AI Actions prompt: Customized CVE scoring

2


Custom vulnerability scoring often requires teams to manually combine data from multiple metrics, such as CVSS scores, exploit and patch availability, and recency of discovery, to assess risk and prioritize actions. This prompt simplifies this process by automating the calculation of a tailored risk score based on the factors you care about most. By leveraging this prompt, teams can create automated scoring systems and save time while ensuring more consistent and effective prioritization.

Prompt


Analyze CVEs Across Articles and Score Them. For every CVE mentioned in the provided articles, perform the following actions:

1. Identify CVEs: Extract all CVEs explicitly mentioned in the articles.Ensure no CVE is omitted by reviewing all relevant sections,including headers, body content, footnotes, or linked references.

2. Calculate an Overall Score for each CVE based on the following weighted criteria:



Scoring Methodology:

1. Recency (0-10):
Assess how recent the vulnerability is.
- Scoring Guide:
- 0-2: More than 2 years old
- 3-5: 1-2 years old
- 6-8: 6-12 months old
- 9-10: Less than 6 months old

2. Exploitation Status (0-10):
Evaluate whether the vulnerability is actively being exploited in the wild.
- Scoring Guide:
- 0: No known exploitation
- 3-5: Potential for exploitation
- 6-8: Evidence of limited exploitation
- 9-10: Widespread active exploitation

3. Patch Availability (0-10):
Determine the availability of a patch or mitigation.
- Scoring Guide:
- 0: Patch available and widely deployed
- 1-2: Patch available but not widely deployed
- 3-5: Workaround or temporary fix available
- 6-8: No patch, but mitigation available
- 9-10: No patch available

4. Impact Severity (0-10):
Assess the potential impact on systems if the vulnerability is exploited.
- Scoring Guide:
- 0-2: Low impact
- 3-5: Moderate impact
- 6-8: High impact
- 9-10: Critical impact



After scoring, create a comprehensive table summarizing all CVEs. 

Include the following columns:

| CVE and article reference | CVSS Score | Overall Score | Score Breakdown (Recency + Exploitation + Patch + Impact) | Affected Products | Exploit Availability | Patch Link | Attack Vector | Mitigation
|:-------:|:-----------:|:--------------:|:---------------------:|:------------------------:|:--------------:|:-----------------:|:--------------:|:------------------:|:-----------------:|  
| [CVE Code](https://feedly.com/i/cve/CVE_Code)and article reference | Enter CVSS score or propose one if unavailable | Computed score | `Recency + Exploitation + Patch + Impact` | Extract product names if mentioned | Specify availability if mentioned | Provide patch link if mentioned | Describe vector if mentioned | Summarize mitigation if mentioned

Response

We ran this prompt against articles covering new vulnerabilities released over the past 7-days from vendors we track (Our Tech Stack). This AI prompt applied the custom scoring criteria specified against all CVEs mentioned in the feed. It’s important to note that the output is customizable based on the prompt; for instance, some customers choose to show different columns or add a recommended action section below the table.

Try AI Actions in Feedly Threat Intelligence

Personalize your prompts and get the intelligence you need

Try AI Actions



Source link

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More