Searching for CVEs using date ranges

In CTI Butler, I want to filter created CVEs by date. e.g. show me all CVEs published in June.

How can I filter the results based on time?

CVE Vulnerability objects look like this:

[
  {
    "created": "2003-12-01T05:00:00.000Z",
    "created_by_ref": "identity--562918ee-d5da-5579-b6a1-fae50cc6bad3",
    "description": "Multiple vulnerabilities in multiple vendor implementations of the X.400 protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an X.400 message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.",
    "external_references": [
      {
        "source_name": "cve",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0565",
        "external_id": "CVE-2003-0565"
      },
      {
        "source_name": "cve@mitre.org",
        "description": "Third Party Advisory,US Government Resource",
        "url": "http://www.kb.cert.org/vuls/id/927278"
      },
      {
        "source_name": "cve@mitre.org",
        "description": "Vendor Advisory",
        "url": "http://www.uniras.gov.uk/vuls/2003/006489/x400.htm"
      },
      {
        "source_name": "cvssMetricV2-vectorString",
        "description": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0565"
      },
      {
        "source_name": "cvssMetricV2-exploitabilityScore",
        "description": "10.0",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0565"
      },
      {
        "source_name": "cvssMetricV2-impactScore",
        "description": "2.9",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0565"
      }
    ],
    "id": "vulnerability--885a6f71-6268-5b52-a9dd-f1cdca2021ff",
    "modified": "2005-10-20T04:00:00.000Z",
    "name": "CVE-2003-0565",
    "object_marking_refs": [
      "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487",
      "marking-definition--562918ee-d5da-5579-b6a1-fae50cc6bad3"
    ],
    "spec_version": "2.1",
    "type": "vulnerability"
  },

The created date shows the date the NVD published it. The modified date show when the record was last updated (most CVEs are usually update quite a few times b/c they are usually published with minimal info).

Thus in your scenario we want to filter on created time.

This search will return CVEs published in June

FOR doc IN nvd_cve_vertex_collection
FILTER DATE_MONTH(doc.created) == 6
AND doc.type == "vulnerability"
LET keys = ATTRIBUTES(doc)
  LET filteredKeys = keys[* FILTER !STARTS_WITH(CURRENT, "_")]
  RETURN KEEP(doc, filteredKeys)

If you need to search for specific dates…

FOR doc IN nvd_cve_vertex_collection
FILTER DATE_TIMESTAMP(doc.created) >= DATE_TIMESTAMP("2024-06-04T00:00:00Z")
AND DATE_TIMESTAMP(doc.created) <= DATE_TIMESTAMP("2024-06-09T23:59:59Z")
AND doc.type == "vulnerability"
LET keys = ATTRIBUTES(doc)
  LET filteredKeys = keys[* FILTER !STARTS_WITH(CURRENT, "_")]
  RETURN KEEP(doc, filteredKeys)