Mallory MCP Server

Get exploitation data for a specific vulnerability

Use this tool when you need to determine if a vulnerability has been actively exploited in the wild. This information is critical for risk assessment, incident response, and prioritization of remediation efforts. Exploitation data can help you:

• Validate that a vulnerability is being actively used by threat actors
• Understand when exploitation began and if it's ongoing
• Identify which detection mechanisms observed the exploitation
• Determine the frequency or prevalence of exploitation (count)
• Make data-driven decisions about patching priorities

Args: identifier (str): The unique CVE ID or UUID of the vulnerability to retrieve. Example formats: "CVE-2023-1234" or "123e4567-e89b-12d3-a456-426614174000"

Returns: Dict[str, Any]: List of exploitation records for the specified vulnerability, where each record contains: - uuid: Unique identifier for this exploitation record - begins_at: Timestamp when exploitation was first observed - ends_at: Timestamp when exploitation activity ended - count: Number of exploitation occurrences detected - created_at: Timestamp when this record was first added - updated_at: Timestamp when this record was last modified - detection_signature_uuid: UUID of the signature that detected this exploitation - detection_signature_name: Name of the detection signature - detection_signature_source: Source of the detection (e.g., "cisa_kev") - detection_signature_method: Method used for detection (e.g., "manual")