Data Module: Vulnerability Prioritization Intelligence Module

Data Dictionary: Vulnerability Prioritization Intelligence Module Entitlements

This outlines the field types associated with the IP endpoint responses that are entitled based on purchasing the Vulnerability Prioritization Intelligence Module.

Field Name

Field Type

Example

Description

id

string

CVE-2024-12345

The CVE ID.

details

object

{
"vulnerability_name": "Acme Inc Expoilt Attempt",
"vulnerability_description": "Potentially allowing Acme Inc to exploit anvil drop on new users.",
"cve_cvss_score": 4.5,
"product": "Acme Inc",
"vendor": "Anvil Drop",
"published_to_nist_nvd": true
}

Basic CVE details, including CVSS score (Common Vulnerability Scoring System), associated products & vendors, and NIST CVE recognition status.

details.vulnerability_name

string

Acme Inc Expoilt Attempt

Name of the vulnerability.

details.vulnerability_description

string

Potentially allowing Acme Inc to exploit anvil drop on new users."

Description of the vulnerability.

details.cve_cvss_score

float

4.5

Current CVSS score (Common Vulnerability Scoring System).

details.product

string

Acme Inc

Product(s) associated with the CVE.

details.vendor

string

Anvil Drop

Vendor(s) associated with the CVE.

details.published_to_nist_nvd

boolean

true

Whether this CVE is recognized by NIST.

timeline

object

{
"cve_published_date": "2024-05-28T19:15:10.060",
"cve_last_updated_date": "2024-05-31T16:04:09.703",
"first_known_published_date": "2024-05-27T00:00:00Z",
"cisa_kev_date_added": "2024-05-30T00:00:00Z"
}

Key timeline details about when the CVE was published, updated, and added to CISA (https://www.cisa.gov/known-exploited-vulnerabilities-catalog).

timeline.cve_published_date

datetime

2024-05-28T19:15:10.060

Date when the CVE was published by NVD.

timeline.cve_last_updated_date

datetime

2024-05-31T16:04:09.703

Date when the CVE record was last updated.

timeline.first_known_published_date

datetime

2024-05-27T00:00:00Z

Date when the first exploit associated with the CVE was published.

timeline.cisa_kev_date_added

datetime

2024-05-30T00:00:00Z

Date CISA (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) added a KEV (Known Exploited Vulnerability) entry associated with the CVE.

exploitation_details

object

{
"attack_vector": "NETWORK",
"exploit_found": true,
"exploitation_registered_in_kev": true,
"epss_score": 0.94504
}

Exploitation-related details pertaining to attack vector category, EPSS score (Exploit Prediction Scoring System), available exploits, and KEV (Known Exploited Vulnerabilities) registration.

exploitation_details.attack_vector

string

NETWORK

Attack vector category.

exploitation_details.exploit_found

boolean

true

Whether any known exploits are available.

exploitation_details.exploitation_registered_in_kev

boolean

true

Whether exploitation has been registered in the KEV (Known Exploited Vulnerabilities) database.

exploitation_details.epss_score

float

0.94504

EPSS score (Exploit Prediction Scoring System) associated with the exploitation.

exploitation_stats

object

{
"number_of_available_exploits": 60,
"number_of_threat_actors_exploiting_vulnerability": 1,
"number_of_botnets_exploiting_vulnerability": 0
}

Statistical data about exploitation, including number of exploits available, and number of threat actors and botnets exploiting the vulnerability.

exploitation_stats.number_of_available_exploits

integer

60

Total number of exploits available (public + commercial).

exploitation_stats.number_of_threat_actors_exploiting_vulnerability

integer

1

Total number of known threat actors exploiting the vulnerability.

exploitation_stats.number_of_botnets_exploiting_vulnerability

integer

0

Total number of botnets exploiting the vulnerability.

exploitation_activity

object

{
"activity_seen": true,
"benign_ip_count_1d": 765,
"benign_ip_count_10d": 765,
"benign_ip_count_30d": 765,
"threat_ip_count_1d": 0,
"threat_ip_count_10d": 1,
"threat_ip_count_30d": 14
}

Observed IPs scanning or exploiting the vulnerability today, in the last 10 days, and the last 30 days.

exploitation_activity.activity_seen

boolean

true

Whether GreyNoise has observed activity related to this CVE.

exploitation_activity.benign_ip_count_1d

integer

765

Total number of benign IPs GreyNoise observed scanning or exploiting this vulnerability today.

exploitation_activity.benign_ip_count_10d

integer

765

Total number of benign IPs GreyNoise observed scanning or exploiting this vulnerability in the last 10 days.

exploitation_activity.benign_ip_count_30d

integer

765

Total number of benign IPs GreyNoise observed scanning or exploiting this vulnerability in the last 30 days.

exploitation_activity.threat_ip_count_1d

integer

0

Total number of threat IPs GreyNoise observed scanning or exploiting this vulnerability today.

exploitation_activity.threat_ip_count_10d

integer

1

Total number of threat IPs GreyNoise observed scanning or exploiting this vulnerability in the last 10 days.

exploitation_activity.threat_ip_count_30d

integer

14

Total number of threat IPs GreyNoise observed scanning or exploiting this vulnerability in the last 30 days.