Legacy - Exploit Intelligence Service

Our legacy product, the Exploit Intelligence Service (EIS), generates a json file including the following fields. Reach out if you are a user of EIS and we will help you transition your workflows to the new API.

Data Dictionary

Field Name	Data Type	Description	Notes
`cve_id`	string	The CVE identifier as assigned in the Mitre CVE List.	Format: CVE-YYYY-XXXX
`mitre.published`	string	The date when Mitre published the CVE on their CVEList	date
`mitre.modified`	string	The date when this CVE was last modified by Mitre	date
`mitre.reserved`	string	The date when Mitre reserved the CVE on their CVEList, not entirely trustworthy date before 2022.	date
`nvd.published`	string	The date when NVD published the CVE
`nvd.modified`	string	The date when NVD last modified this CVE
`description`	string	CVE Description
`cwe`	string, null	Common weakness enumeration - CWE
`tags.keywords`	array of strings	normalized tags extracted from text descriptions of this CVE
`tags.outcome`	array of strings	extracted and descriptive text that represent an outcome of exploitations
`tags.actor_action`	array of strings	extracted and descriptive text that represent the actions an attacker may take during exploitations
`tags.actor`	array of strings	extracted and descriptive text that represent the attacker and any qualifications
`tags.weakness`	array of strings	extracted and descriptive text that represent the weakness in the target
`tags.prerequisite`	array of strings	extracted and descriptive text that represent any prerequisite in the defenders environment that must exist prior to exploitation
`tags.attack_vector`	array of strings	extracted and descriptive text that represent the delivery of an exploitation (pdf file, crafted HTML, etc)
`tags.stride`	array of strings	STRIDE values derived from vulnerability attributes
`references.description`	string	description/classification of the url
`references.url`	string	URL reference
`platform.part`	string [“h”,”o”,”a”]	type of platform, (h)ardware, (o)perating system or (a)pplication
`platform.vendor`	string	vulnerable vendor for this CVE
`platform.product`	string	vulnerable product from associated vendor
`epss.version`	string	version of EPSS generating this score
`epss.score`	number	The EPSS score, probability of exploitation
`epss.percentile`	number	the ranked percentile of this score among all scored CVEs
`cvss.v2.version`
`cvss.v2.vector_string`
`cvss.v2.exploitability_score`
`cvss.v2.impact_score`
`cvss.v2.base_score`
`cvss.v3.version`
`cvss.v3.vector_string`
`cvss.v3.exploitability_score`
`cvss.v3.impact_score`
`cvss.v3.base_score`
`exploits.github.repo`		github repo: https://github.com/
`exploits.github.prediction`	number	likelihood the repository contains an exploit	ML Model
`exploits.github.repo_created`	string	date time the repo was first created
`exploits.github.file_added`	string	if a file exists specifically mentioning this CVE, this is the date and time file was created
`exploits.github.status`	string	typically only if the repo has been removed
`exploits.metasploit.name`	string	short name of the module
`exploits.metasploit.fullname`	string
`exploits.metasploit.description`	string	text description from the module
`exploits.metasploit.disclosure_date`		date the module was first published
`exploits.metasploit.mod_time`	string	last modification date/time for the module
`exploits.exploitdb.url`	string	url to exploit db page
`exploits.exploitdb.date`
`exploits.exploitdb.author`
`exploits.exploitdb.platform`
`exploits.exploitdb.type`
`offsec.src`	string	tool/software where CVE mapping was identified
`offsec.added`	string	when cve was added to tool/software
`offsec.modified`	string	when cve component was last modified
`apts.name`	string	Group name associated with this vulnerability
`apts.akas.aka`	string	Alias for the group name
`apts.akas.aka_source`	string	Source of the group name alias