Access the Vulnerability Entities

  • Release version: Zurich
  • Updated February 20, 2026
  • 8 minutes to read

    • Reference data for entities that store vulnerability, product, and vendor intelligence in Threat Intelligence Security Center. Use this information to understand the data structure when configuring threat intelligence workflows.

    Product

    The Product entity stores information about software and hardware products that may be affected by vulnerabilities from the table [sn_sec_tisc_intel_product].

    Label Description
    ID Product ID, which must be unique.
    Name Name of the product. The value should be the product's full canonical name, including version number.
    Vendor Corresponding vendor for the product. References the Vendor table [sn_sec_tisc_vendor]. Vendors can be created in the Threat Intelligence Library.
    Product Family Product family that the product falls into.
    Architecture Architecture for which the product is intended, such as x86, ARM, or x64.
    Host Name Host name or system name where the product is installed or running.
    Language Language or locale of the product.
    Patch Level Patch level or update level of the product.
    Service Pack Service pack level applied to the product.
    Specification Additional specification details about the product.
    Product Group Parent product group this product belongs to. References the product table itself, as product groups are also stored in the product table.
    Last Modified in Source Timestamp indicating when the product information was last modified in the source system.
    Created in Source Timestamp indicating when the product was first created in the source system.
    Replaced By Product Reference to a product that replaces this product. Used when a product has been superseded or replaced by a newer version or alternative.
    Product Version(s) Version or versions of the product as comma-separated values. Specific version numbers for product identification.
    Product Version Range Range of product versions affected. Used in vulnerability contexts to indicate version ranges using operators or specific version bounds.
    Is Product Group Boolean flag indicating whether this entry represents a product group rather than an individual product.
    CPE The Common Platform Enumeration (CPE) attribute that provides standardized product identification using CPE 2.3 or CPE 2.2 format.
    Status

    Current life cycle status of the product. Valid values:

    • Active: Product is currently active and supported.
    • Legacy (End of Product): Product has reached end-of-life but may still be in use.
    • Deprecated By Vendor: Product has been officially deprecated by the vendor and is no longer supported.

    Remediation

    The Remediation entity stores information about available fixes, mitigations, and workarounds for vulnerabilities from the table [sn_sec_tisc_vulnerability_remediation].

    Label Description
    Remediation Id Auto-generated unique identifier for the remediation record. Used for internal tracking and reference purposes.
    Description Thorough human-readable discussion of the remediation, including detailed steps and guidance for addressing the vulnerability.
    Prerequisites Conditions that must be met for the vulnerability remediation to apply. Any vendor-defined constraints or requirements for obtaining and applying the fix.
    Action Link URL where the remediation can be obtained.
    Type Category of the remediation.

    The following are the valid values for this type:

    • Workaround: A temporary solution that mitigates the vulnerability without fixing the root cause.
    • Mitigation: Actions that reduce the severity or impact of the vulnerability.
    • Vendor fix: An official patch or update provided by the vendor that resolves the vulnerability.
    • First fixed: The first version where the vulnerability has been fixed.
    • None available: No remediation is currently available.
    • Will not fix: The vendor has decided not to fix this vulnerability.
    • No fix planned: There are no plans to fix this vulnerability in the future.
    Restart Category Whether a restart is necessary after remediation and, if so, the required type of restart.

    The following are the valid values for this category:

    • Connected: Restart of connected systems or services is required.
    • Dependencies: Restart of dependent components or services is required.
    • Machine: Full machine or system restart is required.
    • Parent: Restart of the parent process or service is required.
    • Service: Restart of the specific service is required.
    • System: System level restart is required.
    • Vulnerable component: Only the vulnerable component needs to be restarted.
    • Zone: Restart of the security zone or container is required.
    Remediation Published Date Date from which the remediation is available.
    Vulnerability Reference to the vulnerability being remediated.
    Products List of products to give context to the remediation. References to products affected by or related to this remediation.

    Vendor

    The Vendor entity stores information about organizations that develop or distribute products from the table sn_sec_tisc_intel_vendor.

    Label Description
    Name Name of the vendor.
    Contact Details Contact information for the vendor, such as email addresses and phone numbers.
    Organization Organizational context for the vendor, such as department, division, or organizational unit.
    Description Detailed description of the vendor's role, scope, and relevant background information.
    Website URL Vendor's official website URL.

    CWE Weakness

    The CWE Weakness entity stores Common Weakness Enumeration records that describe categories of software weaknesses from the table [sn_sec_tisc_cwe_weakness].

    Label Description
    ID Unique CWE identifier, such as CWE-79 or CWE-89, that standardizes the identification of software weaknesses.
    Name Name of the CWE weakness as defined in the CWE catalog.
    Description Detailed description of the weakness, its characteristics, and potential security implications.
    Type Type classification of the CWE weakness.

    The following are the valid values for this type:

    • Primary: The initial, underlying weakness that directly enables a subsequent weakness to occur.
    • Secondary: The weakness that is triggered or made possible by the occurrence of the primary weakness.

    Vulnerability Product Mapping

    The Vulnerability Product Mapping entity defines the relationship between vulnerabilities and affected products from the table [sn_sec_tisc_m2m_vulnerability_product].

    Label Description
    Vulnerability Reference to the vulnerability record that affects the associated product.
    Product Reference to the product record that is affected by the associated vulnerability.
    Status

    Relationship status between the vulnerability and product. Valid values are:

    • Known affected: Product version is confirmed to be affected by the vulnerability.
    • Known not affected: Product version is confirmed to not be affected by the vulnerability.
    • First affected: First version of the product affected by the vulnerability.
    • First fixed: First version where the vulnerability has been fixed.
    • Fixed: Product version has been fixed and is no longer vulnerable.
    • Last affected: Last version of the product affected by the vulnerability.
    • Recommended: Recommended version to use to avoid the vulnerability.
    • Under investigation: Product version is currently being investigated by the vendor; it is not yet known whether this version is affected.

    Related Vulnerability CWE

    The Related Vulnerability CWE entity maps vulnerabilities to their associated CWE weaknesses from the table [sn_sec_tisc_m2m_vulnerability_cwe].

    Label Description
    Vulnerability Reference to the vulnerability record associated with the CWE weakness.
    CWE Reference to the CWE weakness record.

    CWE Weakness Relationship

    The CWE Weakness Relationship entity defines hierarchical and associative relationships between CWE weakness records from the table [sn_sec_tisc_m2m_cwe].

    Label Description
    Source CWE Reference to the source CWE weakness record in the relationship.
    Target CWE Reference to the target CWE weakness record in the relationship.
    Relationship Type Type of relationship between the source and target CWE weaknesses. Valid values:
    • Parent/Child: Hierarchical relationship where one CWE is a parent or child of another.
    • Peer: Peer relationship where CWEs are at the same level or category.
    • Requires/Can Precede: One CWE requires or can precede another in an attack chain.
    • Can Also Be: One CWE can also be classified or manifested as another.

    Attribute

    The Attribute entity defines metadata attributes that can be assigned to vulnerabilities from the table [sn_sec_tisc_intel_attribute].

    Label Description
    Name Name used to identify the attribute in the system.
    Description Detailed description of the attribute's purpose, usage, and meaning.
    Active Boolean flag indicating whether the attribute is currently active and available for use.
    Internal Identifier Internal system identifier for the attribute. Used for programmatic reference and integration purposes.
    Attribute Type Category or type of the attribute.

    The following are the valid values for this type:

    • Score attribute: Attribute related to scoring metrics.
    • Threat attribute: Attribute related to threat characteristics or properties.
    • Other attribute: General purpose attribute not fitting other categories.
    • Score value: Attribute representing a specific score or numerical value.

    Vulnerability Attribute Value

    The Vulnerability Attribute Value entity stores attribute values assigned to specific vulnerabilities from the table [sn_sec_tisc_m2m_vulnerability_attribute_value].

    Label Description
    Vulnerability Reference to the vulnerability record that has this attribute value assigned.
    Attribute Reference to the attribute definition being assigned to the vulnerability.
    Qualitative Value Qualitative or text-based value for the attribute, such as High or Critical. Used when the attribute value is descriptive rather than numeric.
    Quantitative Value Quantitative or numeric value for the attribute, such as CVSS scores or probability values. Used when the attribute value is a number or decimal.

    Vulnerability Identifier

    The Vulnerability Identifier entity stores alternative or supplementary identifiers for vulnerabilities from the table [sn_sec_tisc_vulnerability_identifier].

    Label Description
    Vulnerability Reference to the vulnerability record that this identifier represents.
    Identifier Unique identifier value for the vulnerability. This can be a vendor-specific ID or standardized identifier such as GHSA-xxxx-xxxx-xxxx or OSV-xxxx-xxxx.
    Identifier Assigned By Organization or authority that assigned the identifier, such as MITREā„¢, NVD, or GitHub.

    Vulnerability Vendor Comment

    The Vulnerability Vendor Comment entity stores vendor-provided statements and comments about specific vulnerabilities from the table [sn_sec_tisc_m2m_vulnerability_vendor_comment].

    Label Description
    Vulnerability Reference to the vulnerability record that the vendor is commenting on.
    Vendor Reference to the vendor providing the comment.
    Comment Vendor's comment or statement about the vulnerability, including vendor-specific clarifications or additional context.
    Comment Date Timestamp indicating when the vendor comment was published or last updated.

    Product Identifier

    The Product Identifier entity stores alternative identifiers associated with products from the table [sn_sec_tisc_intel_product_identifier].

    Label Description
    Product Reference to the product record that this identifier belongs to.
    Identifier Type Type of identifier used for product identification.

    The following are the valid values for this category:

    • Hashes: Cryptographic hash values for verifying product integrity, such as SHA-256 or MD5.
    • Model Numbers: Manufacturer's model numbers or part numbers.
    • PURL: Package URL, a standardized way to identify software packages.
    • SBOM URLs: URLs pointing to Software Bill of Materials documents.
    • Serial Numbers: Unique serial numbers assigned to product instances.
    • SKUs: Stock Keeping Units for product identification.
    • Generic URIs: Generic Uniform Resource Identifiers for product references.
    Identifier Actual identifier value, such as a hash value, model number, PURL string, or serial number.
    Additional Information Supplementary information about the identifier, including additional context or notes that clarify or qualify it.

    Related Product

    The Related Product entity defines relationships between products from the table [sn_sec_tisc_m2m_product].

    Label Description
    Source Product Reference to the source product in the relationship.
    Target Product Reference to the target product in the relationship.

    Vulnerability Class

    The vulnerability class options are configured in the [sn_sec_tisc_vulnerability_class] table, enabling you to define and manage vulnerability class selections on the Vulnerabilities page.

    Field Description
    Name Name of the vulnerability class.
    Description A brief description of the vulnerability class.