Transilience Predicted CVE Feature

venkat pothamsetty

1 min read
Transilience Predicted CVE Feature

We all know the problem. It is very hard for NVD to keep up with the reported vulnerabilities every day.

Several CVEs are in "Awaiting Analysis" state with out even CPE attribution. Our LLM based agents have been collecting the vendor advisory information (such as work arounds etc) , and exploit , impact information.

We are bringing the CPE information as well, easily consumable over the API.

Here is how easy it is.

Lets say i have Fortinet , FortiOS running 7.0.16 version and i want to find out all CVEs on it, including the ones awaiting analysis


import requests 
url = "https://vulns.transilienceapi.com/products/vulnerabilities"

headers = {
    "Content-Type": "application/json",
    "x-api-key": "xxx"
}

data = {
    "kind": "o",
    "name": "fortios", 
    "vendor": "fortinet",
    "version": "7.0.16"
}

response = requests.request("POST", url, headers=headers, json=data)
# Get unique vendor product names from vendors_exploits_details
print (response.text)
import json 


# Parse the JSON data
json_data = json.loads(response.text)

# Create a base DataFrame with the main product information
base_df = pd.DataFrame({
    'name': [json_data['name']],
    'vendor': [json_data['vendor']],
    'version': [json_data['version']],
    'architecture': [json_data['architecture']],
    'year': [json_data['year']]
})

# For CPEs, join the list into a string
base_df['cpes'] = [', '.join(json_data['cpes'])]

# For CVEs, create a separate DataFrame
cve_df = pd.DataFrame(json_data['cves'])

Result : we give a matching_criteria column which indicates the CPE is_predicted column that will indicate whether the CVE is still waiting analysis.

Predicted CVE over the API

You can get the API key from here.

Please note that the CPE listed for is_predicted==True is what we predict it to be , it can change once NVD does the analysis.

Read more