Guide

Smart Match: Linking Findings to VulnDB Templates

2 min read

Get the document

Tell us where to send it. The PDF lands in your inbox in under a minute.

About

About this guide

Use the four-stage match engine to link findings to curated templates and backfill CWE, MITRE, taxonomy, and remediation with recorded provenance.

This guide explains how Smart Match connects a finding to the right VulnDB template in PMAP. You will learn the four-stage pipeline and the exact confidence each stage assigns, run a match, read the ranked candidates, and pick the correct template. It also draws the line between linking a template and applying its auto-fill bundle, so you know what each action writes to the finding.

Smart Match: Linking Findings to VulnDB Templates
The Vulnerability Templates library at /vulndb feeds every Smart Match: a severity-filtered grid of curated, scanner-agnostic definitions.

It is written for triage analysts and VulnDB curators who want enrichment that is consistent and auditable. By the end you can backfill CWE, MITRE techniques, taxonomy arrays, and remediation with recorded match confidence and method, author a missing template with deterministic CVE ids and plugin keys, and re-match a whole selection in bulk after a library update while reading every per-item result.

Inside this guide

  • Understand how the match engine thinks and confirm the library has live candidates.
  • Gather a finding’s match inputs, run Smart Match, and read the ranked candidates.
  • Learn the four match stages and the confidence each one assigns.
  • Link the chosen template, then apply the auto-fill bundle to backfill fields.
  • Verify the recorded match confidence and method on the finding.
  • Author a missing template, re-run the match, and soft-disable stale templates without losing history.
  • Bulk-link one template across a selection and bulk re-match after a library update.

Before you start

  • A PMAP account with finding read and edit permissions in your company scope, plus access to the VulnDB section.
  • A populated VulnDB template library, so Smart Match has active candidates to rank, link, and backfill from.
  • At least one finding carrying a title, one or more CVE ids, or scanner plugin keys, since the match needs one of those inputs.
  • Familiarity with your taxonomy conventions, so you can judge whether a candidate describes the same vulnerability class.
  • RBAC rights to author or edit templates if you intend to add a missing template and re-run the match.
  • A bearer token for the REST API if you intend to follow the command line variant, with the same permissions as your session.

All resources

Keep exploring

Related resources

See it live

Ready to see PMAP in action?

Talk to our team or jump straight into a guided tour of the platform.

We use your email only to set up your guided tour. No marketing drip, no third-party tracking.