Add OpenCVE analyzer

[thunderstornX]

Summary

Adds an OpenCVE analyzer that enriches a cve observable using the free OpenCVE API. This addresses #1236: the only existing CVE-enrichment analyzer (Vulners) is a commercial service, whereas OpenCVE is free and can also be self-hosted.

Closes #1236

What it returns

For a given CVE, the analyzer reports:

• CVSS metrics (v3.1 / v4.0 / v3.0 / v2.0), score and vector
• CISA KEV status (known-exploited) and EPSS score
• CWE weaknesses
• Affected vendors and products (OpenCVE's vendor$PRODUCT$product list is split into readable vendors and products)

Two taxonomies are produced:

• OpenCVE:CVSS=<score>, level by severity (malicious if in CISA KEV or CVSS >= 9, suspicious if CVSS >= 4, otherwise info)
• OpenCVE:KEV=CISA when the CVE is in the CISA KEV catalog

Configuration

Name	Description	Required	Default
token	OpenCVE organization API token (Bearer). The free plan includes API access.	yes
base_url	OpenCVE API base URL. Point it at a self-hosted instance if needed.	no	https://app.opencve.io/api

Files

• analyzers/OpenCVE/ — OpenCVE.json, opencve_analyzer.py, requirements.txt, README.md
• thehive-templates/OpenCVE_1_0/ — long.html, short.html

Testing

Tested live against the OpenCVE API:

• CVE-2021-44228 (Log4Shell): CVSS v3.1 = 10, CISA KEV present, EPSS 0.94 → OpenCVE:CVSS=10 (malicious) + OpenCVE:KEV=CISA; 13 vendors and 177 products parsed.
• Unknown CVE → clean "not found" report (no error).
• Non-cve data type → rejected with a clear error message.
• flake8 clean.