get_vulnerability_exploitations
Retrieve active exploitation data for a specific vulnerability to assess risk, prioritize remediation, and inform incident response. Input a CVE ID or UUID to access timestamps, detection methods, and exploitation frequency.
Instructions
Get exploitation data for a specific vulnerability
Use this tool when you need to determine if a vulnerability has been actively exploited in the wild. This information is critical for risk assessment, incident response, and prioritization of remediation efforts. Exploitation data can help you:
Validate that a vulnerability is being actively used by threat actors
Understand when exploitation began and if it's ongoing
Identify which detection mechanisms observed the exploitation
Determine the frequency or prevalence of exploitation (count)
Make data-driven decisions about patching priorities
Args: identifier (str): The unique CVE ID or UUID of the vulnerability to retrieve. Example formats: "CVE-2023-1234" or "123e4567-e89b-12d3-a456-426614174000"
Returns: Dict[str, Any]: List of exploitation records for the specified vulnerability, where each record contains: - uuid: Unique identifier for this exploitation record - begins_at: Timestamp when exploitation was first observed - ends_at: Timestamp when exploitation activity ended - count: Number of exploitation occurrences detected - created_at: Timestamp when this record was first added - updated_at: Timestamp when this record was last modified - detection_signature_uuid: UUID of the signature that detected this exploitation - detection_signature_name: Name of the detection signature - detection_signature_source: Source of the detection (e.g., "cisa_kev") - detection_signature_method: Method used for detection (e.g., "manual")
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| identifier | Yes |
Implementation Reference
- MCP tool handler function that implements get_vulnerability_exploitations. It proxies the request to malloryai_client.vulnerabilities.get_vulnerability_exploitations(identifier), with comprehensive docstring defining input/output schema.@mcp.tool() @handle_api_errors async def get_vulnerability_exploitations( identifier: str, ) -> Dict[str, Any]: """Get exploitation data for a specific vulnerability Use this tool when you need to determine if a vulnerability has been actively exploited in the wild. This information is critical for risk assessment, incident response, and prioritization of remediation efforts. Exploitation data can help you: - Validate that a vulnerability is being actively used by threat actors - Understand when exploitation began and if it's ongoing - Identify which detection mechanisms observed the exploitation - Determine the frequency or prevalence of exploitation (count) - Make data-driven decisions about patching priorities Args: identifier (str): The unique CVE ID or UUID of the vulnerability to retrieve. Example formats: "CVE-2023-1234" or "123e4567-e89b-12d3-a456-426614174000" Returns: Dict[str, Any]: List of exploitation records for the specified vulnerability, where each record contains: - uuid: Unique identifier for this exploitation record - begins_at: Timestamp when exploitation was first observed - ends_at: Timestamp when exploitation activity ended - count: Number of exploitation occurrences detected - created_at: Timestamp when this record was first added - updated_at: Timestamp when this record was last modified - detection_signature_uuid: UUID of the signature that detected this exploitation - detection_signature_name: Name of the detection signature - detection_signature_source: Source of the detection (e.g., "cisa_kev") - detection_signature_method: Method used for detection (e.g., "manual") An empty list indicates no known exploitation events for this vulnerability. """ return await malloryai_client.vulnerabilities.get_vulnerability_exploitations( identifier=identifier )
- malloryai/mcp/tools/vulnerabilities.py:144-144 (registration)The @mcp.tool() decorator registers the get_vulnerability_exploitations function as an MCP tool.@mcp.tool()