Skip to content
/ cyhy-kevsync-lambda Public

A Lambda to import Known Exploited Vulnerabilities (KEV) data into a Cyber Hygiene database

License

CC0-1.0 license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cisagov/cyhy-kevsync-lambda

BranchesTags

Repository files navigation

cyhy-kevsync-lambda

GitHub Build Status

This Lambda is designed to retrieve the CISA Known Exploited Vulnerabilities Catalog JSON version and import the CVE IDs into a MongoDB collection.

Lambda configuration

This Lambda supports the following Lambda environment variables in its deployment configuration:

Name Description Type Default Required
CYHY_CONFIG_PATH The path to the configuration file. string The default search behavior is used if this variable is not provided. no
CYHY_CONFIG_SSM_PATH The AWS SSM Parameter Store key that contains the configuration file. string SSM will not be accessed if this variable is not provided. no
CYHY_LOG_LEVEL The logging level for the Lambda. string INFO no

Building the base Lambda image

The base Lambda image can be built with the following command:

docker compose build

This base image is used both to build a deployment package and to run the Lambda locally.

Building a deployment package

You can build a deployment zip file to use when creating a new AWS Lambda function with the following command:

docker compose up build_deployment_package

This will output the deployment zip file in the root directory.

Testing the Lambda locally

Create a configuration file named cyhy-mine.toml in the repository root with the following content:

[kevsync]
db_auth_uri = "mongodb://username:password@host.docker.internal:27018/cyhy"
db_name = "cyhy"
json_url = "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
log_level = "DEBUG"
schema_url = "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities_schema.json"

Start the Lambda locally with the following command:

docker compose up run_lambda_locally

The Lambda can be invoked by sending a POST request to the local endpoint:

curl "http://localhost:9000/2015-03-31/functions/function/invocations" \
     --data '{}'

How to update Python dependencies

The Python dependencies are maintained using a Pipenv configuration for each supported Python version. Changes to requirements should be made to the respective src/py<Python version>/Pipfile. More information about the Pipfile format can be found here. The accompanying Pipfile.lock files contain the specific dependency versions that will be installed. These files can be updated like so (using the Python 3.12 configuration as an example):

cd src/py3.12
pipenv lock

Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

License

This project is in the worldwide public domain.

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.

About

A Lambda to import Known Exploited Vulnerabilities (KEV) data into a Cyber Hygiene database

Topics

vulnerability vulnerabilities kev exploited

Resources

Readme

License

CC0-1.0 license

Security policy

Security policy
Activity
Custom properties

Stars

3 stars

Watchers

7 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Oct 25, 2024

Packages

No packages published

Contributors 9

Languages