Summary
The exploit_db_entries and kev_entries tables exist in the schema but are never populated. This step adds the CLI commands and data-fetching logic that fill them as offline pre-scan operations.
Commands to implement
cyberguard db refresh-exploit-feeds [--exploit-db] [--kev] [--all]
--kev: Downloads the CISA Known Exploited Vulnerabilities JSON catalog. Upserts into kev_entries.
--exploit-db: Downloads/clones the Exploit-DB CSV archive. Each entry has an integer ID, list of CVE IDs, exploit type, platform, and verified flag. Inserts/updates exploit_db_entries.
cyberguard db feeds-status [--format table|json]
- Shows row count per feed table and last-fetched timestamp.
Why feeds are offline, not pipeline stages
Stage 4 does fast table lookups. If feeds were fetched during every scan it would add network latency and unreliability inside the pipeline. Separating feed refresh as an offline CLI command means the pipeline only does DB reads — deterministic and fast.
Verify
cyberguard db refresh-exploit-feeds --all populates both tables
- CVE-2021-44228 (Log4Shell) appears in both
exploit_db_entries and kev_entries
cyberguard db feeds-status shows row counts and timestamps
Summary
The
exploit_db_entriesandkev_entriestables exist in the schema but are never populated. This step adds the CLI commands and data-fetching logic that fill them as offline pre-scan operations.Commands to implement
cyberguard db refresh-exploit-feeds [--exploit-db] [--kev] [--all]--kev: Downloads the CISA Known Exploited Vulnerabilities JSON catalog. Upserts intokev_entries.--exploit-db: Downloads/clones the Exploit-DB CSV archive. Each entry has an integer ID, list of CVE IDs, exploit type, platform, and verified flag. Inserts/updatesexploit_db_entries.cyberguard db feeds-status [--format table|json]Why feeds are offline, not pipeline stages
Stage 4 does fast table lookups. If feeds were fetched during every scan it would add network latency and unreliability inside the pipeline. Separating feed refresh as an offline CLI command means the pipeline only does DB reads — deterministic and fast.
Verify
cyberguard db refresh-exploit-feeds --allpopulates both tablesexploit_db_entriesandkev_entriescyberguard db feeds-statusshows row counts and timestamps