All Collections
Settings and Account
Risk
Custom Risk Script
Custom Risk Script

Learn all about personalizing your risk model with Python scripts

Updated over a week ago

About

Read all about the value of Custom Risk Script.

Vulcan Risk Algorithm

Vulcan risk algorithm intelligently incorporates different contextual attributes to produce a dynamic risk score for each vulnerability instance in your environment.

Our risk score is dynamic, personalized, and customizable. The platform allows you to:

  • Create your own risk model by setting weights for the different components of the algorithm

  • Customize your model with a Python script

Contact your CSM for Custom-Script support

To get started with custom Python scripts, contact your Customer Success Manager or Vulcan support at support@vulcan.io.

Script Basics

The script gets the input of 2 Python dictionaries - vulnerability_data and asset_data.

The script should return an integer between 0-100.

Configuration

Settings > Risk

Once the configuration is enabled by CSM, all weights in the UI should be set to 0, and the custom risk weight should be set to 1.

When Custom Risk Script is enabled, the vulnerability risk shows the following:

Expected Structure

def calculate_custom(vulnerability_data, asset_data):

**your script here**

Script Inputs

vulnerability_data

    {
    "id": {
        "type": "integer"
    },
    "sources": {
        "type": "string"
    },
    "cves": {
        "type": "array",
        "items": [{
                "type": "string"
            }
        ]
    },
    "cvss": {
        "type": "number"
    },
    "cwes": {
        "type": "array",
        "items": {
            "type": "integer"
        }
    },
    "title": {
        "type": "string"
    },
    "threats": {
        "type": "array",
        "items": [{
                "type": "string"
            }
        ]
    },
    “max_epss_score”: {
        "type": “number”,
    },
    “cvss3_vector”: {
        "type": “string”,
    },
“temporal_cvss”: {
        "type": “number”,
    },
}

asset_data

 {
    "id": {
        "type": "integer"
    },
    "ip": {
        "type": "string"
    },
    "os": {
        "type": "string"
    },
    "fqdn": {
        "type": "string"
    },
    "tags": {
        "type": "array",
        "items": [{
                "name": {
                    "type": "string"
                },
                "severity": {
                    "type": "integer"
                }
            }
        ]
    },
    "hostname": {
        "type": "string"
    },
    "os_version": {
        "type": "string"
    },
    "platform_family": {
        "type": "string"
    }
}

Notes

  • If an asset does not have tags, tags will be None and not an empty array.

  • Non-host assets (Code Projects, Image, Websites) will only have the following fields: id, name, tags.

  • For EPSS score: If there is no score, it is Null. If the score is 0, it will return 0.

Example script

The script in this example boosts the score of exploitable vulnerabilities for affected assets with a specific tag.

def calculate_custom(vulnerability_data, asset_data):

    if "Exploitable" in vulnerability_data['threats']:

        if asset_data['tags']:
            for tag in asset_data['tags']:
                if tag['name'] == "MyTag":
                    return 100

    return 0

FAQ

Can I manually edit the risk of vulnerability that has a custom risk score applied?

Yes. You can edit and override the risk provided based on the custom risk script parameters. See Editing risk manually.

Can I manually edit the parameters of the custom risk script?

No. To change the parameters or update the script, contact your Customer Success Manager at Vulcan Cyber.

Related Articles
Vulcan ConnectX (Vulcan Report) Connector
How Risk Calculation Works
Understanding Vulnerability Risk
API Paths and Endpoints
Vulnerability Custom Risk Script Best Practice
Did this answer your question?