Discovery & Visualization of Security Vulnerabilities — Part 1

In this post series I want to show you how to visualize security vulnerabilities. We are going to download CVE, CVSS and CWE data feeds from NVD and importing them into Neo4j graph database and visualizing them in Neo4j dashboard using both Cypher graph query language and Graphql. We will see how to install all the necessary parts in this part, and will see how to query and visualize data in next part.

Table of Contents

• Install Neo4j
• Run Neo4j
• Install Plugins
• Install “Awesome Procedures On Cypher” — APOC
• Install Graphql Plugin
• Download CVE and CWE data files
• Import CVE and CWE data

Install Neo4j

Neo4j is an open-source graph database management system implemented in Java. Cypher query language is a declarative graph query language that allows querying and modifying graph data in Neo4j.

To install Neo4j graph database, first go to Neo4j download center and download “Neo4j Server Community Edition”. At the time of writing this post, The latest stable version of Neo4j is 3.5.5

Then extract the downloaded .tar or .zip file in a folder of your choice. You can see these folders inside:

• bin folder which contains executable scripts and applications
• conf folder which contains neo4j.conf file that is all the configurations of Neo4j
• plugins folder that is an empty folder and we will install plugins in this folder.
• import folder which we will save data files in it, so Neo4j can find them and import them.

Run Neo4j

Run the bellow commands in Neo4j folder to start Neo4j as a service.

cd bin/
./neo4j start

After a few seconds Neo4j is up and running and you can access its dashboard at http://localhost:7474/.

If you want to stop the Neo4j service at any time, execute this command:

./neo4j stop

Install Plugins

After installing and running Neo4j we need to install some plugins so we can import JSON and CSV data files easily and also query graph data using Graphql instead of Cypher.

Install “Awesome Procedures On Cypher” — APOC

According to APOC github page

The APOC library consists of many (about 450) procedures and functions to help with many different tasks in areas like data integration, graph algorithms or data conversion.

Visit releases page of github project and download the latest .jar plugin file and place it under plugin folder in Neo4j folder. Add bellow config line at the end of neo4j.conf file to enable importing from files.

apoc.import.file.enabled=true

Then restart Neo4j with this command:

./neo4j restart

At the time of writing this, the latest stable version of APOC plugin was 3.5.0.3 .

Install Graphql Plugin

If you’re a fan of Graphql or you want to know how one can query graph data from Neo4j, you must install graphql-plugin. To do this, first go to releases page of plugin github project, download the latest .jar plugin file and copy the file in plugin folder. 3.5.0.3 is the latest stable release at the time of writing this post.

Insert this line at the end of neo4j.conf file so we can Graphql to query graph data in Neo4j.

dbms.unmanaged_extension_classes=org.neo4j.graphql=/graphql

Now, restart Neo4j as said before.

Download CVE and CWE data files

Now that we have the graph database up and running with all the needed plugins installed. We should download and import CVE and CWE files from data sources and import them into Neo4j.

I’ve created a github repository for the scripts we need to download and import. Clone this repo and download data with following commands.

git clone https://github.com/zaghaghi/neo4j-cve-scripts
cd neo4j-cve-scripts
pip install -r requirements.txt
python download-cve.py --neo4j-dir <Neo4j-Installation-Folder> --start-year 2002 --end-year 2019

download-cve.py will download files and copy them inside import folder of Ne4j installation directory. You can change --start-year and --end-year arguments as you want.

You must download CWE data file from cwe.mitre.org download page, and extract the zip file into import folder. I downloaded this file.

After downloading all files you should have these files in import folder:

1000.csv 2002.json 2003.json 2004.json 2005.jso 2006.json 2007.json 2008.json 2009.json 2010.json 2011.json 2012.json 2013.json 2014.json 2015.json 2016.json 2017.json 2018.js on2019.json

Sample CVE item

Import CVE and CWE data

After downloading all needed files, It’s time to import them into Neo4j. There is 4 cypher scripts in cloned github repository (neo4j-cve-scripts):

1. constraints.cypher script applies unique constraints on nodes in the graph.
2. load-cve.cypher script loads all JSON data feeds into Neo4j.
3. load-cwe.cypher script loads CVE data feed into Neo4j.
4. and graphql-schema.cypher applies Graphql schema into Neo4j. This file contains mapping between Graphql data types and Neo4j nodes and relations.

Change the following config lines in neo4j.conf to increase memory limits of Neo4j.

dbms.memory.heap.initial_size=2048m
dbms.memory.heap.max_size=8192m

At the next part this post we will query the imported data using both Cypher and Graphql.