Scenario
A security engineer asks:Should we prioritize CVE-2024-3094 for a Linux fleet that includes developer workstations and build infrastructure?
REST Flow
Set request-scoped IDs once so each API call can be tied back to the same investigation.1. Resolve the CVE
2. Retrieve Active Exploitation Evidence
3. Pivot Relationships
4. Run the CVE Assessment
Final Answer Example
Recommendation: Validate exposure immediately and patch or roll back affected XZ Utils versions if found. Why now: Kyberis resolved CVE-2024-3094 with high confidence and found high-confidence evidence describing supply-chain backdoor activity. The affected package family can matter to developer workstations and build infrastructure. Confidence: High for the CVE match and public risk signal. Environment-specific confidence depends on whether XZ Utils 5.6.0 or 5.6.1 is present. Supporting evidence:report--sample-xz-backdoor. Request IDs: req_sample_cve_resolve, req_sample_cve_evidence, req_sample_cve_relationships, req_sample_cve_assessment.
Next actions: Inventory package versions, isolate or rebuild affected hosts, and document whether the vulnerable versions were ever deployed.
Decision Gates
- If resolution is
ambiguous, retry withexpected_types: ["cve"]or ask for the exact CVE. - If evidence is sparse, recommend exposure validation instead of emergency remediation.
- If the assessment cites evidence IDs, hydrate critical evidence with
GET /v2/evidence/{evidence_id}before a high-impact final report.
