cve-analysis

Tools for conducting analysis of CVE data in Elasticsearch

Quckstart:

Download Elasticsearch and Kibana from elastic.co
The latest versions are fine.

Start them (basically ./bin/elasticsearch and ./bin/kibana from the respective directories).

Add the mapping.json file to Elasticsearch
curl -XPUT 'localhost:9200/cve-index?pretty' -H 'Content-Type: application/json' -d @cve-index.json

Run get-cve.sh to download the CVE data from NVD
Run update-es.sh to import the CVE data into Elasticsearch

You rerun the above commands to update your data whenever needed.

Now navigate your web browser to http://localhost:5601

The first thing we have to do is create the index in Kibana. Click on Management (the gear icon on the left side). Then click "Index Patterns". In the textbox for name enter "cve-index". In the time field filter dropdown make sure "I don't want to use the Time Filter" is selected. Click create.

You should see an index listing 32 fields.

Now go back to Management. Click "Saved Objects". In the upper right of the screen you'll see "Import". First you need to import the cve-visualizations.json file, then the cve-dashboard.json file.

Now you should have some basic visualizations and a dashboard to look at. Happy hunting.