Vulcan's risk algorithm

Vulcan’s risk algorithm intelligently incorporates different contextual attributes to produce a dynamic risk score for each vulnerability instance in your environment.

Our risk score is dynamic, personalized, and customizable. The platform not only allows you to create your own risk model by setting weights for the different components of the algorithm, but also to completely customize your model with a Python script.

To get started with custon Python scripts, contact you Customer Success Manager.

Script basics

The scripts gets as inputs 2 Python dictionaries - vulnerability_data and asset_data.

The script should return an integer between 0-100.

Expected structure

def calculate_custom(vulnerability_data, asset_data):

**your script here**

Script inputs

vulnerability_data

{
"id": {
"type": "integer"
},
"sources": {
"type": "string"
},
"cves": {
"type": "array",
"items": [{
"type": "string"
}
]
},
"cvss": {
"type": "number"
},
"cwes": {
"type": "array",
"items": {
"type": "integer"
}
},
"title": {
"type": "string"
},
"threats": {
"type": "array",
"items": [{
"type": "string"
}
]
}
}

asset_data

{
"id": {
"type": "integer"
},
"ip": {
"type": "string"
},
"os": {
"type": "string"
},
"fqdn": {
"type": "string"
},
"tags": {
"type": "array",
"items": [{
"name": {
"type": "string"
},
"severity": {
"type": "integer"
}
}
]
},
"hostname": {
"type": "string"
},
"os_version": {
"type": "string"
},
"platform_family": {
"type": "string"
}
}

Notes

  • If an asset does not have tags, tags will be None and not an empty array.
  • Non-host assets (Code Projects, Image, Websites) will only have the following fields: id, name, tags.

Example script

The script in this example boosts the score of exploitable vulnerabilities for affected assets with a specific tag

def calculate_custom(vulnerability_data, asset_data):

if "Exploitable" in vulnerability_data['threats']:

if asset_data['tags']:
for tag in asset_data['tags']:
if tag['name'] == "MyTag":
return 100

return 0

Did this answer your question?