Description

The amevulnintrealizations command is used to lookup Vulnerability Intelligence Realizations.

Example Usage

Use the command at the beginning of a search, together with the time_picker to return the results for evaluated realizations.

| amevulnintrealizations tenant_uid="default" state="open" time_field="last_seen" observable_filters="hostname=notebook*"

Parameters

The following Parameters to the amevulnintrealizations command are supported:

tenant_uid: The tenant you wish to evaluate
state: Only match realizations with the following states: all, fixed, open
time_field: Either “first_seen” or “last_seen”, translating to when the Vulnerability was first detected, or re-detected. This influences the operation of the time picker
observable_filters: Optional Observable Filters to Evaluate
observable_group_filters: Optional Group Filters to Evaluate