Cisco Vulnerability

  • Updated on Oct 23, 2025
  • Published on Oct 19, 2025
Prev Next
Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

cisco-vulnerability-management-vulnerabilities

✅

✅

cisco_vulnerability_management_vulnerabilities

NDJSON

S3

cisco-vulnerability-management-assets

✅

✅

cisco_vulnerability_management_assets

NDJSON

S3

cisco-vulnerability-management-users

cisco_vulnerability_management_users

NDJSON

S3


Overview

Kenna Security, now part of Cisco as Cisco Vulnerability Management, is a cybersecurity company specializing in risk-based vulnerability management. Their platform uses data science and machine learning to identify and prioritize vulnerabilities, enabling organizations to focus on the most critical threats. They offer a platform that integrates vulnerability data, threat intelligence, and zero-day data to provide a comprehensive view of an organization's risk posture.

Kenna Security's main product, Cisco Vulnerability Management (formerly Kenna.VM), helps organizations:

Prioritize Risks: Prioritize vulnerabilities based on risk scores, considering internal and external factors like exploit availability and severity.

Predict and Prevent Exploits: Track vulnerability fluctuations and forecast weaponization with predictive analytics.

Assess the Threat Landscape: Gain a comprehensive view of emerging threats and shifting trends.

In essence, Kenna Security provides a platform that helps security teams understand and manage their risk profile, prioritize remediation efforts, and enhance their overall security posture. 

Docs for API - API Authentication

Docs for Cisco Kenna.- Kenna Security Is Part of Cisco

Supported data types

cisco vulnerability management vulnerabilities

Table name: cisco_vulnerability_management_vulnerabilities

Contains detailed security vulnerability information including CVE IDs, severity scores, CVSS ratings, exploitability flags, and remediation details. This data type tracks individual security flaws found on assets with their current status, priority, and associated threat intelligence.

cisco vulnerability management assets

Table name: cisco_vulnerability_management_assets

Provides comprehensive information about managed IT assets including network devices, servers, and endpoints with their network configuration, operating systems, and vulnerability counts. This data type includes asset identification details like IP addresses, hostnames, and network ports along with risk scoring and asset grouping information.

cisco vulnerability management users

Table name: cisco_vulnerability_management_users

Manages user account information and access control data including user profiles, authentication details, and role assignments within the vulnerability management system. This data type tracks user activity, permissions, and administrative access for security team members and stakeholders.

Send data to Hunters

Hunters supports the ingestion of Cisco Vulnerabilty logs via an intermediary AWS S3 bucket.

To connect Cisco logs:

  1. Export your logs from Cisco to an AWS S3 bucket by following this guide.

  2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

Logs are expected in JSON format.

cisco vulnerability management vulnerabilities

{
  "id": 1234567890,
  "status": "open",
  "closed_at": null,
  "created_at": "2023-01-01T12:00:00Z",
  "due_date": "2023-02-01",
  "notes": null,
  "port": [],
  "priority": 10,
  "identifiers": ["123456"],
  "last_seen_time": "2023-01-01T12:30:00.000Z",
  "scanner_score": 5.0,
  "fix_id": 12345678,
  "scanner_vulnerabilities": [{"port": null, "external_unique_id": "12345678", "open": true}],
  "asset_id": 12345678,
  "connectors": [{"name": "Qualys Web Application Scan (WAS) - Applications", "id": 123456, "connector_definition_name": "QualysWas", "vendor": "Qualys"}],
  "service_ticket": null,
  "urls": {"asset": "api.example.com/assets/12345678"},
  "solution": "Customers are advised to upgrade relevant versions of Apache Tomcat...",
  "patch": true,
  "patch_published_at": "2023-01-15T10:00:00.000Z",
  "cve_id": "Apache Tomcat Remote Code Execution (RCE) Vulnerability (CVE-2023-12345)",
  "cve_description": null,
  "cve_published_at": null,
  "description": "Apache Tomcat is an open source web server and servlet container...",
  "wasc_id": null,
  "severity": null,
  "threat": null,
  "popular_target": null,
  "active_internet_breach": false,
  "easily_exploitable": false,
  "malware_exploitable": false,
  "remote_code_execution": null,
  "predicted_exploitable": false,
  "platform_types": null,
  "cvss_v2": null,
  "cvss_v3": null,
  "custom_fields": [{"name": "ServiceNow Ticket for Risk Acceptable or False Positive", "custom_field_definition_id": 2, "value": null}],
  "first_found_on": "2023-01-01T12:00:00Z",
  "top_priority": true,
  "risk_meter_score": 100,
  "closed": false
}

cisco vulnerability management assets

{
  "id": 16705231,
  "created_at": "2023-08-22T13:25:39Z",
  "priority": 10,
  "operating_system": "Windows Server 2019",
  "notes": null,
  "last_booted_at": null,
  "primary_locator": "netbios",
  "locator": "WEB-SRV-01",
  "vulnerabilities_count": 15,
  "status": "active",
  "last_seen_time": "2025-06-10T04:08:40Z",
  "network_ports": [
    {"id": 222522980, "port_number": 80, "extra_info": "", "hostname": null, "name": null, "ostype": "", "product": null, "protocol": "tcp", "state": "open", "version": null},
    {"id": 222522981, "port_number": 443, "extra_info": "", "hostname": null, "name": null, "ostype": "", "product": null, "protocol": "tcp", "state": "open", "version": null},
    {"id": 222522987, "port_number": 3389, "extra_info": "", "hostname": null, "name": null, "ostype": "", "product": null, "protocol": "tcp", "state": "open", "version": null}
  ],
  "tags": ["Production_Servers", "Web_Assets", "Internal", "RDP", "HTTP server"],
  "owner": null,
  "inactive_at": "2025-06-25",
  "status_set_manually": false,
  "overage": false,
  "urls": {"vulnerabilities": "example.com"},
  "ip_address": "192.168.1.100",
  "database": null,
  "hostname": "web-server-01.example.com",
  "fqdn": null,
  "netbios": "WEB-SRV-01",
  "application": null,
  "file": null,
  "mac_address": null,
  "ec2": null,
  "url": null,
  "external_id": "304050090",
  "image": null,
  "container": null,
  "ipv6": null,
  "risk_meter_score": 760,
  "asset_groups": [{"id": 7607, "name": "All Assets"}, {"id": 218860, "name": "Production"}]
}

cisco vulnerability management users

{
  "id": 21233,
  "created_at": "2016-02-04T22:34:46Z",
  "updated_at": "2024-04-30T14:25:35Z",
  "email": "john.doe@example.com",
  "firstname": "John",
  "lastname": "Doe",
  "phone": "+1-555-555-5555",
  "external_id": null,
  "last_sign_in_at": "2023-08-03T16:52:52Z",
  "roles": ["administrator"],
  "role_ids": [74401]
}