Data Module: Vulnerability Prioritization Intelligence Module
Data Dictionary: Vulnerability Prioritization Intelligence Module Entitlements
This outlines the field types associated with the IP endpoint responses that are entitled based on purchasing the Vulnerability Prioritization Intelligence Module.
| Field Name | Field Type | Example | Description |
|---|---|---|---|
| id | string | CVE-2024-12345 | The CVE ID. |
| details | object | { "vulnerability_name": "Acme Inc Expoilt Attempt", "vulnerability_description": "Potentially allowing Acme Inc to exploit anvil drop on new users.", "cve_cvss_score": 4.5, "product": "Acme Inc", "vendor": "Anvil Drop", "published_to_nist_nvd": true } | Basic CVE details, including CVSS score (Common Vulnerability Scoring System), associated products & vendors, and NIST CVE recognition status. |
| details.vulnerability_name | string | Acme Inc Expoilt Attempt | Name of the vulnerability. |
| details.vulnerability_description | string | Potentially allowing Acme Inc to exploit anvil drop on new users." | Description of the vulnerability. |
| details.cve_cvss_score | float | 4.5 | Current CVSS score (Common Vulnerability Scoring System). |
| details.product | string | Acme Inc | Product(s) associated with the CVE. |
| details.vendor | string | Anvil Drop | Vendor(s) associated with the CVE. |
| details.published_to_nist_nvd | boolean | true | Whether this CVE is recognized by NIST. |
| timeline | object | { "cve_published_date": "2024-05-28T19:15:10.060", "cve_last_updated_date": "2024-05-31T16:04:09.703", "first_known_published_date": "2024-05-27T00:00:00Z", "cisa_kev_date_added": "2024-05-30T00:00:00Z" } | Key timeline details about when the CVE was published, updated, and added to CISA (https://www.cisa.gov/known-exploited-vulnerabilities-catalog). |
| timeline.cve_published_date | datetime | 2024-05-28T19:15:10.060 | Date when the CVE was published by NVD. |
| timeline.cve_last_updated_date | datetime | 2024-05-31T16:04:09.703 | Date when the CVE record was last updated. |
| timeline.first_known_published_date | datetime | 2024-05-27T00:00:00Z | Date when the first exploit associated with the CVE was published. |
| timeline.cisa_kev_date_added | datetime | 2024-05-30T00:00:00Z | Date CISA (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) added a KEV (Known Exploited Vulnerability) entry associated with the CVE. |
| exploitation_details | object | { "attack_vector": "NETWORK", "exploit_found": true, "exploitation_registered_in_kev": true, "epss_score": 0.94504 } | Exploitation-related details pertaining to attack vector category, EPSS score (Exploit Prediction Scoring System), available exploits, and KEV (Known Exploited Vulnerabilities) registration. |
| exploitation_details.attack_vector | string | NETWORK | Attack vector category. |
| exploitation_details.exploit_found | boolean | true | Whether any known exploits are available. |
| exploitation_details.exploitation_registered_in_kev | boolean | true | Whether exploitation has been registered in the KEV (Known Exploited Vulnerabilities) database. |
| exploitation_details.epss_score | float | 0.94504 | EPSS score (Exploit Prediction Scoring System) associated with the exploitation. |
| exploitation_stats | object | { "number_of_available_exploits": 60, "number_of_threat_actors_exploiting_vulnerability": 1, "number_of_botnets_exploiting_vulnerability": 0 } | Statistical data about exploitation, including number of exploits available, and number of threat actors and botnets exploiting the vulnerability. |
| exploitation_stats.number_of_available_exploits | integer | 60 | Total number of exploits available (public + commercial). |
| exploitation_stats.number_of_threat_actors_exploiting_vulnerability | integer | 1 | Total number of known threat actors exploiting the vulnerability. |
| exploitation_stats.number_of_botnets_exploiting_vulnerability | integer | 0 | Total number of botnets exploiting the vulnerability. |
| exploitation_activity | object | { "activity_seen": true, "benign_ip_count_1d": 765, "benign_ip_count_10d": 765, "benign_ip_count_30d": 765, "threat_ip_count_1d": 0, "threat_ip_count_10d": 1, "threat_ip_count_30d": 14 } | Observed IPs scanning or exploiting the vulnerability today, in the last 10 days, and the last 30 days. |
| exploitation_activity.activity_seen | boolean | true | Whether GreyNoise has observed activity related to this CVE. |
| exploitation_activity.benign_ip_count_1d | integer | 765 | Total number of benign IPs GreyNoise observed scanning or exploiting this vulnerability today. |
| exploitation_activity.benign_ip_count_10d | integer | 765 | Total number of benign IPs GreyNoise observed scanning or exploiting this vulnerability in the last 10 days. |
| exploitation_activity.benign_ip_count_30d | integer | 765 | Total number of benign IPs GreyNoise observed scanning or exploiting this vulnerability in the last 30 days. |
| exploitation_activity.threat_ip_count_1d | integer | 0 | Total number of threat IPs GreyNoise observed scanning or exploiting this vulnerability today. |
| exploitation_activity.threat_ip_count_10d | integer | 1 | Total number of threat IPs GreyNoise observed scanning or exploiting this vulnerability in the last 10 days. |
| exploitation_activity.threat_ip_count_30d | integer | 14 | Total number of threat IPs GreyNoise observed scanning or exploiting this vulnerability in the last 30 days. |
Updated 6 days ago