CVE
CVE
Go straight to the API reference.
From Wikipedia:
The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The United States' National Cybersecurity FFRDC, operated by The Mitre Corporation, maintains the system, with funding from the US National Cyber Security Division of the US Department of Homeland Security.[1] The system was officially launched for the public in September 1999.[2]
In the context of this API, a "cve" refers to a specific vulnerability that we associate with a device profile, based on various factors such as operating system, brand, detected applications etc.
Supported properties
Property | Meaning | Example |
---|---|---|
id | The Common Vulnerabilities and Exposures (CVE) id as defined by NIST | CVE-2020-1599 |
description | The description of the CVE as defined by NIST | Windows Spoofing Vulnerability |
severity | The severity of the vulnerability (derived from the score ) | MEDIUM |
score | The score of the vulnerability | 5.5 |
published | The date when the vulnerability was initially published | 2020-11-11 |
matchStatus | The status of the CVE match | OPEN |
earlyWarning | ATI has detected this CVE | true |
earlyWarningDateAdded | When ATI detected this CVE | 2024-06-20 |
weaponized | Specifies whether the CVE has known exploits used by malicious actors in the wild | true |
hasRansomware | Specifies whether the CVE has known exploits that are used by ransomware malware | true |
reportedByGoogleZeroDays | Specifies whether the CVE was documented by Google security researchers as having been exploited in the wild | true |
cisaDueDate | The date that was defined in the CISA known vulnerabilities catalog as the due date for resolution | 2020-11-11 |
numberOfReferences | The number of exploits references that Armis found for the CVE | 3 |
numberOfThreatActors | The number of known threat actors that are using exploits of the CVE | 3 |
Supported calculations
Name | Meaning |
---|---|
distinctCves | The number of CVEs matching the search criteria and grouping. |
affectedDevices | The ratio of the amount of devices affected by the CVE out of all devices matching the search criteria and grouping; Only available when grouping by the id field. |
bucket | How many devices are in the current grouping, as buckets of order of magnitude |
Related entities
The cve
entity can be filtered not only by its own properties (described above), but also by the properties of its related entities.
Device
When filtering a CVE by its related devices, it means that we consider only CVEs that are affecting the matching devices.
To learn more about the
device
entity, see the documentation page.
Threat
When filtering a CVE by its related threats, it means that we consider only CVEs that were used as a basis for the matching threats.
To learn more about the
threat
entity, see the documentation page.
Explorer
You can play with the CVE API directly in the explorer page in the management console.
Example use-cases
- Which device types in the manufacturing industry are affected by the largest number of critical CVEs? (explore)
/api/v1/cve/_search?groupBy=device.type&severity[eq]=CRITICAL&device.industry[eq]=Manufacturing
[
{
"device.type": "Servers",
"distinctCves": 777
},
{
"device.type": "Virtual Machines",
"distinctCves": 536
},
{
"device.type": "Personal Computers",
"distinctCves": 529
},
...,
]
- Which industry is affected by the largest amount of pre-2019 CVEs? (explore)
/api/v1/cve/_search?groupBy=device.industry&published[lt]=2019-01-01
[
{
"device.industry": "Health Care and Social Assistance",
"distinctCves": 11722
},
{
"device.industry": "Manufacturing",
"distinctCves": 6410
},
{
"device.industry": "Professional, Scientific, and Technical Services",
"distinctCves": 5702
},
...,
]
- What is the share of Windows devices vulnerable to CVE-2022-44668 per industry? (explore)
/api/v1/cve/_search?groupBy=device.industry&groupBy=id&calculate=affectedDevices&device.osName[eq]=Windows&id[eq]=CVE-2022-44668
[
{
"device.industry": "Transportation and Warehousing",
"id": "CVE-2022-44668",
"affectedDevices": 0.4649
},
{
"device.industry": "Management of Companies and Enterprises",
"id": "CVE-2022-44668",
"affectedDevices": 0.1607
},
{
"device.industry": "Professional, Scientific, and Technical Services",
"id": "CVE-2022-44668",
"affectedDevices": 0.1061
},
...,
]
Enums and lists
Some fields that are available for filtering and grouping the CVE entity are populated with a closed list of possible values, as described next:
severity
: The severity of the vulnerability (derived from the `score`)
CRITICAL
HIGH
LOW
MEDIUM
NONE
matchStatus
: The status of the CVE match
DISMISS
IGNORED
OPEN
RESOLVED
TICKETED
UNRESOLVED
Updated 4 months ago