get_vulnerability_exploitations
Retrieve active exploitation data for a specific vulnerability to assess risk, prioritize remediation, and inform incident response. Input a CVE ID or UUID to access timestamps, detection methods, and exploitation frequency.
Instructions
Get exploitation data for a specific vulnerability
Use this tool when you need to determine if a vulnerability has been actively exploited in the wild. This information is critical for risk assessment, incident response, and prioritization of remediation efforts. Exploitation data can help you:
Validate that a vulnerability is being actively used by threat actors
Understand when exploitation began and if it's ongoing
Identify which detection mechanisms observed the exploitation
Determine the frequency or prevalence of exploitation (count)
Make data-driven decisions about patching priorities
Args: identifier (str): The unique CVE ID or UUID of the vulnerability to retrieve. Example formats: "CVE-2023-1234" or "123e4567-e89b-12d3-a456-426614174000"
Returns: Dict[str, Any]: List of exploitation records for the specified vulnerability, where each record contains: - uuid: Unique identifier for this exploitation record - begins_at: Timestamp when exploitation was first observed - ends_at: Timestamp when exploitation activity ended - count: Number of exploitation occurrences detected - created_at: Timestamp when this record was first added - updated_at: Timestamp when this record was last modified - detection_signature_uuid: UUID of the signature that detected this exploitation - detection_signature_name: Name of the detection signature - detection_signature_source: Source of the detection (e.g., "cisa_kev") - detection_signature_method: Method used for detection (e.g., "manual")
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| identifier | Yes |