VRM Interfaces

docid\ sgosywgianmcsfqtqch n vrm interfaces the vulnerability response management (vrm) interfaces define the input and output schemas used by connectors and actions in vulnerability management workflows these interfaces standardize how vulnerability findings are ingested, enriched, tracked, and remediated across turbine playbooks for general information about what interfaces are and how to use them, see note for complete data model field definitions, see docid\ pqh1nonmkovd2baaipjxm for additional external documentation, see https //docs swimlane com/solutions/vulnerability finding data model and https //docs swimlane com/solutions/itsm response data model ticket creation and updating vulnerability finding to vulnerability finding v1 0 0 purpose converts vulnerability finding objects while preserving all vulnerability data used for vulnerability data normalization and processing input schema field type required description vulnerability finding object yes vulnerability finding object vulnerability finding vulnerability id string no cve or vulnerability identifier vulnerability finding vulnerability description string no description of the vulnerability vulnerability finding vulnerability status string no current status vulnerability finding vulnerability published date string no publication date vulnerability finding vulnerability last modified date string no last modification date vulnerability finding vulnerability cvss base score integer no cvss base score vulnerability finding vulnerability cvss version string no cvss version vulnerability finding vulnerability cvss vector string string no cvss vector string vulnerability finding vulnerability cvss temporal threat score integer no temporal or threat score vulnerability finding vulnerability epss score integer no epss score vulnerability finding vulnerability epss percentile integer no epss percentile vulnerability finding vulnerability references string no reference links vulnerability finding vulnerability weaknesses (cwes) string no cwe identifiers vulnerability finding vulnerability related attack patterns string no related attack patterns vulnerability finding vulnerability exploits string no exploit information vulnerability finding vulnerability public exploit found string no public exploit flag vulnerability finding vulnerability commercial exploit found string no commercial exploit flag vulnerability finding vulnerability weaponized exploit found string no weaponized exploit flag vulnerability finding vulnerability reported exploited string no reported exploitation flag vulnerability finding vulnerability reported exploitation string no exploitation details vulnerability finding vulnerability reported exploited by threat actors string no threat actor exploitation vulnerability finding vulnerability reported exploited by ransomware string no ransomware exploitation vulnerability finding vulnerability reported exploited by botnets string no botnet exploitation vulnerability finding vulnerability exploits trending on github string no github trending flag vulnerability finding vulnerability first exploit published string no first exploit publication date vulnerability finding vulnerability max exploit maturity string no maximum exploit maturity vulnerability finding vulnerability in known exploited vulnerabilities string no kev list flag vulnerability finding vulnerability finding unique id string no unique finding identifier vulnerability finding vulnerability finding grouping id string no grouping identifier vulnerability finding vulnerability finding summary string no finding summary vulnerability finding vulnerability finding primary asset identifier string no primary asset id vulnerability finding vulnerability finding primary asset type string no primary asset type vulnerability finding vulnerability finding hostnames array of strings no affected hostnames vulnerability finding vulnerability finding ip addresses array of strings no affected ip addresses vulnerability finding vulnerability finding mac addresses array of strings no affected mac addresses vulnerability finding vulnerability finding sources array of strings no finding sources vulnerability finding vulnerability finding scan id string no scan identifier vulnerability finding vulnerability finding scan type string no scan type vulnerability finding vulnerability finding raw risk score integer no raw risk score vulnerability finding vulnerability finding turbine risk score integer no turbine risk score vulnerability finding vulnerability finding remediation status string no remediation status vulnerability finding vulnerability finding remediation string no remediation details vulnerability finding vulnerability finding remediation owner string no remediation owner vulnerability finding vulnerability finding exception reference array of strings no exception references vulnerability finding vulnerability finding exception reason string no exception reason vulnerability finding vulnerability finding last ingested string no last ingestion timestamp vulnerability finding vulnerability finding last enriched string no last enrichment timestamp vulnerability finding vulnerability finding raw json string no raw json data vulnerability finding asset reference array of strings no asset references vulnerability finding asset zone string no asset zone vulnerability finding merged risk scores string no merged risk score information vulnerability finding vulnerability finding mitre attack techniques string no mitre att\&ck techniques output schema field type required description vulnerability finding object no transformed vulnerability finding with same structure use cases vulnerability data normalization vulnerability finding processing vulnerability data transformation cross platform vulnerability data exchange enriched vulnerability finding to enriched vulnerability finding v1 0 0 purpose converts enriched vulnerability finding objects with additional threat intelligence and context data input schema field type required description enriched vulnerability finding object no enriched vulnerability finding object output schema field type required description enriched vulnerability finding object no transformed enriched finding use cases enriched vulnerability processing threat intelligence integration vulnerability enrichment workflows array of object to array of vulnerability finding v1 0 0 purpose converts an array of generic objects into an array of standardized vulnerability finding objects input schema field type required description objects array of objects no array of generic objects output schema field type required description vulnerability findings array of objects no array of standardized vulnerability finding objects use cases bulk vulnerability ingestion vulnerability data normalization multi source vulnerability aggregation asset to tracking id v1 0 0 purpose extracts or generates tracking identifiers from asset objects input schema field type required description asset object no asset object output schema field type required description tracking id string no tracking identifier for the asset use cases asset tracking asset identification asset management workflows remediation item to ticket v1 0 0 purpose creates or updates tickets in itsm systems based on remediation item data input schema field type required description remediation owner string yes party responsible for remediation remediation channel string yes channel to reach remediation owner remediation item tracking id string yes tracking id of remediation item outbound message string yes message to attach to ticket output schema field type required description ticket id string no ticket id from itsm system ticket status string no ticket status (open, closed, error) ticket opened string no timestamp when ticket was opened ticket status updated string no timestamp of last status update ticket status message string no status message about ticket creation use cases itsm integration remediation workflow automation ticket creation from vulnerability findings remediation tracking remediation item check v1 0 0 purpose checks the status of remediation items and associated itsm tickets input schema field type required description remediation owner string yes remediation owner identifier remediation channel string yes remediation channel remediation item tracking id string yes tracking id of remediation item itsm ticket id string yes itsm ticket id to check output schema field type required description ticket status string no current ticket status ticket status updated string no timestamp of last status check or update inbound messages string no replies or inbound messages from itsm use cases remediation status monitoring ticket status synchronization remediation workflow tracking itsm integration status checks