Get details on vulnerabilities by providing one or more IDs.

The following permission is required to run this action:

  • Vulnerabilities: Read.

External Documentation

To learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
Vulnerability IDsA comma-separated list of vulnerability IDs. Can be obtained via the Search Vulnerabilities

Example Output

{
	"meta": {
		"query_time": 0.003279305,
		"powered_by": "spapi",
		"trace_id": "5ea98b6c-xxxx-xxxx-xxxx-9e0f11103eb4"
	},
	"resources": [
		{
			"id": "ca4944397d82410b8f8xxxxxxxxxx_de93270830eadc97b9e1796734af034c",
			"cid": "5ddbxxxxxxxxxxxxxxxxx75f17979a1f",
			"aid": "b1xxxxxxxxxxxxxxxxx8e09e9265a599",
			"vulnerability_id": "CVE-2017-8570",
			"vulnerability_metadata_id": "CS-V17-0757999",
			"data_providers": [
				{
					"provider": "CrowdStrike Spotlight"
				}
			],
			"created_timestamp": "2023-07-11T16:17:06Z",
			"updated_timestamp": "2023-08-03T17:39:49Z",
			"status": "open",
			"apps": [
				{
					"product_name_version": "Office 2013",
					"sub_status": "open",
					"remediation": {
						"ids": [
							"46147e49f3b636c5978b3134c822a11d"
						]
					},
					"evaluation_logic": {
						"id": "04eb0c6612593b35b8f1ee437c9bae64"
					}
				}
			],
			"suppression_info": {
				"is_suppressed": false
			},
			"app": {
				"product_name_version": "Office 2013"
			},
			"cve": {
				"id": "CVE-2017-8570",
				"base_score": 7.8,
				"severity": "HIGH",
				"exploit_status": 90,
				"exprt_rating": "CRITICAL",
				"remediation_level": "O",
				"cisa_info": {
					"is_cisa_kev": true,
					"due_date": "2022-08-25T00:00:00Z"
				},
				"spotlight_published_date": "2021-05-10T17:08:00Z",
				"actors": [
					"COBALT SPIDER",
					"GALACTIC OCELOT",
					"GOBLIN PANDA",
					"OCEAN BUFFALO",
					"VENOM SPIDER"
				],
				"description": "Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0243.\n",
				"published_date": "2017-07-11T07:00:00Z",
				"vendor_advisory": [
					"https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2017-8570",
					"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8570"
				],
				"references": [
					"https://github.com/rxwx/CVE-2017-8570",
					"https://github.com/tezukanice/Office8570",
					"https://github.com/ParsingTeam/ppsx-file-generator",
					"http://www.securityfocus.com/bid/99445"
				],
				"exploitability_score": 1.8,
				"impact_score": 5.9,
				"vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
			},
			"host_info": {
				"hostname": "BIG-BLUE-MACHINE",
				"local_ip": "192.168.0.30",
				"machine_domain": "",
				"os_version": "Windows 10",
				"ou": "",
				"site_name": "",
				"system_manufacturer": "Xen",
				"groups": [
					{
						"id": "1eb1xxxxxxxxxxxxxxxxxce2696995af",
						"name": "Windows Workstations"
					},
					{
						"id": "2399xxxxxxxxxxxxxxxxx40b186f4f94",
						"name": "Windows 10"
					}
				],
				"tags": [],
				"platform": "Windows",
				"instance_id": "i-004a7e4771430d2bd",
				"service_provider_account_id": "5xxxxxxxxxx6",
				"service_provider": "55xxxxxxxxxx6",
				"os_build": "18363",
				"product_type_desc": "Workstation",
				"asset_criticality": "Critical",
				"entity_graph_id": "445xxxxxxxxxx65139",
				"third_party_asset_ids": [
					"ServiceNow: 008125xxxxxxxxxx61491ecc139619b2"
				],
				"managed_by": "Falcon sensor",
				"host_last_seen_timestamp": "2023-07-30T00:00:00Z"
			},
			"remediation": {
				"ids": [
					"46147e49f3b636c5978b3134c822a11d"
				],
				"entities": [
					{
						"id": "46147e49f3b636c5978b3134c822a11d",
						"reference": "cpe:/a:microsoft:office::::",
						"title": "Update Microsoft Office",
						"action": "Update Microsoft Office to the latest available version",
						"link": "",
						"vendor_url": ""
					}
				]
			}
		}
	]
}

Workflow Library Example

Get Vulnerabilities with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop

Was this page helpful?