Fetch Vulnerability Data

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • Fetch vulnerability related data such as configuration items, vulnerable entries, and business context.

    Before you begin

    Role required: sn_sec_tisc.analyst

    Procedure

    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Click on Threat Intel Library icon on the workspace.
    3. Go to Vulnerability object.
      The related vulnerabilities associated with this object are displayed.
    4. Select the respective vulnerability record.
      If there any CVEs associated with it then you can fetch its vulnerable related data automatically using the button provided, and these associated records are displayed in the Business Context section of the Vulnerabilities.
    5. Go to Internal Intelligence > Vulnerable entries.
      The associated CVEs records are displayed.
    6. Select any CVE and click on Fetch Vulnerability related data button.
      Note:
      • This link will automatically associate the records and fetch that particular business context of records.
      • In case if there are no records associated then an information message is displayed that This specific vulnerability object doesn't have any vulnerable entries associated with it. You must manually associate the object(s) with the vulnerable entries to fetch the data.
      • This button will trigger a background scheduled job, and the job initiation and execution details are displayed in the Activity Stream section. For example, when the job is triggered the activity stream displays an activity that Started fetching associated data with the vulnerable entries. For more information on how the scheduled jobs are run to fetch the data, see Scheduled jobs.
    7. Click Link to manually link the objects.
    8. Select the records to be linked and fetch the vulnerability related data using the Fetch Vulnerability related data button.
      Once when you click this button, the background job will be triggered and the data will be automatically fetched to its respective section. A message displays that Job to fetch data associated with the vulnerable entries has started. You can track the status in the activity stream and refresh the list once the job is complete to check the results. For example, if the data is related to the configurations items then you check the results in the Configuration items section. For more information on adding CVEs, see Add CVEs to third-party entries.
      Note:
      Similarly, you can fetch the observables records data. For more information, see Fetch Vulnerability Data.