CVE Record Data Model
The CVE Record data model represents the National Vulnerability Database (NVD) dictionary associated with a Common Vulnerabilities and Exposures (CVE) ID. It extends the Entity model data model.
The following table details the default attributes of the CVE Record data model:
| Attribute Name | Attribute Type | Relationship Type | Required |
|---|---|---|---|
affected | Text (Multivalued) | N/A | No |
alias | Text | N/A | No |
attackPatterns | Reference (Attack pattern) | USES | No |
attackTechniques | Reference (Attack technique) | USES | No |
baseRiskScore | Calculated (Number) | N/A | No |
categories | Text (Multivalued) | N/A | No |
cisaAddedDate | Date Time | N/A | No |
cisaDueDate | Date Time | N/A | No |
cisaExploited | True False | N/A | No |
cisaRequiredAction | Text | N/A | No |
cisaVulnerabilityName | Text | N/A | No |
cpeRecords | Reference (CPE record) | AFFECTS | No |
comments | Comments | N/A | No |
commercialExploit | True False | N/A | No |
connectorCategories | Text (Multivalued) | N/A | No |
connectorNames | Text (Multivalued) | N/A | No |
createdBy | Text | N/A | No |
cvssV2AccessComplexity | Single Choice | N/A | No |
cvssV2AccessVector | Single Choice | N/A | No |
cvssV2Authentication | Single Choice | N/A | No |
cvssV2AvailabilityImpact | Single Choice | N/A | No |
cvssV2BaseScore | Number | N/A | No |
cvssV2BaseVectorSource | Text | N/A | No |
cvssV2ConfidentialityImpact | Single Choice | N/A | No |
cvssV2Exploitability | Single Choice | N/A | No |
cvssV2IntegrityImpact | Single Choice | N/A | No |
cvssV2RemediationLevel | Single Choice | N/A | No |
cvssV2ReportConfidence | Single Choice | N/A | No |
cvssV2Severity | Text | N/A | No |
cvssV2TemporalScore | Number | N/A | No |
cvssV2TemporalVectorSource | Text | N/A | No |
cvssV2Vector | Text | N/A | No |
cvssV3AttackComplexity | Single Choice | N/A | No |
cvssV3AttackVector | Single Choice | N/A | No |
cvssV3AvailabilityImpact | Single Choice | N/A | No |
cvssV3BaseScore | Number | N/A | No |
cvssV3BaseVectorSource | Text | N/A | No |
cvssV3ConfidentialityImpact | Single Choice | N/A | No |
cvssV3ExploitCodeMaturity | Single Choice | N/A | No |
cvssV3IntegrityImpact | Single Choice | N/A | No |
cvssV3PrivilegesRequired | Single Choice | N/A | No |
cvssV3RemediationLevel | Single Choice | N/A | No |
cvssV3ReportConfidence | Single Choice | N/A | No |
cvssV3Severity | Text | N/A | No |
cvssV3TemporalScore | Number | N/A | No |
cvssV3TemporalVectorSource | Text | N/A | No |
cvssV3UserInteraction | Single Choice | N/A | No |
cvssV3Vector | Text | N/A | No |
cvssV4AttackComplexity | Single Choice | N/A | No |
cvssV4AttackRequirements | Single Choice | N/A | No |
cvssV4AttackVector | Single Choice | N/A | No |
cvssV4Automatable | Single Choice | N/A | No |
cvssV4BaseScore | Number | N/A | No |
cvssV4BaseVectorSource | Text | N/A | No |
cvssV4EnvironmentalScore | Number | N/A | No |
cvssV4EnvironmentalVectorSource | Text | N/A | No |
cvssV4ExploitMaturity | Single Choice | N/A | No |
cvssV4OverallScore | Number | N/A | No |
cvssV4PrivilegesRequired | Single Choice | N/A | No |
cvssV4ProviderUrgency | Single Choice | N/A | No |
cvssV4Recovery | Single Choice | N/A | No |
cvssV4Safety | Single Choice | N/A | No |
cvssV4Severity | Text | N/A | No |
cvssV4SubsequentSystemAvailabilityImpact | Single Choice | N/A | No |
cvssV4SubsequentSystemConfidentialityImpact | Single Choice | N/A | No |
cvssV4SubsequentSystemIntegrityImpact | Single Choice | N/A | No |
cvssV4ThreatScore | Number | N/A | No |
cvssV4ThreatVectorSource | Text | N/A | No |
cvssV4UserInteraction | Single Choice | N/A | No |
cvssV4ValueDensity | Single Choice | N/A | No |
cvssV4Vector | Text | N/A | No |
cvssV4VectorSource | Text | N/A | No |
cvssV4VulnerabilityResponseEffort | Single Choice | N/A | No |
cvssV4VulnerableSystemAvailabilityImpact | Single Choice | N/A | No |
cvssV4VulnerableSystemConfidentialityImpact | Single Choice | N/A | No |
cvssV4VulnerableSystemIntegrityImpact | Single Choice | N/A | No |
dataIntegrationTitles | Text (Multivalued) | N/A | No |
dataModelName | Calculated (Text) | N/A | No |
dateCreated | Date Time | N/A | No |
daysToFirstDetection | Calculated (Number) | N/A | No |
description | Text Area | N/A | No |
displayName | Calculated (Text) | N/A | Yes |
epssLastModified | Date Time | N/A | No |
epssPercentile | Number | N/A | No |
epssScore | Number | N/A | No |
exploitMaturity | Text | N/A | No |
exploits | Text (Multivalued) | N/A | No |
firstDetected | Calculated (Date Time) | N/A | No |
firstReportedThreatActor | Date Time | N/A | No |
flowState | Text | N/A | No |
githubTrending | True False | N/A | No |
knownActiveRansomwareCampaign | Text | N/A | No |
lastReportedThreatActor | Date Time | N/A | No |
lastUpdated | Date Time | N/A | No |
lifecycleInactiveDate | Date Time | N/A | No |
lifecyclePurgeDate | Date Time | N/A | No |
lifecycleStatus | Single Choice | N/A | No |
malware | Text (Multivalued) | N/A | No |
name | Text | N/A | No |
numberOutOfCompliance | Number | N/A | No |
openFindingCount | Calculated (Number) | N/A | No |
publicExploit | True False | N/A | No |
publishedDate | Date Time | N/A | No |
recommendation | Text | N/A | No |
references | Text (Multivalued) | N/A | No |
reportedExploited | True False | N/A | No |
riskFactorOffset | Calculated (Number) | N/A | No |
riskFactors | Risk Factors | N/A | No |
riskRating | Calculated (Single Choice) | N/A | No |
riskScore | Calculated (Number) | N/A | No |
riskScoringModel | Risk Scoring Model | N/A | No |
severity | Single Choice | N/A | No |
severityScore | Number | N/A | No |
source | Text | N/A | No |
sourceCreatedDate | Date Time | N/A | No |
sourceLastModified | Date Time | N/A | No |
sourceStatus | Single Choice | N/A | No |
sourceUids | Text (Multivalued) | N/A | No |
sources | Reference (Source model) | SOURCED_FROM | No |
sourcesIcons | Source data models icons | N/A | No |
status | Calculated (Single Choice) | N/A | No |
statusConfigurationModel | Status Configuration Model | N/A | No |
summary | Text | N/A | No |
tags | Text (Multivalued) | N/A | No |
uid | Text | N/A | Yes |
updatedBy | Text | N/A | No |
usedByBotnets | True False | N/A | No |
usedByRansomware | True False | N/A | No |
usedByThreatActors | True False | N/A | No |
weaknesses | Reference (Weakness) | EXPLOITS | No |
weaponizedExploit | True False | N/A | No |
RANSOMWARE CAMPAIGN ATTRIBUTE
Use knownActiveRansomwareCampaign to identify CVEs associated with a known active ransomware campaign. This is the supported attribute, and it is populated with status text such as Known.
To query for CVE records linked to ransomware, combine knownActiveRansomwareCampaign with the usedByRansomware flag:
FIND CveRecord AS c
WHERE c.usedByRansomware = TRUE OR c.knownActiveRansomwareCampaign = "Known"
To find active findings associated with ransomware:
FIND Vulnerability AS v
THAT IS VulnerabilityDefinition AS vd
THAT EXPLOITS CveRecord AS c
WHERE v.status = "Confirmed active"
AND (c.usedByRansomware = TRUE OR c.knownActiveRansomwareCampaign = "Known")
FOOTNOTES
- The attribute names are used in Brinqa Query Language (BQL) queries and Brinqa Condition Language (BCL) predicates.
- In the Type column, Calculated means that the value of the attribute is computed by executing a script. The text in the parentheses after Calculated denotes the type of the outcome. For additional information, see Calculated attributes.
- In the Type column, Reference means that two data models are related. The name in the parentheses after Reference indicates the other data model.
- The Relationship Type column only applies to the Category and Reference type attributes. You can use the relationship type keyword in BQL queries.