Vulnerability Templates (KB)

Vulnerability Templates (KB)

Intro

Find yourself writing the same descriptions over and over again? Tired of typos coming up in your reports? Faraday provides a simple solution: unify criteria for naming vulnerabilities and save time and effort to yourself and your team.

Write vulns once and use them forever!

Faraday Server comes with its own CWE Vulnerabilities DB for you to use. This is a simple CSV made using Open Source projects based in the CWE standard and allows you to create vulnerabilities without worrying about finding references, description, etc.


CSV -- Deprecated

Faraday ships with a CSV of the original Mitre project included in its tree in data/cwe.csv. However, we also ship two different scripts to generate CSVs for CFDB and VulnDB. These scripts will download and parse the contents of those databases.

  • CFDB Execute the following command to get a CSV for CFDB
/home/faraday/.faraday/scripts/cfdbToCsv.py
  • VulnDb Execute the following command to get a CSV for VulnDB
/home/faraday/.faraday/scripts/vulndbToCsv.py

Next copy this CSV file (either cfdb.csv or vulndb.csv) to /data/cwe.csv.

Sample .csv files for this feature can be downloaded here.


Upload CSV file

Go to the Web UI and click on the Vulnerability Templates icon , then click on the import icon 

A modal dialog will pop up asking you to choose a CSV file to upload, select it, click ok and you're done!


Manually Adding Templates

You can also create templates manually in the Web UI. Click on the Vulnerability Templates icon 

You will get a list of the existing templates in your installation:




Usage

Login to your Faraday Web UI and create or edit a Vulnerability. A search field will allow you to find your templates, as shown in the picture below.




You can also duplicate vulnerabilities easily by saving them as a template...



and later on importing the template.


Important: Name, Description and Resolution fields are replaced with the information stored in the templates database
.


    Still looking for answers? You can try opening a ticket.
      • Related Articles

      • Faraday vulnerability search

        The vulnerability search allows you to build search queries to search for vulnerabilities. screenshot of vulnerability search Understanding search For using the search you need to know the vulnerability attributes and its relationships. Vulnerability ...
      • Report a security vulnerability in Faraday

        If you've found a security vulnerability in Faraday, please send us an email with all relevant information about your discovery to: security@faradaysec.com To encrypt your communications or to verify signed messages you receive from us you can use ...
      • ServiceNow

        [This feature is only available for Corporate version users] This is a feature that allows you to send vulnerabilities from Faraday to ServiceNow as an incident (using ServiceNow's Incident table).  Send vulnerability to ServiceNow To send ...
      • Executive Report

        Intro No more 3AM reporting! The Executive Report feature lets you create (as the name implies) reports using the results obtained in each workspace. When an Executive Report is created, all the data from the Status Report is automatically processed ...
      • Custom Fields

        Intro Custom Fields allow you to extend the Vulnerability's model with more fields. Custom fields type can be int, str, list, and choice. You can also use Custom Fields with your Executive Report templates. If you want to learn more about the usage ...