Skip to content
NEURO Documentation

CVE Intelligence

CVE Intelligence

Section titled “CVE Intelligence”

NEURO integrates with the National Vulnerability Database (NVD) and MITRE to provide real-time CVE intelligence. Automatically enrich your findings with official vulnerability data.

Overview

Section titled “Overview”

CVE Intelligence provides:

  • Automatic CVE ID detection
  • Real-time NVD data lookup
  • Official CVSS scores
  • Authoritative descriptions
  • CWE mappings
  • Reference links

How It Works

Section titled “How It Works”
CVE ID Input CVE-2024-XXXX
NVD/MITRE API Query
Enriched Data in Finding

Using CVE Lookup

Section titled “Using CVE Lookup”

Automatic Detection

Section titled “Automatic Detection”

NEURO automatically detects CVE IDs in:

  • Finding title
  • Description text

When detected:

  1. CVE ID is extracted
  2. NVD is queried
  3. Data is populated
  4. References are added

Manual CVE Entry

Section titled “Manual CVE Entry”
  1. In the finding form, locate CVE ID field
  2. Enter the CVE ID: CVE-2024-12345
  3. Click Lookup or Tab out
  4. Data populates automatically

What’s Retrieved

Section titled “What’s Retrieved”
FieldSourceDescription
CVSS ScoreNVDOfficial base score
CVSS VectorNVDFull vector string
SeverityCalculatedBased on CVSS score
CWE IDNVDWeakness classification
DescriptionNVDOfficial vulnerability description
ReferencesNVDOfficial advisories and links

Data Sources

Section titled “Data Sources”

National Vulnerability Database (NVD)

Section titled “National Vulnerability Database (NVD)”

Primary source for:

  • CVSS 3.1 scores
  • Official descriptions
  • CWE mappings
  • Reference URLs
  • Affected products (CPE)

MITRE CVE

Section titled “MITRE CVE”

Fallback source for:

  • CVE descriptions
  • Basic information
  • When NVD data unavailable

CISA KEV

Section titled “CISA KEV”

For Known Exploited Vulnerabilities:

  • Exploitation status indicator
  • Due date information
  • Remediation guidance

CVE in Findings

Section titled “CVE in Findings”

Creating CVE-Based Findings

Section titled “Creating CVE-Based Findings”
  1. Click + New Finding
  2. Title: CVE-2024-12345 or CVE-2024-12345 - Vulnerability Name
  3. Click Generate with AI
  4. Result:
    • Official CVE data from NVD
    • AI-generated remediation
    • Combined references

CVE Without AI

Section titled “CVE Without AI”

To get just CVE data:

  1. Create finding with any title
  2. Enter CVE ID in the CVE field
  3. Click lookup icon
  4. Official data populates
  5. Write description manually

Multiple CVEs

Section titled “Multiple CVEs”

For findings affecting multiple CVEs:

  1. Enter primary CVE in the CVE field
  2. Add additional CVEs in references
  3. Document relationship in description

CVSS Handling

Section titled “CVSS Handling”

Score Priority

Section titled “Score Priority”

When CVE is looked up:

  1. Official NVD CVSS score is used
  2. Overwrites AI-suggested score
  3. Vector string is populated

Adjusting CVSS

Section titled “Adjusting CVSS”

You may adjust CVSS when:

  • Environmental factors apply
  • Temporal metrics relevant
  • Specific context differs

Original CVE score is preserved in references.

CWE Mapping

Section titled “CWE Mapping”

CVE lookups include CWE (Common Weakness Enumeration):

CWE IDCategory
CWE-79Cross-site Scripting
CWE-89SQL Injection
CWE-287Improper Authentication
CWE-200Information Exposure

CWE helps:

  • Categorize findings
  • Filter by weakness type
  • Map to compliance controls

CISA KEV Integration

Section titled “CISA KEV Integration”

For actively exploited vulnerabilities:

KEV Indicator

Section titled “KEV Indicator”

When a CVE is in CISA’s KEV:

  • “Known Exploited” badge appears
  • Increased urgency highlighted
  • Due date shown (if applicable)

KEV Benefits

Section titled “KEV Benefits”
  • Identify highest priority CVEs
  • Track exploitation status
  • Meet federal requirements
  • Prioritize remediation

Reference Management

Section titled “Reference Management”

Automatic References

Section titled “Automatic References”

CVE lookup adds references:

  • NVD page
  • Vendor advisories
  • Security bulletins
  • Exploit databases

Reference Types

Section titled “Reference Types”
TypeExample
NVDnvd.nist.gov link
VendorMicrosoft/Cisco advisory
AdvisorySecurity bulletin
ExploitExploit-DB reference
PatchUpdate/fix links

Search by CVE

Section titled “Search by CVE”

Find existing findings by CVE:

  1. Go to Findings
  2. Use search: CVE-2024-12345
  3. View all related findings

Bulk CVE Import

Section titled “Bulk CVE Import”

Import multiple CVE-based findings:

  1. Prepare CVE list
  2. Go to FindingsImport
  3. Select CVE Import
  4. Paste CVE IDs (one per line)
  5. Click Import
  6. Findings created with CVE data

Troubleshooting

Section titled “Troubleshooting”

CVE Not Found

Section titled “CVE Not Found”

If CVE lookup fails:

  • Verify CVE ID format (CVE-YYYY-NNNNN)
  • Check CVE exists (recently assigned CVEs may not be in NVD)
  • Try again later (API may be unavailable)

Missing Data

Section titled “Missing Data”

Some CVEs have incomplete NVD data:

  • Reserved but not published
  • Recently assigned
  • Analysis pending

Conflicting Scores

Section titled “Conflicting Scores”

If your assessment differs from NVD:

  • Document reasoning in finding
  • Keep original CVE score as reference
  • Note adjusted score and justification

Best Practices

Section titled “Best Practices”

CVE Usage

Section titled “CVE Usage”
  1. Always link CVEs when applicable
  2. Verify CVE accuracy - ensure it matches your finding
  3. Add context - CVE is the vulnerability, your finding is the instance
  4. Update periodically - CVE data can change

Documentation

Section titled “Documentation”

Include in your finding:

  • CVE ID
  • Your specific evidence
  • Environment context
  • Adjusted recommendations

Next: Learn about the AI Chat Assistant