Discovery & Visualization of Security Vulnerabilities — Part 1
In this post series I want to show you how to visualize security vulnerabilities. We are going to download CVE, CVSS and CWE data feeds from NVD and importing them into Neo4j graph database and visualizing them in Neo4j dashboard using both Cypher graph query language and Graphql. We will see how to install all the necessary parts in this part, and will see how to query and visualize data in next part.
Table of Contents
- Install Neo4j
- Run Neo4j
- Install Plugins
- Install “Awesome Procedures On Cypher” — APOC
- Install Graphql Plugin
- Download CVE and CWE data files
- Import CVE and CWE data
Install Neo4j
Neo4j is an open-source graph database management system implemented in Java. Cypher query language is a declarative graph query language that allows querying and modifying graph data in Neo4j.
To install Neo4j graph database, first go to Neo4j download center and download “Neo4j Server Community Edition”. At the time of writing this post, The latest stable version of Neo4j is 3.5.5
Then extract the downloaded .tar
or .zip
file in a folder of your choice. You can see these folders inside:
bin
folder which contains executable scripts and applicationsconf
folder which containsneo4j.conf
file that is all the configurations of Neo4jplugins
folder that is an empty folder and we will install plugins in this folder.import
folder which we will save data files in it, so Neo4j can find them and import them.
Run Neo4j
Run the bellow commands in Neo4j folder to start Neo4j as a service.
cd bin/
./neo4j start
After a few seconds Neo4j is up and running and you can access its dashboard at http://localhost:7474/.
If you want to stop the Neo4j service at any time, execute this command:
./neo4j stop
Install Plugins
After installing and running Neo4j we need to install some plugins so we can import JSON and CSV data files easily and also query graph data using Graphql instead of Cypher.
Install “Awesome Procedures On Cypher” — APOC
According to APOC github page
The APOC library consists of many (about 450) procedures and functions to help with many different tasks in areas like data integration, graph algorithms or data conversion.
Visit releases page of github project and download the latest .jar
plugin file and place it under plugin
folder in Neo4j folder. Add bellow config line at the end of neo4j.conf
file to enable importing from files.
apoc.import.file.enabled=true
Then restart Neo4j with this command:
./neo4j restart
At the time of writing this, the latest stable version of APOC plugin was 3.5.0.3
.
Install Graphql Plugin
If you’re a fan of Graphql or you want to know how one can query graph data from Neo4j, you must install graphql-plugin. To do this, first go to releases page of plugin github project, download the latest .jar
plugin file and copy the file in plugin
folder. 3.5.0.3
is the latest stable release at the time of writing this post.
Insert this line at the end of neo4j.conf
file so we can Graphql to query graph data in Neo4j.
dbms.unmanaged_extension_classes=org.neo4j.graphql=/graphql
Now, restart Neo4j as said before.
Download CVE and CWE data files
Now that we have the graph database up and running with all the needed plugins installed. We should download and import CVE and CWE files from data sources and import them into Neo4j.
I’ve created a github repository for the scripts we need to download and import. Clone this repo and download data with following commands.
git clone https://github.com/zaghaghi/neo4j-cve-scripts
cd neo4j-cve-scripts
pip install -r requirements.txt
python download-cve.py --neo4j-dir <Neo4j-Installation-Folder> --start-year 2002 --end-year 2019
download-cve.py
will download files and copy them inside import
folder of Ne4j installation directory. You can change --start-year
and --end-year
arguments as you want.
You must download CWE data file from cwe.mitre.org download page, and extract the zip file into import
folder. I downloaded this file.
After downloading all files you should have these files in import
folder:
1000.csv 2002.json 2003.json 2004.json 2005.jso 2006.json 2007.json 2008.json 2009.json 2010.json 2011.json 2012.json 2013.json 2014.json 2015.json 2016.json 2017.json 2018.js on2019.json
Sample CVE item
Import CVE and CWE data
After downloading all needed files, It’s time to import them into Neo4j. There is 4 cypher scripts in cloned github repository (neo4j-cve-scripts):
constraints.cypher
script applies unique constraints on nodes in the graph.load-cve.cypher
script loads all JSON data feeds into Neo4j.load-cwe.cypher
script loads CVE data feed into Neo4j.- and
graphql-schema.cypher
applies Graphql schema into Neo4j. This file contains mapping between Graphql data types and Neo4j nodes and relations.
Change the following config lines in neo4j.conf
to increase memory limits of Neo4j.
dbms.memory.heap.initial_size=2048m
dbms.memory.heap.max_size=8192m
At the next part this post we will query the imported data using both Cypher and Graphql.