Skip to main content

CVE Record Data Model

The CVE Record data model represents the National Vulnerability Database (NVD) dictionary associated with a Common Vulnerabilities and Exposures (CVE) ID. It extends the Entity model data model.

The following table details the default attributes of the CVE Record data model:

Attribute NameAttribute TypeRelationship TypeRequired
affectedText (Multivalued)N/ANo
aliasTextN/ANo
attackPatternsReference (Attack pattern)USESNo
attackTechniquesReference (Attack technique)USESNo
baseRiskScoreCalculated (Number)N/ANo
categoriesText (Multivalued)N/ANo
cisaAddedDateDate TimeN/ANo
cisaDueDateDate TimeN/ANo
cisaExploitedTrue FalseN/ANo
cisaRequiredActionTextN/ANo
cisaVulnerabilityNameTextN/ANo
cpeRecordsReference (CPE record)AFFECTSNo
commentsCommentsN/ANo
commercialExploitTrue FalseN/ANo
connectorCategoriesText (Multivalued)N/ANo
connectorNamesText (Multivalued)N/ANo
createdByTextN/ANo
cvssV2AccessComplexitySingle ChoiceN/ANo
cvssV2AccessVectorSingle ChoiceN/ANo
cvssV2AuthenticationSingle ChoiceN/ANo
cvssV2AvailabilityImpactSingle ChoiceN/ANo
cvssV2BaseScoreNumberN/ANo
cvssV2BaseVectorSourceTextN/ANo
cvssV2ConfidentialityImpactSingle ChoiceN/ANo
cvssV2ExploitabilitySingle ChoiceN/ANo
cvssV2IntegrityImpactSingle ChoiceN/ANo
cvssV2RemediationLevelSingle ChoiceN/ANo
cvssV2ReportConfidenceSingle ChoiceN/ANo
cvssV2SeverityTextN/ANo
cvssV2TemporalScoreNumberN/ANo
cvssV2TemporalVectorSourceTextN/ANo
cvssV2VectorTextN/ANo
cvssV3AttackComplexitySingle ChoiceN/ANo
cvssV3AttackVectorSingle ChoiceN/ANo
cvssV3AvailabilityImpactSingle ChoiceN/ANo
cvssV3BaseScoreNumberN/ANo
cvssV3BaseVectorSourceTextN/ANo
cvssV3ConfidentialityImpactSingle ChoiceN/ANo
cvssV3ExploitCodeMaturitySingle ChoiceN/ANo
cvssV3IntegrityImpactSingle ChoiceN/ANo
cvssV3PrivilegesRequiredSingle ChoiceN/ANo
cvssV3RemediationLevelSingle ChoiceN/ANo
cvssV3ReportConfidenceSingle ChoiceN/ANo
cvssV3SeverityTextN/ANo
cvssV3TemporalScoreNumberN/ANo
cvssV3TemporalVectorSourceTextN/ANo
cvssV3UserInteractionSingle ChoiceN/ANo
cvssV3VectorTextN/ANo
cvssV4AttackComplexitySingle ChoiceN/ANo
cvssV4AttackRequirementsSingle ChoiceN/ANo
cvssV4AttackVectorSingle ChoiceN/ANo
cvssV4AutomatableSingle ChoiceN/ANo
cvssV4BaseScoreNumberN/ANo
cvssV4BaseVectorSourceTextN/ANo
cvssV4EnvironmentalScoreNumberN/ANo
cvssV4EnvironmentalVectorSourceTextN/ANo
cvssV4ExploitMaturitySingle ChoiceN/ANo
cvssV4OverallScoreNumberN/ANo
cvssV4PrivilegesRequiredSingle ChoiceN/ANo
cvssV4ProviderUrgencySingle ChoiceN/ANo
cvssV4RecoverySingle ChoiceN/ANo
cvssV4SafetySingle ChoiceN/ANo
cvssV4SeverityTextN/ANo
cvssV4SubsequentSystemAvailabilityImpactSingle ChoiceN/ANo
cvssV4SubsequentSystemConfidentialityImpactSingle ChoiceN/ANo
cvssV4SubsequentSystemIntegrityImpactSingle ChoiceN/ANo
cvssV4ThreatScoreNumberN/ANo
cvssV4ThreatVectorSourceTextN/ANo
cvssV4UserInteractionSingle ChoiceN/ANo
cvssV4ValueDensitySingle ChoiceN/ANo
cvssV4VectorTextN/ANo
cvssV4VectorSourceTextN/ANo
cvssV4VulnerabilityResponseEffortSingle ChoiceN/ANo
cvssV4VulnerableSystemAvailabilityImpactSingle ChoiceN/ANo
cvssV4VulnerableSystemConfidentialityImpactSingle ChoiceN/ANo
cvssV4VulnerableSystemIntegrityImpactSingle ChoiceN/ANo
dataIntegrationTitlesText (Multivalued)N/ANo
dataModelNameCalculated (Text)N/ANo
dateCreatedDate TimeN/ANo
daysToFirstDetectionCalculated (Number)N/ANo
descriptionText AreaN/ANo
displayNameCalculated (Text)N/AYes
epssLastModifiedDate TimeN/ANo
epssPercentileNumberN/ANo
epssScoreNumberN/ANo
exploitMaturityTextN/ANo
exploitsText (Multivalued)N/ANo
firstDetectedCalculated (Date Time)N/ANo
firstReportedThreatActorDate TimeN/ANo
flowStateTextN/ANo
githubTrendingTrue FalseN/ANo
knownActiveRansomwareCampaignTextN/ANo
lastReportedThreatActorDate TimeN/ANo
lastUpdatedDate TimeN/ANo
lifecycleInactiveDateDate TimeN/ANo
lifecyclePurgeDateDate TimeN/ANo
lifecycleStatusSingle ChoiceN/ANo
malwareText (Multivalued)N/ANo
nameTextN/ANo
numberOutOfComplianceNumberN/ANo
openFindingCountCalculated (Number)N/ANo
publicExploitTrue FalseN/ANo
publishedDateDate TimeN/ANo
recommendationTextN/ANo
referencesText (Multivalued)N/ANo
reportedExploitedTrue FalseN/ANo
riskFactorOffsetCalculated (Number)N/ANo
riskFactorsRisk FactorsN/ANo
riskRatingCalculated (Single Choice)N/ANo
riskScoreCalculated (Number)N/ANo
riskScoringModelRisk Scoring ModelN/ANo
severitySingle ChoiceN/ANo
severityScoreNumberN/ANo
sourceTextN/ANo
sourceCreatedDateDate TimeN/ANo
sourceLastModifiedDate TimeN/ANo
sourceStatusSingle ChoiceN/ANo
sourceUidsText (Multivalued)N/ANo
sourcesReference (Source model)SOURCED_FROMNo
sourcesIconsSource data models iconsN/ANo
statusCalculated (Single Choice)N/ANo
statusConfigurationModelStatus Configuration ModelN/ANo
summaryTextN/ANo
tagsText (Multivalued)N/ANo
uidTextN/AYes
updatedByTextN/ANo
usedByBotnetsTrue FalseN/ANo
usedByRansomwareTrue FalseN/ANo
usedByThreatActorsTrue FalseN/ANo
weaknessesReference (Weakness)EXPLOITSNo
weaponizedExploitTrue FalseN/ANo
RANSOMWARE CAMPAIGN ATTRIBUTE

Use knownActiveRansomwareCampaign to identify CVEs associated with a known active ransomware campaign. This is the supported attribute, and it is populated with status text such as Known.

To query for CVE records linked to ransomware, combine knownActiveRansomwareCampaign with the usedByRansomware flag:

FIND CveRecord AS c
WHERE c.usedByRansomware = TRUE OR c.knownActiveRansomwareCampaign = "Known"

To find active findings associated with ransomware:

FIND Vulnerability AS v
THAT IS VulnerabilityDefinition AS vd
THAT EXPLOITS CveRecord AS c
WHERE v.status = "Confirmed active"
AND (c.usedByRansomware = TRUE OR c.knownActiveRansomwareCampaign = "Known")
FOOTNOTES
  • The attribute names are used in Brinqa Query Language (BQL) queries and Brinqa Condition Language (BCL) predicates.
  • In the Type column, Calculated means that the value of the attribute is computed by executing a script. The text in the parentheses after Calculated denotes the type of the outcome. For additional information, see Calculated attributes.
  • In the Type column, Reference means that two data models are related. The name in the parentheses after Reference indicates the other data model.
  • The Relationship Type column only applies to the Category and Reference type attributes. You can use the relationship type keyword in BQL queries.