HOST_VULN_DETAILS_V View
This view provides host vulnerability assessment details (such as CVE ID, Machine Id, Package info, fix info, and more) about a discovered vulnerability in a host within the last 90 days.
Each row contains file information as listed in the following columns:
| Column Name | Data Type | Description |
|---|---|---|
| START_TIME | Timestamp | The time and date when the hourly aggregation time period starts. |
| END_TIME | Timestamp | The time and date when the hourly aggregation time period ends. |
| VULN_ID | Text | The vulnerability ID found on a given host. |
| MID | Number | The Lacework-generated machine identifier that uniquely identifies the machine. |
| MACHINE_TAGS | JSON Object | The tags or labels assigned to machines (such as VMs) to categorize them. |
| EVAL_CTX | JSON Object | The eval context provides machine details such as first boot time, host name, machine created time, eval guid, and collector type. Collector type can be Agent or Agentless. |
| FEATURE_KEY | JSON Object | The feature key provides the information about the package name and namespace that contains the vulnerability mentioned in VULN_ID. |
| SEVERITY | Text | The severity of the vulnerability found. |
| FIX_INFO | JSON Object | The fix info provides details about the CVE such as fix available version, eval status, etc. |
| STATUS | Text | The evaluation status generated by Lacework to show if the CVE is New, Active, Fixed, Reopened, etc. |
| CVE_PROPS | JSON Object | The CVE props contains CVE description and metadata. |
| PROPS | JSON Object | The props provides other relevant information about the host and CVE, such as the first_time_seen field and the last_updated_time field. |
API values for 'FEATURE_KEY:package_active'
See package status for full details on each value.
| Console | API |
|---|---|
| Active | 1 |
| Inactive | -1 |
| Unknown | 0 |
| N/A | -2 |
API values for 'SEVERITY'
| Console | API |
|---|---|
| Critical | 1 |
| High | 2 |
| Medium | 3 |
| Low | 4 |
| Info | 5 |