# US Government Cybersecurity Alert Monitor (`ntriqpro/cisa-alert-monitor`) Actor Get daily alerts from US government cybersecurity agencies about new security threats and vulnerabilities affecting your systems. - **URL**: https://apify.com/ntriqpro/cisa-alert-monitor.md - **Developed by:** [daehwan kim](https://apify.com/ntriqpro) (community) - **Categories:** AI, Developer tools - **Stats:** 2 total users, 1 monthly users, 100.0% runs succeeded, NaN bookmarks - **User rating**: No ratings yet ## Pricing $100.00 / 1,000 charged when a cve vulnerability analysis is succes This Actor is paid per event. You are not charged for the Apify platform usage, but only a fixed price for specific events. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ## CVE Vulnerability Priority Scorer Stop triaging vulnerabilities by raw CVSS score alone. This actor enriches every CVE with active exploitation status from the CISA Known Exploited Vulnerabilities catalog, attack complexity from the CVSS vector, MITRE ATT&CK technique mapping, and real-world exposure window — then produces a 0–100 priority score with a concrete patch deadline so your security team fixes the right things first. ### What does CVE Vulnerability Priority Scorer do? - Fetches full CVE details from NIST NVD API 2.0 (CVSS scores, CWE IDs, affected configurations) - Cross-references every CVE against the CISA Known Exploited Vulnerabilities (KEV) catalog including ransomware campaign flags - Parses CVSS vector strings to extract attack vector, complexity, and privileges-required dimensions - Maps CWE weakness IDs to MITRE ATT&CK techniques and tactics using a curated local table - Outputs a priority score, urgency tier (CRITICAL/HIGH/MEDIUM/LOW), and a specific patch deadline date ### Key Features - **Multi-Source Cross-Validation**: Combines NIST NVD, CISA KEV catalog, and MITRE ATT&CK for context-aware prioritization beyond raw CVSS - **Scoring System**: Produces a 0–100 priority score mapped to actionable urgency tiers with concrete patch deadlines - **Flexible Query Modes**: Search by CVE ID (e.g. `CVE-2024-1234`), keyword (e.g. `apache log4j`), or CPE string - **Batch Processing**: Score up to 2,000 CVEs in a single run, sorted by priority descending - **Ransomware Flagging**: Highlights CVEs with confirmed ransomware campaign association from CISA data - **Pay Per Event**: Only $0.05 per analysis — no subscription needed ### Input | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `query` | string | Yes | CVE ID, keyword, or CPE string | | `queryType` | string | No | `cve_id`, `keyword` (default), or `cpe` | | `maxResults` | number | No | Maximum CVEs to return (default: 20, max: 2000) | | `nvdApiKey` | string | No | NVD API key for faster rate limits | ### Output Example ```json { "cveId": "CVE-2021-44228", "priorityScore": 98, "urgency": "CRITICAL — Patch immediately (24-48 hours)", "patchDeadline": "2024-01-17", "cvssScore": 10.0, "cvssSeverity": "CRITICAL", "cvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "exploitedInWild": true, "cisaKevDetails": { "dateAdded": "2021-12-10", "requiredAction": "Apply updates per vendor instructions.", "dueDate": "2021-12-24", "knownRansomwareCampaignUse": true, "product": "Log4j2" }, "attackTechniques": [ { "id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access" } ], "cweIds": ["CWE-502"], "verdict": "CVE-2021-44228 (score 98/100) is actively exploited in the wild (CISA KEV), critical CVSS severity, associated with ransomware campaigns, remotely exploitable over network, no authentication required.", "flags": ["IN_CISA_KEV", "RANSOMWARE", "NETWORK_EXPLOITABLE", "NO_AUTH_REQUIRED", "CRITICAL_CVSS"], "scoreBreakdown": { "cvss": 35, "exploitation": 35, "attackComplexity": 20, "exposureWindow": 15, "total": 98 }, "sources": { "nvd": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228", "cisaKev": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "mitre": "https://attack.mitre.org/" }, "timestamp": "2024-01-15T10:30:00Z" } ```` ### Use Cases - **Vulnerability Management Platforms**: Replace manual CVSS triage with automated contextual scoring for faster remediation workflows - **Security Operations Centers (SOC)**: Daily CVE feed enrichment to focus analyst attention on actively exploited vulnerabilities - **MSSPs**: Deliver prioritized patch reports to clients with clear patch deadlines rather than raw severity ratings - **Penetration Testing Teams**: Identify highest-impact targets for authorized red team engagements ### Data Sources | Source | Coverage | Rate Limit | |--------|----------|------------| | NIST NVD API 2.0 | 250K+ CVEs with CVSS scores | 5 req/30s free; 50 req/30s with key | | CISA KEV Catalog | 1,100+ known exploited vulnerabilities | Free, no key required | | MITRE ATT\&CK | 200+ techniques, local CWE mapping table | Free, no key required | ### Scoring Breakdown | Dimension | Max Points | What It Measures | |-----------|-----------|-----------------| | CVSS Severity | 35 | Base CVSS score (9.0+ = 35 pts) | | Active Exploitation | 30 | Presence in CISA KEV (ransomware = +5 bonus) | | Attack Complexity | 20 | Network vector + low complexity + no-auth = max | | Exposure Window | 15 | Age of vulnerability (>1 year unpatched = max) | ### Patch Deadline Logic | Urgency Tier | Score Range | Deadline | |-------------|-------------|---------| | CRITICAL | 80–100 | 24–48 hours | | HIGH | 60–79 | 7 days | | MEDIUM | 40–59 | 30 days | | LOW | 20–39 | 90 days | | INFORMATIONAL | 0–19 | Monitor only | ### Pricing This actor uses Pay Per Event pricing at **$0.05 per analysis**. You only pay for successful analyses. ### API Keys (Optional) Some data sources work better with API keys. Set these as environment variables: - `NVD_API_KEY`: Increases NVD rate limit from 5 to 50 requests/30 seconds for bulk CVE lookups — [Get free key here](https://nvd.nist.gov/developers/request-an-api-key) Without a key, the actor still works but paginates slowly through large result sets. # Actor input Schema ## `query` (type: `string`): CVE ID (e.g., 'CVE-2024-1234'), software name (e.g., 'apache log4j'), or CPE string ## `queryType` (type: `string`): Type of search query: CVE ID lookup, keyword search, or CPE string ## `maxResults` (type: `integer`): Maximum number of vulnerabilities to analyze and score ## `nvdApiKey` (type: `string`): Optional NVD/NIST API key for higher rate limits (50 req/30sec vs 5 req/30sec without key). Get a free key at https://nvd.nist.gov/developers/request-an-api-key ## Actor input object example ```json { "query": "apache log4j", "queryType": "keyword", "maxResults": 20 } ``` # Actor output Schema ## `results` (type: `string`): No description # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = {}; // Run the Actor and wait for it to finish const run = await client.actor("ntriqpro/cisa-alert-monitor").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`💾 Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = {} # Run the Actor and wait for it to finish run = client.actor("ntriqpro/cisa-alert-monitor").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("💾 Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{}' | apify call ntriqpro/cisa-alert-monitor --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=ntriqpro/cisa-alert-monitor", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "US Government Cybersecurity Alert Monitor", "description": "Get daily alerts from US government cybersecurity agencies about new security threats and vulnerabilities affecting your systems.", "version": "1.0", "x-build-id": "onW1l01ikW0u4GSGT" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/ntriqpro~cisa-alert-monitor/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-ntriqpro-cisa-alert-monitor", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/ntriqpro~cisa-alert-monitor/runs": { "post": { "operationId": "runs-sync-ntriqpro-cisa-alert-monitor", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/ntriqpro~cisa-alert-monitor/run-sync": { "post": { "operationId": "run-sync-ntriqpro-cisa-alert-monitor", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "required": [ "query" ], "properties": { "query": { "title": "Search Query", "type": "string", "description": "CVE ID (e.g., 'CVE-2024-1234'), software name (e.g., 'apache log4j'), or CPE string", "default": "apache log4j" }, "queryType": { "title": "Query Type", "enum": [ "cve_id", "keyword", "cpe" ], "type": "string", "description": "Type of search query: CVE ID lookup, keyword search, or CPE string", "default": "keyword" }, "maxResults": { "title": "Maximum Results", "minimum": 1, "maximum": 100, "type": "integer", "description": "Maximum number of vulnerabilities to analyze and score", "default": 20 }, "nvdApiKey": { "title": "NVD API Key (Optional)", "type": "string", "description": "Optional NVD/NIST API key for higher rate limits (50 req/30sec vs 5 req/30sec without key). Get a free key at https://nvd.nist.gov/developers/request-an-api-key" } } }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```