CVE Context in Censys Search is a new add-on data module available to Censys Search customers using the Pro tier and above. Common Vulnerabilities and Exposures (CVE) data is a critical resource for threat hunters and security practitioners. CVE Context in Censys Search gives you the information you need to stay informed about the threat landscape and protect your organization.

This dataset includes a plethora of CVE-related fields that you can leverage, including CVE ID, Attack Complexity, Attack Vector, Privileges Required, CVSS score, and KEV information. A comprehensive list of the fields in the dataset is available in our documentation.

To get access to the CVE Context in Search dataset, contact your Censys account team representative.

We have put together a video and a short lesson on the Censys Academy to illustrate the use-cases for CVE Context and help you get started using it. The video is embedded below and the lesson is accessible here.

Additionally, here are some example use-cases and attendant queries that use the CVE Context components available with this add-on:

• Find hosts with critical-scored vulnerabilities with low attack complexity ratings:
  cves.cvss.score: [9 to 10] and cves.cvss.components.attack_complexity="LOW"

• Hosts with known exploited vulnerabilities added within the past month:
  cves.kev.date_added: [now-1M to *]

• Hosts with critical vulnerabilities that attackers can easily exploit:
  cves.cvss.score: [9 to 10] and cves.cvss.components.privileges_required="NONE" and cves.cvss.components.attack_complexity="LOW"

• Consider combining these queries with IP ranges or other information to focus the results on resources you are concerned about.