<tr><td>DefaultCVSS</td><td>5</td><td>When a <abbrtitle="Common Vulnerability and Exposure">CVE</abbr> is only just published, they often don't have a CVSS yet. This setting defines the default CVSS score for these cases</td></tr>
<tr><td>StartYear</td><td>2002</td><td>The start year of <abbrtitle="Common Vulnerability and Exposure">CVE's</abbr> you want in your database. The lowest setting is <spanclass="code">2002</span>, the highest is the current year.</td></tr>
</table>
<br/>
@@ -98,21 +97,21 @@
Once you checked these settings, you can run the script by either typing <spanclass="code">./db_mgmt.py -p</span> or <spanclass="code">python3 db_mgmt.py -p</span>. You will see the message "Database population started".
If you want more output of what the script does, while it's running, you can add the parameter <spanclass="code">-v</span> to any of these commands.
</p>
<h3>Creating the <abbrtitle="Common Platform Enumeration">CVE</abbr> dictionary</h3>
<h3>Creating the <abbrtitle="Common Vulnerability Enumeration">CVE</abbr> dictionary</h3>
<p>
This script fills the database with the product information. This information one of the key features of cve-search, as this allows you to search for vulnerabilities for specific systems, and allows you to see to what systems a <abbrtitle="Common Vulnerability and Exposure">CVE</abbr> applies.
It also allows for a user-friendly, readable format for the CPE. This script will translate <abbrtitle="Common Platform Enumeration">CVE</abbr> formats like <spanclass="example">cpe:/a:adobe:flash_player:14.0.0.125</span> to readable formats like <spanclass="example">Adobe Flash Player 14.0.0.125 APSB14-16</span> where possible.<br/>
It also allows for a user-friendly, readable format for the CPE. This script will translate <abbrtitle="Common Vulnerability Enumeration">CVE</abbr> formats like <spanclass="example">cpe:/a:adobe:flash_player:14.0.0.125</span> to readable formats like <spanclass="example">Adobe Flash Player 14.0.0.125 APSB14-16</span> where possible.<br/>
<br/>
To run this script, either type <spanclass="code">./db_mgmt_cpe_dictionary.py</span> or <spanclass="code">python3 db_mgmt_cpe_dictionary.py</span>.<br/>
<br/>
This script uses the <abbrtitle="Common Platform Enumeration">CVE</abbr> dictionary from NIST's NVD. As there are a lot of products, they can not make a title for each <abbrtitle="Common Platform Enumeration">CVE</abbr> manually. That's why CVE-Search has another script, called <spanclass="code">db_mgmt_cpe_other_dictionary.py</span>.
This script takes the <abbrtitle="Common Platform Enumeration">CVE's</abbr> that have no title, and splits them into a human readable format. <br/>
This script uses the <abbrtitle="Common Vulnerability Enumeration">CVE</abbr> dictionary from NIST's NVD. As there are a lot of products, they can not make a title for each <abbrtitle="Common Vulnerability Enumeration">CVE</abbr> manually. That's why CVE-Search has another script, called <spanclass="code">db_mgmt_cpe_other_dictionary.py</span>.
This script takes the <abbrtitle="Common Vulnerability Enumeration">CVEs</abbr> that have no title, and splits them into a human readable format. <br/>
<br/>
To add this dictionary, type <spanclass="code">python3 db_mgmt_cpe_other_dictionary.py</span> and hit enter.
</p>
<h3id="update">Updating the database</h3>
<p>
Before updating the database, you have to decide if you will use the web interface of CVE-Search. This interface uses Redis Cache to speed up <abbrtitle="Common Platform Enumeration">CVE</abbr> browsing.
Before updating the database, you have to decide if you will use the web interface of CVE-Search. This interface uses Redis Cache to speed up <abbrtitle="Common Vulnerability Enumeration">CVE</abbr> browsing.
If you will be using this feature, make sure your configuration.ini file has the correct settings, and points to your Redis server. The table below explains the several settings.
*[The offical CVE-Search Project, based of Wim Remes work](https://github.com/cve-search/cve-search/archive/master.zip)
The initial setup of CVE-Search happens only once, at the installation.
This consists of three steps and one optional step.
* Populating the database
* Creating the CVE dictionary
**Optional:* You can also run the "Other CVE Dictionary" script to help
fill in the blanks
* Updating the database
###Populating the database
Populating the database might take a while when you first run the script.
Before you run this script, there are two important parameters you need
to set in your configuration.ini file.
These settings can be found under the [CVE] section. These settings are:
| Setting | Default setting | Explanation |
| :--- | :--- | :--- |
| StartYear | 2002 | The start year of CVE you want in your database. The lowest setting is 2002, the highest is the current year. |
Once you checked these settings, verify that the settings in the [Mongo]
section are the connection settings for your database.
If you installed the database with the default settings, these settings
should be fine. The table below explains these settings a bit more:
| Setting | Default setting | Explanation |
| :--- | :--- | :--- |
| Host | localhost | The host the Mongo database server is running on |
| Port | 27017 | The port that Mongo uses on the host specified above |
| DB | cvedb | The database CVE-Search will save its information to. Changing this is a good way to do some testing, without having to restore the entire database afterwards |
Once you checked these settings, you can run the script by either typing
*./db_mgmt.py -p* or *python3 db_mgmt.py -p*. You will see the message
"Database population started".
If you want more output of what the script does, while it's running, you
can add the parameter *-v* to any of these commands.
###Creating the CVE dictionary
This script fills the database with the product information. This
information one of the key features of cve-search, as this allows you
to search for vulnerabilities for specific systems, and allows you to
see to what systems a CVE applies.
It also allows for a user-friendly, readable format for the CPE. This
script will translate CVE formats like
*cpe:/a:adobe:flash_player:14.0.0.125* to readable formats like
*Adobe Flash Player 14.0.0.125 APSB14-16* where possible.<br/><br/>
To run this script, either type *./db_mgmt_cpe_dictionary.py* or
*python3 db_mgmt_cpe_dictionary.py*.<br/><br/>
This script uses the CVE dictionary from NIST's NVD. As there are a lot
of products, they can not make a title for each CVE manually. That's
why CVE-Search has another script, called *db_mgmt_cpe_other_dictionary.py*
This script takes the CVEs that have no title, and splits them into a
human readable format. <br/><br/>
To add this dictionary, type *python3 db_mgmt_cpe_other_dictionary.py*
and hit enter.
###Updating the database
Before updating the database, you have to decide if you will use the web
interface of CVE-Search. This interface uses Redis Cache to speed up
CVE browsing. If you will be using this feature, make sure your
configuration.ini file has the correct settings, and points to your
Redis server. The table below explains the several settings.
| Setting | Default setting | Explanation |
| :--- | :--- | :--- |
| Host | localhost | The host the Redis database server is running on |
| Port | 6379 | The port that Redis uses on the host specified above |
| VendorsDB | 10 | The Redis database to store vendor information |
| NotificationsDB | 11 | The Redis database to store notifications |
Finally, update the database by typing *python3 db_updater.py* or
*python3 db_updater.py* and hit enter.
If you are planning on using the web interface, it is recommended to add
parameter *-c*<br/>
If you are planning on using the fulltext indexer, it is recommended to
add parameter *-i*<br/>
To add verbose output, add parameter *-v*<br/>
To let the script run automatically at a regular interval, add parameter
*-l*
###Fulltext Search
If you want to enable fulltext search, you have to enable this in the
database. <br/>
To do this, log into the Mongo database (*$ mongo*) and run the following
