CVE Response

Data Dictionary: CVE Response

This outlines the field types associated with the CVE Lookup Endpoint.

Field Name	Field Type	Example	Description
id	string	CVE-2024-12345	The CVE ID
details	object	{ "vulnerability_name": "Acme Inc Expoilt Attempt", "vulnerability_description": "Potentially allowing Acme Inc to exploit anvil drop on new users.", "cve_cvss_score": 4.5, "product": "Acme Inc", "vendor": "Anvil Drop", "published_to_nist_nvd": true }	Metadata object with basic details on the CVE
details.vulnerability_name	string	Acme Inc Expoilt Attempt	The name of the vulnerability
details.vulnerability_description	string	Potentially allowing Acme Inc to exploit anvil drop on new users."	A description of the vulnerability
details.cve_cvss_score	float	4.5	The current CVSS score (Common Vulnerability Scoring System)
details.product	string	Acme Inc	The produc(s) associated with CVE
details.vendor	string	Anvil Drop	The Vendor(s) associated with CVE
details.published_to_nist_nvd	boolan	true	Whether this CVE is recognized by NIST
timeline	object	{ "cve_published_date": "2024-05-28T19:15:10.060", "cve_last_updated_date": "2024-05-31T16:04:09.703", "first_known_published_date": "2024-05-27T00:00:00Z", "cisa_kev_date_added": "2024-05-30T00:00:00Z" }
timeline.cve_published_date	datetime	2024-05-28T19:15:10.060	Date when CVE was published by NVD
timeline.cve_last_updated_date	datetime	2024-05-31T16:04:09.703	Date when CVE record was last updated
timeline.first_known_published_date	datetime	2024-05-27T00:00:00Z	Date when first exploit associated with CVE was published
timeline.cisa_kev_date_added	datetime	2024-05-30T00:00:00Z	Date CISA added KEV entry associated with CVE
exploitation_details	object	{ "attack_vector": "NETWORK", "exploit_found": true, "exploitation_registered_in_kev": true, "epss_score": 0.94504 }
exploitation_details.attack_vector	string	NETWORK	The attack vector category
exploitation_details.exploit_found	boolean	true	Whether any known exploits are available
exploitation_details.exploitation_registered_in_kev	boolean	true	Whether exploitation has been registered in KEV database
exploitation_details.epss_score	float	0.94504	EPSS Score associated with this exploitation (Exploit Prediction Scoring System)
exploitation_stats	object	{ "number_of_available_exploits": 60, "number_of_threat_actors_exploiting_vulnerability": 1, "number_of_botnets_exploiting_vulnerability": 0 }
exploitation_stats.number_of_available_exploits	integer	60	The total number of exploits available (public + commercial)
exploitation_stats.number_of_threat_actors_exploiting_vulnerability	integer	1	The total number of known threat actors
exploitation_stats.number_of_botnets_exploiting_vulnerability	integer	0	The total number of botnets
exploitation_activity	object	{ "activity_seen": true, "benign_ip_count_1d": 765, "benign_ip_count_10d": 765, "benign_ip_count_30d": 765, "threat_ip_count_1d": 0, "threat_ip_count_10d": 1, "threat_ip_count_30d": 14 }
exploitation_activity.activity_seen	boolean	true	Whether GreyNoise has seen activity
exploitation_activity.benign_ip_count_1d	integer	765	The total number of benign IP GreyNoise has seen exercising (Scanning \|\| Exploiting) this vulnerability today
exploitation_activity.benign_ip_count_10d	integer	765	The total number of benign IP GreyNoise has seen exercising (Scanning \|\| Exploiting) this vulnerability 10 days
exploitation_activity.benign_ip_count_30d	integer	765	The total number of benign IP GreyNoise has seen exercising (Scanning \|\| Exploiting) this vulnerability 30 days
exploitation_activity.threat_ip_count_1d	integer	0	The total number of threat IP GreyNoise has seen exercising (Scanning \|\| Exploiting) this vulnerability today
exploitation_activity.threat_ip_count_10d	integer	1	The total number of threat IP GreyNoise has seen exercising (Scanning \|\| Exploiting) this vulnerability 10 days
exploitation_activity.threat_ip_count_30d	integer	14	The total number of threat IP GreyNoise has seen exercising (Scanning \|\| Exploiting) this vulnerability 30 days