AI Actions prompt: Customized CVE scoring
Custom vulnerability scoring often requires teams to manually combine data from multiple metrics, such as CVSS scores, exploit and patch availability, and recency of discovery, to assess risk and prioritize actions. This prompt simplifies this process by automating the calculation of a tailored risk score based on the factors you care about most. By leveraging this prompt, teams can create automated scoring systems and save time while ensuring more consistent and effective prioritization.
Prompt
Analyze CVEs Across Articles and Score Them. For every CVE mentioned in the provided articles, perform the following actions:
1. Identify CVEs: Extract all CVEs explicitly mentioned in the articles.Ensure no CVE is omitted by reviewing all relevant sections,including headers, body content, footnotes, or linked references.
2. Calculate an Overall Score for each CVE based on the following weighted criteria:
Scoring Methodology:
1. Recency (0-10):
Assess how recent the vulnerability is.
- Scoring Guide:
- 0-2: More than 2 years old
- 3-5: 1-2 years old
- 6-8: 6-12 months old
- 9-10: Less than 6 months old
2. Exploitation Status (0-10):
Evaluate whether the vulnerability is actively being exploited in the wild.
- Scoring Guide:
- 0: No known exploitation
- 3-5: Potential for exploitation
- 6-8: Evidence of limited exploitation
- 9-10: Widespread active exploitation
3. Patch Availability (0-10):
Determine the availability of a patch or mitigation.
- Scoring Guide:
- 0: Patch available and widely deployed
- 1-2: Patch available but not widely deployed
- 3-5: Workaround or temporary fix available
- 6-8: No patch, but mitigation available
- 9-10: No patch available
4. Impact Severity (0-10):
Assess the potential impact on systems if the vulnerability is exploited.
- Scoring Guide:
- 0-2: Low impact
- 3-5: Moderate impact
- 6-8: High impact
- 9-10: Critical impact
Response
We ran this prompt against articles covering new vulnerabilities released over the past 7-days from vendors we track (Our Tech Stack). This AI prompt applied the custom scoring criteria specified against all CVEs mentioned in the feed. It’s important to note that the output is customizable based on the prompt; for instance, some customers choose to show different columns or add a recommended action section below the table.
Try AI Actions in Feedly Threat Intelligence
Personalize your prompts and get the intelligence you need