I’m passionate about Security, Splunk and Python. I mixed all 3 and it led to my first Splunk App which is now live in Splunkbase.
It is a Splunk App that pulls down CVE information from the National Vulnerability Database using its new JSON 1.0 feed. The app extracts CVE information, its impact, affected products, vendors and associated advisory and references. It could be a great addition to enrich data that your security team already looks into for creating very informative correlation.
Indexes and Sourcetypes
index=cve with a default retention of 3 days.
Sourcetypes are cveinfo, cvereferences and cveproducts
Data is pulled through a modular input [cve://<name] where you can specify the cron/interval and specify what format to download (gz or zip).
It has two sample dashboards for you to play with and get a feel of what you can do with this data. The dashboards allow you to lookup CVE by Year (supported years are 2017-2019) and lookup CVE by Vendor. Screenshots below.