A common request we get is how to tell which vulnerabilities change score or for one particular vuln, how do we tell if the score jumped up or down, what’s the history? There are two ways we can do just that.
#1 The first option is using the “Show CVE History” endpoint via our API. Querying this endpoint will give you the entire score history for a single or multiple CVEs. For any given CVE in your environment (and an API token), you can use this endpoint to tell you exactly what date and time that CVE changed score as well as the previous score and what it changed to.
The exact API endpoint can be found on our API docs here.
NOTE: Only Kenna.VI+ customers have access to any CVE, otherwise all other customers can only search for CVEs associated to vulnerabilities in their environment .
#2 The second option to help with score transparency is through our alerts. There are several alerting options that are tied to scoring:
New Active Internet Breaches identified
New Popular Target Vulnerabilities identified
New Easily Exploitable Vulnerabilities identified
New Malware Vulnerabilities identified
Risk meter group changes risk level
To turn on these alerts, go to the settings menu in the upper right hand corner (gear icon), and from the dropdown click Alerts. You can toggle any or all of the 5 alerts above at your liking. The benefit of these alerts is that when they are triggered, you will be able to click on a link to take you to exactly which risk meters or group of vulnerabilities had changed to cause that alert to go off. Although it doesn’t get as granular as the API endpoint in option 1, it does give you a good general idea of what’s happening within your environment and what is changing.
In the example alerts above, clicking on the blue “Easily Exploitable Vulnerabilities” and “Active Internet Breaches” will take you to the exact vulnerabilities that had newly been tagged with these threat flags, meaning their score went up.
Please sign in to leave a comment.