Datasheet

VulnDB and Smart Match Templates

4 min read

Get the document

Tell us where to send it. The PDF lands in your inbox in under a minute.

About

About this datasheet

Turn raw scanner output into curated, standards-aligned findings by matching every result against one reusable template library, then backfilling CWE, MITRE ATT&CK, and remediation guidance the analyst confirms.

A vuln template is a reusable, scanner-agnostic definition of a known vulnerability class. It carries CVE and CWE identifiers, CVSS scoring, MITRE ATT&CK techniques, multi-language descriptions, and canonical remediation guidance. Templates are authored centrally and matched automatically against incoming findings from Tenable, Qualys, Rapid7, DAST, and SAST sources.

Raw scanner output rarely arrives standards-aligned. A plugin reports a title and a CVE, but the CWE class, the ATT&CK technique, the canonical taxonomy, and the remediation steps are missing or inconsistent. VulnDB closes that gap by matching each result against the template library and backfilling the agreed content.

Auto-fill backfills curated content; ATT&CK techniques flow only into an empty finding array.
Auto-fill backfills curated content; ATT&CK techniques flow only into an empty finding array.

The hard problem is not storing vulnerability definitions. It is linking thousands of raw scanner results to the right definition so each finding carries CWE, ATT&CK, and remediation context.

At a glance

  • Template type: Reusable, scanner-agnostic vulnerability class definition; platform-level, not tenant-scoped
  • Smart Match: POST /match runs four ordered stages and returns ranked candidates with confidence and reason
  • Identifiers: cve_ids[], cwe_ids[], cvss_vector, cvss_score, external_match_keys[] for plugin matching
  • ATT&CK mapping: mitre_technique_ids[] from the ATT&CK Enterprise v14 catalogue, backfilled to findings
  • Taxonomy: effects[], root_causes[], remediation_techniques[], tags[] align to canonical taxonomy
  • Languages: Base, Turkish, and English variants returned together; UI picks the locale at apply
  • Internal library: findingdef holds company-scoped definitions analysts author and own themselves

How it works

One scanner-agnostic template carries the curated CVE, CWE, MITRE ATT&CK, taxonomy, and remediation for a vulnerability class. Smart Match links each raw finding to it by a deterministic priority order, and the analyst confirms before any content is applied.

Smart Match does not guess. POST /match accepts a title, CVE IDs, and plugin keys, and runs four ordered stages from the most deterministic signal to the weakest, returning a ranked list of candidates. Each candidate carries a confidence score from 0.0 to 1.0 and a match reason, and the best match is always the highest-priority stage winner.

The two libraries divide cleanly. VulnDB is the platform-level template library security content teams author and match against. Finding definitions are the internal, company-scoped library analysts own. Both keep findings consistent, and both apply content only when an analyst or the finding service links the record.

Key capabilities

  • Two libraries, one workflow. VulnDB is the platform-level, scanner-agnostic template library. Finding definitions are the writable, company-scoped library analysts author to fit their own pentest methodology and remediation standards. Findings link to either, and the curated content follows.
  • Auto-link and inherit. When a finding is created, the finding service calls GetOrCreateID against the definition library by company and title, case-insensitive and trimmed. The matching definition is linked, and its effects, root causes, and remediation techniques are inherited onto the new finding.
  • Multi-language by construction. Name, description, and remediation are stored in base, Turkish, and English variants. Auto-fill returns all three so the UI picks the locale at apply time, and a firstNonNilStr cascade falls back to the base field when a language-specific value is absent.
  • Backfill, never overwrite. ApplyTemplate copies the template ATT&CK techniques onto a finding only when the finding mitre_technique_ids array is currently empty, so a value an analyst set by hand is preserved rather than replaced by template application.

Use cases

  • Enrich a CVE-tagged scan result. A Tenable export lands a finding with a CVE and a plugin ID. Smart Match resolves the CVE overlap at confidence 1.0, the analyst confirms the candidate, and auto-fill backfills the CWE, the CVSS context, and the curated remediation in one apply.
  • Match by vendor plugin key. A result carries no CVE but a known Qualys QID. Smart Match misses on CVE, then hits the plugin key stage at confidence 0.9, so the analyst links the right template even when the standards identifier is absent from the raw output.
  • Map ATT&CK coverage. A content author maps templates to ATT&CK Enterprise v14 techniques. As findings link those templates, mitre_technique_ids backfill onto findings with empty arrays, populating the coverage heatmap without an analyst tagging every finding by hand.

One template library, matched deterministically, applied on confirmation.

All resources

Keep exploring

Related resources

See it live

Ready to see PMAP in action?

Talk to our team or jump straight into a guided tour of the platform.

We use your email only to set up your guided tour. No marketing drip, no third-party tracking.