Vulnerability Priority Rating Drivers
Tenable uses a static severity and a dynamic Vulnerability Priority Rating (VPR) to quantify how urgently you should remediate a vulnerability.
Tenable assigns the static severity based on the vulnerability's CVSSv2 score. For more information about CVSS metrics, see A Complete Guide to the Common Vulnerability Scoring System, Version 2.0 and Common Vulnerability Scoring System v3.0: Specification Document.
Tenable calculates the dynamic VPR based on additional key indicators. You can view these key VPR indicators, or drivers, using any API endpoint that returns vulnerability details. These endpoints include:
| Endpoint | Response Message Object |
|---|---|
| GET /workbenches/vulnerabilities/{plugin_id}/info | vpr.drivers |
| GET /workbenches/assets/asset_id/vulnerabilities/plugin_id/info | vpr.drivers |
| GET /vulns/export/{export_uuid}/chunks/{chunk_id} | plugin.vpr.drivers |
Drivers
| Attribute | Type | Description |
|---|---|---|
| age_of_vuln | object | A range representing the number of days since the National Vulnerability Database (NVD) published the vulnerability. Ranges include: • 0-7 days • 7-30 days • 30-60 days • 60-180 days • 180-365 days • 365-730 days • More than 730 days (+731) |
| age_of_vuln.lower_bound | integer (int32) | The lower bound of the range. For example, for the 0-7 days range, this attribute is 0. For the highest range (more than 730 days), this value is 731. |
| age_of_vuln.upper_bound | integer (int32) | The upper bound of the range. For example, for the 0-7 days range, this attribute is 7. For the highest range (more than 730 days), this value is 0, which signifies that there is no higher category. |
| exploit_code_maturity | string | The relative maturity of a possible exploit for the vulnerability based on the existence, sophistication, and prevalence of exploit intelligence from internal and external sources (for example, Reversinglabs, Exploit-db, Metasploit, etc.). The possible values (High, Functional, PoC, or Unproven) parallel the CVSS Exploit Code Maturity categories. |
| cvss3_impact_score | float | The NVD-provided CVSSv3 impact score for the vulnerability. If the NVD did not provide a score, Vulnerability Management displays a Tenable-predicted score. |
| cvss_impact_score_predicted | boolean | A value specifying whether Tenable predicted the CVSSv3 impact score for the vulnerability because NVD did not provide one (true) or used the NVD-provided CVSSv3 impact score (false) when calculating the VPR. |
| threat_intensity_last28 | string | The relative intensity based on the number and frequency of recently observed threat events related to this vulnerability: Very Low, Low, Medium, High, or Very High. |
| threat_recency | object | A range representing the number of days since a threat event occurred for the vulnerability. Ranges include: • 0-7 days • 7-30 days • 30-120 days • 120-365 days • More than 365 days (+365) |
| threat_recency.lower_bound | integer (int32) | The lower bound of the range. For example, for the 0-7 days range, this attribute is 0. For the highest range (more than 365 days), this value is 366. |
| threat_ recency.upper_bound | integer (int32) | The upper bound of the range. For example, for the 0-7 days range, this attribute is 7. For the highest range (more than 730 days), this value is 0, which signifies that there is no higher category. |
| threat_sources_last28 | array | A list of all sources (for example, social media channels, the dark web, etc.) where threat events related to this vulnerability occurred. Item type: string. |
| product_coverage | string | The relative number of unique products affected by the vulnerability: Low, Medium, High, or Very High. |
Example
"drivers": {
"age_of_vuln": {
"lower_bound": 366,
"upper_bound": 730
},
"exploit_code_maturity": "UNPROVEN",
"cvss_impact_score_predicted": false,
"cvss3_impact_score": 5.9,
"threat_intensity_last28": "VERY_LOW",
"threat_sources_last28": [
"No recorded events"
],
"product_coverage": "LOW"
}
Updated 22 days ago