As we all know, prioritizing CVEs is hard. Explaining the prioritization is even harder. There are many variables from asset, impact, threat facets to be considered; a scoring mechanism to be developed and risk categorization schema to be evangelized.
Transilience vulnerability prioritization helps with the following use cases
- Have a ton of CVEs and want to prioritize the first 10 CVEs to be fixed with clear explanation.
- Have a list of software and you want to analyze for vulnerabilities and prioritize them
- Have a vulnerability report from Qualys, Tenable that have 50% of the vulnerabilities in criticals and highs and want a real prioritized list
You can get your prioritized list of CVEs over the UI or API.
Prioritize a list of CVEs
Take the CVEs, put it in a sample JSON format, upload. Here is a sample json
Upload the CVE file and download the prioritized list
{"schema_type": "simple_prioritization", "cves": ["CVE-2021-23031", "CVE-2021-23032", "CVE-2021-00001"]}Prioritize a list of Software
Take the list of software put it in a simple XML
Upload the XML and download the prioritized list of CVEs
<?xml version="1.0" encoding="utf-8"?>
<SoftwareInventoryExport xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ArrayOfSoftwareInventoryItem>
<SoftwareInventoryItem>
<Name>7-Zip 16.03</Name>
<Version>16.03</Version>
<Vendor>Igor Pavlov</Vendor>
</SoftwareInventoryItem>
<SoftwareInventoryItem>
<Name>acl-x86_64</Name>
<Version>2.2.51-15.el7-x86_64</Version>
<Vendor>CentOS</Vendor>
</SoftwareInventoryItem>
<SoftwareInventoryItem>
<Name>Adobe Acrobat (64-bit)</Name>
<Version>24.002.20895</Version>
<Vendor>Adobe</Vendor>
</SoftwareInventoryItem>
<SoftwareInventoryItem>
<Name>Adobe Acrobat Reader MUI</Name>
<Version>24.002.20965</Version>
<Vendor>Adobe Systems Incorporated</Vendor>
</SoftwareInventoryItem>
<SoftwareInventoryItem>
<Name>Adobe Flash Player 32 NPAPI</Name>
<Version>32.0.0.433</Version>
<Vendor>Adobe</Vendor>
</SoftwareInventoryItem>
<SoftwareInventoryItem>
<Name>Adobe Photoshop CC 2019</Name>
<Version>20.0.0</Version>
<Vendor>Adobe Systems Incorporated</Vendor>
</SoftwareInventoryItem>
</ArrayOfSoftwareInventoryItem>
<ArrayOfAssetClassificationItem>
<AssetClassificationItem>
<Name>Asset:OS:IDOS</Name>
</AssetClassificationItem>
<AssetClassificationItem>
<Name>Asset:OS:Windows:10</Name>
</AssetClassificationItem>
<AssetClassificationItem>
<Name>Asset:OS:Windows:2012</Name>
</AssetClassificationItem>
</ArrayOfAssetClassificationItem>
</SoftwareInventoryExport>Upload 3rd party vendor
We support importing from popular vulnerability scanners such as Qualys, Tenable and XDR vendors such as CrowdStrike and PaloAlto.
Prioritize with our API
You can use our API to prioritize as well.
https://vulns.transilienceapi.com/docs#tag/process/operation/start_process_data_process_post
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article