Early Warning CVD Attributes field reference
The Early Warning CVD Attributes table stores threat intelligence signals for vulnerabilities. Each attribute represents a pre-disclosure threat indicator ingested from the Early Warning feed.
Early warning threat signals are stored in the Armis Early Warning CVD Attributes [sn_vul_ew_cvd_attributes] table, a specialized extension table for vulnerability attributes. Each record in this table represents a unique CVE and stores the set of threat intelligence attributes ingested from Armis.
Attribute fields
| Field | Description |
|---|---|
| CVE ID | Identifier of the CVE record, such as CVE-2026-33824. |
| CWE | Common Weakness Enumeration identifier associated with the CVE, such as CWE-415. |
| Date Added | Date and time when this CVE was added to the Armis Early Warning dataset. |
| Intel Date | Date and time when Armis first obtained intelligence about this CVE. |
| Admiralty Score |
NATO grading system for threat intelligence confidence and reliability. Scores range from A1 (highest confidence) to F6 (lowest confidence). Use this score to assess the credibility of associated threat signals. |
| Vendor/Project | Name of the vendor or project associated with the affected software. |
| Research Date | Date when academic or security research was published that details the vulnerability, its impact, or exploitation techniques. |
| Honeypot Date | Date and time when honeypot systems recorded exploit activity against this CVE. A honeypot is a decoy system deliberately exposed to attackers. This field is empty when no honeypot activity has been observed. |
| Product | Name of the specific product affected by the CVE, such as Windows 10 1607. |
| Notification Date | Date and time when ServiceNow received notification of this CVE from Armis. |
| Updated On | Date and time when this record was last updated in ServiceNow. |
| Enabled | Option to indicate whether this CVE record is active and included in risk scoring and downstream processing. |
| Special | Option to flag this CVE as a special case for further review or custom handling. |
| Summary Note | Free-text summary describing the intelligence gathered for this CVE, including the source of the information and the basis for the admiralty score. |
| External Note | Structured free-text field containing sub-categories of intelligence detail: Intel Source, Honeypot, Research, Detection, Vulnerable, Malware hash, Analyst note, Intel note, and Admiralty score. Values are reported as
NA when no data is available for a sub-category. |