Objects with other intel","archived":false,"fork":false,"pushed_at":"2025-07-01T05:14:42.000Z","size":468,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-07-01T06:24:56.531Z","etag":null,"topics":["capec","cpe","cve","cwe","mitre-attack","nvd","stix2","vulnerability"],"latest_commit_sha":null,"homepage":"https://www.dogesec.com/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/muchdogesec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-11-26T12:31:26.000Z","updated_at":"2025-07-01T05:14:34.000Z","dependencies_parsed_at":"2024-12-10T10:19:40.155Z","dependency_job_id":"4c0645e6-d31c-414c-978f-4dfb616f5586","html_url":"https://github.com/muchdogesec/arango_cve_processor","commit_stats":null,"previous_names":["muchdogesec/arango_cve_processor"],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/muchdogesec/arango_cve_processor","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muchdogesec%2Farango_cve_processor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muchdogesec%2Farango_cve_processor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muchdogesec%2Farango_cve_processor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muchdogesec%2Farango_cve_processor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/muchdogesec","download_url":"https://codeload.github.com/muchdogesec/arango_cve_processor/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muchdogesec%2Farango_cve_processor/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263360927,"owners_count":23454816,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["capec","cpe","cve","cwe","mitre-attack","nvd","stix2","vulnerability"],"created_at":"2024-12-17T00:56:27.353Z","updated_at":"2025-07-06T14:05:26.624Z","avatar_url":"https://github.com/muchdogesec.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Arango CVE Processor\n\n## Before you get started\n\nArango CVE Processor is built into [Vulmatch](https://github.com/muchdogesec/vulmatch) which also handles the download of CVE objects (what you need for ACVEP to work). As such, [Vulmatch](https://github.com/muchdogesec/vulmatch) is probably better suited to what you're looking for.\n\n## tl;dr\n\n![](docs/arango_cve_processor.png)\n\nA small script that enriches CVEs to other sources with all data stored as STIX 2.1 objects.\n\n[![arango_cve_processor](https://img.youtube.com/vi/J_LbAzoUpd4/0.jpg)](https://www.youtube.com/watch?v=J_LbAzoUpd4)\n\n[Watch the demo](https://www.youtube.com/watch?v=J_LbAzoUpd4).\n\n## Overview\n\nHere at DOGESEC we work with a lot of CVE data across our products. [cve2stix](https://github.com/muchdogesec/cve2stix) generates core STIX 2.1 Vulnerability objects from CVE data.\n\nHowever, we have lots of other sources (EPSS, KEV, ATT\u0026CK...) that we want to enrich this data with.\n\nWe built Arango CVE Processor to handle the generation and maintenance of these enrichments.\n\nIn short, Arango CVE Processor is a script that;\n\n1. reads the ingested CVE STIX data in ArangoDB\n2. creates STIX objects to represent the relationships between CVE and other datasets\n\n## Usage\n\n### Install the script\n\n```shell\n# clone the latest code\ngit clone https://github.com/muchdogesec/arango_cve_processor\n# create a venv\ncd arango_cve_processor\npython3 -m venv arango_cve_processor-venv\nsource arango_cve_processor-venv/bin/activate\n# install requirements\npip3 install -r requirements.txt\n````\n\n### Configuration options\n\nArango CVE Processor has various settings that are defined in an `.env` file.\n\nTo create a template for the file:\n\n```shell\ncp .env.example .env\n```\n\nTo see more information about how to set the variables, and what they do, read the `.env.markdown` file.\n\n### Run\n\n```shell\npython3 arango_cve_processor.py \\\n    --database DATABASE \\\n    --relationship RELATIONSHIP \\\n    --ignore_embedded_relationships BOOLEAN \\\n    --modified_min DATE \\\n    --cve_id CVE-NNNN-NNNN CVE-NNNN-NNNN\n```\n\nWhere;\n\n* `--database` (required): the arangoDB database name where the objects you want to link are found. It must contain the collections `nvd_cve_vertex_collection` and `nvd_cve_edge_collection`\n* `--relationship` (optional, dictionary): you can apply updates to certain relationships at run time. Default is all. Note, you should ensure your `database` contains all the required seeded data. User can select from;\n  * `cve-cwe`\n  * `cve-capec`\n  * `cve-attack`\n  * `cve-epss`\n  * `cve-kev`\n* `--ignore_embedded_relationships` (optional, boolean). Default is `false`. if `true` passed, this will stop any embedded relationships from being generated. This is a stix2arango feature where STIX SROs will also be created for `_ref` and `_refs` properties inside each object (e.g. if `_ref` property = `identity--1234` and SRO between the object with the `_ref` property and `identity--1234` will be created). See stix2arango docs for more detail if required, essentially this a wrapper for the same `--ignore_embedded_relationships` setting implemented by stix2arango\n* `--ignore_embedded_relationships_sro` (optional): boolean, if `true` passed, will stop any embedded relationships from being generated from SRO objects (`type` = `relationship`). Default is `false`\n* `--ignore_embedded_relationships_smo` (optional): boolean, if `true` passed, will stop any embedded relationships from being generated from SMO objects (`type` = `marking-definition`, `extension-definition`, `language-content`). Default is `false`\n* `--modified_min` (optional, date in format `YYYY-MM-DD`). By default arango_cve_processor will consider all CVEs in the database specified with the property `_is_latest==true` (that is; the latest version of the object). Using this flag with a modified time value will further filter the results processed by arango_cve_processor to STIX objects with a `modified` time \u003e= to the value specified. This is useful when you don't want to process data for very old CVEs in the database.\n* `--created_min` (optional, date in format `YYYY-MM-DD`). Same as `modified_min` but considers `created` date.\n* `--cve_id` (optional, CVE ID): will only process the relationships for the CVE passed, otherwise all CVEs will be considered.\n\n### Examples\n\nProcess CVE -\u003e CWE relationships for all CVEs modified after 2023-01-01 and only created embedded relationships from SDOs and SCOs...\n\n```shell\npython3 arango_cve_processor.py \\\n  --database arango_cve_processor_standard_tests_database \\\n  --relationship cve-cwe \\\n  --modified_min 2024-02-01 \\\n  --ignore_embedded_relationships true \\\n  --ignore_embedded_relationships_sro true \\\n  --ignore_embedded_relationships_smo true\n```\n\nGet all EPSS scores for CVEs\n\n```shell\npython3 arango_cve_processor.py \\\n  --database arango_cve_processor_standard_tests_database \\\n  --relationship cve-epss \\\n  --ignore_embedded_relationships false \\\n  --ignore_embedded_relationships_sro true \\\n  --ignore_embedded_relationships_smo true\n```\n\n## Backfilling data\n\n[stix2arango contains a set of utility scripts that can be used to backfill all the datasources required for this test](https://github.com/muchdogesec/stix2arango/tree/main/utilities).\n\n## How it works\n\nIf you would like to know how the logic of this script works in detail, please consult the `/docs` directory.\n\n## Useful supporting tools\n\n* To generate STIX 2.1 extensions: [stix2 Python Lib](https://stix2.readthedocs.io/en/latest/)\n* STIX 2.1 specifications for objects: [STIX 2.1 docs](https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html)\n* [ArangoDB docs](https://www.arangodb.com/docs/stable/)\n\n## Support\n\n[Minimal support provided via the DOGESEC community](https://community.dogesec.com/).\n\n## License\n\n[Apache 2.0](/LICENSE).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmuchdogesec%2Farango_cve_processor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmuchdogesec%2Farango_cve_processor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmuchdogesec%2Farango_cve_processor/lists"}