# Known Exploited Vulnerabilities Fetches known exploited vulnerability data from CISA's public KEV catalog. ## Details The CISA KEV input processes Known Exploited Vulnerabilities (KEV) data incrementally, ensuring that you always receive new vulnerability entries without duplicates. The input maintains state between runs, tracking which vulnerabilities have been processed to guarantee: - No duplicate vulnerability records unless there has been an update to an existing record. You will get the new updated record. - All new vulnerabilities are captured - Recovery from interruptions without data loss or duplicate data ## Prerequisites The CISA KEV connector does not require any credentials, making it a straightforward plug-and-play connector. ## Configuration The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below. #### Settings | Setting | Type | Required | Description | |---------|------|----------|-------------| | Backfill Start Time | string | No | The date to start fetching data from. If not specified, no past records will be fetched. | #### Secrets None. ## API To send a `POST` request to create this CISA KEV Connector: ```bash curl -X 'POST' \ '{base_url}/api/v2/{org_id}/inputs' \ -H 'accept: application/json' \ -H 'x-api-key: {api_key}' \ -H 'Content-Type: application/json' \ -d '{ "config": { "secrets": {}, "settings": {} }, "description": "input_description", "name": "input_name", "promise_id": "", "type": "cisa-kev" }' ``` ## Custom Schema Handling If the source data doesn't align with any of the [OpenSecurityControlFramework (OSCF) schemas](https://schema.ocsf.io/), you can create a custom transformation using our JQ transform pipeline. For example: ```jq { metadata: { schema_version: "1.0.0", custom_framework: "my_framework" }, controls: .[] } ``` For more information on JQ and how to write your own JQ transformations see the JQ docs [here](https://jqlang.github.io/jq/) If you believe this data source should be included in the standard OSCF schema set, please reach out to our team at [support@monad.com](mailto:support@monad.com). We're always looking to expand our coverage of security control frameworks based on community needs. ## Sample Record ```json { "cveID": "CWE-79", "vendorProject": "Traxcellion", "product": "FTA", "vulnerabilityName": "OS Command Injection Vulnerability", "dateAdded": "2025-08-11", "shortDescription": "Contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.", "requiredAction": "Apply updates per vendor instructions.", "dueDate": "2025-08-11", "knownRansomwareCampaignUse": "Unknown", "notes": "", "cwes": [] } ```