Early Warning CVD Attributes field reference

  • Release version: Australia
  • Updated June 23, 2026
  • 1 minute to read
  • The Early Warning CVD Attributes table stores threat intelligence signals for vulnerabilities. Each attribute represents a pre-disclosure threat indicator ingested from the Early Warning feed.

    Early warning threat signals are stored in the Armis Early Warning CVD Attributes [sn_vul_ew_cvd_attributes] table, a specialized extension table for vulnerability attributes. Each record in this table represents a unique CVE and stores the set of threat intelligence attributes ingested from Armis.

    Attribute fields

    Field Description
    CVE ID Identifier of the CVE record, such as CVE-2026-33824.
    CWE Common Weakness Enumeration identifier associated with the CVE, such as CWE-415.
    Date Added Date and time when this CVE was added to the Armis Early Warning dataset.
    Intel Date Date and time when Armis first obtained intelligence about this CVE.
    Admiralty Score

    NATO grading system for threat intelligence confidence and reliability. Scores range from A1 (highest confidence) to F6 (lowest confidence). Use this score to assess the credibility of associated threat signals.

    Vendor/Project Name of the vendor or project associated with the affected software.
    Research Date Date when academic or security research was published that details the vulnerability, its impact, or exploitation techniques.
    Honeypot Date Date and time when honeypot systems recorded exploit activity against this CVE. A honeypot is a decoy system deliberately exposed to attackers. This field is empty when no honeypot activity has been observed.
    Product Name of the specific product affected by the CVE, such as Windows 10 1607.
    Notification Date Date and time when ServiceNow received notification of this CVE from Armis.
    Updated On Date and time when this record was last updated in ServiceNow.
    Enabled Option to indicate whether this CVE record is active and included in risk scoring and downstream processing.
    Special Option to flag this CVE as a special case for further review or custom handling.
    Summary Note Free-text summary describing the intelligence gathered for this CVE, including the source of the information and the basis for the admiralty score.
    External Note Structured free-text field containing sub-categories of intelligence detail: Intel Source, Honeypot, Research, Detection, Vulnerable, Malware hash, Analyst note, Intel note, and Admiralty score. Values are reported as NA when no data is available for a sub-category.