Skip to content

[Phase 1] Feed tables: CISA KEV + Exploit-DB ingestion + cyberguard db commands #6

Description

@varun-polpakkara

Summary

The exploit_db_entries and kev_entries tables exist in the schema but are never populated. This step adds the CLI commands and data-fetching logic that fill them as offline pre-scan operations.

Commands to implement

cyberguard db refresh-exploit-feeds [--exploit-db] [--kev] [--all]

  • --kev: Downloads the CISA Known Exploited Vulnerabilities JSON catalog. Upserts into kev_entries.
  • --exploit-db: Downloads/clones the Exploit-DB CSV archive. Each entry has an integer ID, list of CVE IDs, exploit type, platform, and verified flag. Inserts/updates exploit_db_entries.

cyberguard db feeds-status [--format table|json]

  • Shows row count per feed table and last-fetched timestamp.

Why feeds are offline, not pipeline stages

Stage 4 does fast table lookups. If feeds were fetched during every scan it would add network latency and unreliability inside the pipeline. Separating feed refresh as an offline CLI command means the pipeline only does DB reads — deterministic and fast.

Verify

  • cyberguard db refresh-exploit-feeds --all populates both tables
  • CVE-2021-44228 (Log4Shell) appears in both exploit_db_entries and kev_entries
  • cyberguard db feeds-status shows row counts and timestamps

Metadata

Metadata

Labels

Fields

No fields configured for Feature.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions