# Concelier CVE (MITRE) Connector - Operations Runbook

_Last updated: 2026-01-16_

## 1. Overview
The CVE connector ingests MITRE CVE records to provide canonical IDs and record metadata.

## 2. Authentication
- No authentication required for public CVE feeds.

## 3. Configuration (`concelier.yaml`)
```yaml
concelier:
  sources:
    cve:
      baseUri: "<cve-feed-base>"
      maxDocumentsPerFetch: 20
      fetchTimeout: "00:00:45"
      requestDelay: "00:00:00"
```

## 4. Offline and air-gapped deployments
- Mirror the CVE feed into the Offline Kit and repoint `baseUri` to the mirror.

## 5. Common failure modes
- Upstream feed lag or pagination errors.
- Schema validation errors on upstream record changes.