diff --git a/Packs/Core/Integrations/CortexPlatformCore/CortexPlatformCore.py b/Packs/Core/Integrations/CortexPlatformCore/CortexPlatformCore.py
index 8f8fafd4d557..7b91d5f2062e 100644
--- a/Packs/Core/Integrations/CortexPlatformCore/CortexPlatformCore.py
+++ b/Packs/Core/Integrations/CortexPlatformCore/CortexPlatformCore.py
@@ -1344,6 +1344,10 @@ def get_vulnerabilities_command(client: Client, args: dict) -> CommandResults:
"assigned": FilterType.NIS_EMPTY,
},
)
+ filter_builder.add_field("CORTEX_VULNERABILITY_RISK_SCORE", FilterType.GTE, arg_to_number(args.get("cvrs_gte")))
+ filter_builder.add_field(
+ "COMPENSATING_CONTROLS_DETECTED_COVERAGE", FilterType.EQ, argToList(args.get("compensating_controls_effective_coverage"))
+ )
request_data = build_webapp_request_data(
table_name=VULNERABLE_ISSUES_TABLE,
@@ -1374,6 +1378,17 @@ def get_vulnerabilities_command(client: Client, args: dict) -> CommandResults:
"EXPLOITABLE",
"ASSET_IDS",
"FINDING_SOURCES",
+ "COMPENSATING_CONTROLS_DETECTED_COVERAGE",
+ "CORTEX_VULNERABILITY_RISK_SCORE",
+ "FIX_VERSIONS",
+ "ASSET_TYPES",
+ "COMPENSATING_CONTROLS_DETECTED_CONTROLS",
+ "EXPLOIT_LEVEL",
+ "ISSUE_NAME",
+ "PACKAGE_IN_USE",
+ "PROVIDERS",
+ "OS_FAMILY",
+ "IMAGE",
]
filtered_data = [{k: v for k, v in item.items() if k in output_keys} for item in data]
diff --git a/Packs/Core/Integrations/CortexPlatformCore/CortexPlatformCore.yml b/Packs/Core/Integrations/CortexPlatformCore/CortexPlatformCore.yml
index b37668b12bfb..ae8cbe2cb05a 100644
--- a/Packs/Core/Integrations/CortexPlatformCore/CortexPlatformCore.yml
+++ b/Packs/Core/Integrations/CortexPlatformCore/CortexPlatformCore.yml
@@ -1653,6 +1653,21 @@ script:
- CORTEX_SERVERLESS_FUNCTION_SCANNER
- QUALYS
- TENABLE
+ - name: cvrs_gte
+ description: The minimum risk score assigned to the vulnerability (range 0-100).
+ - name: compensating_controls_effective_coverage
+ description: The assessed effectiveness and coverage of detected compensating controls.
+ isArray: true
+ auto: PREDEFINED
+ predefined:
+ - EFFECTIVE
+ - EFFECTIVE_REQUIRES_CONFIGURATION_UPDATE
+ - EFFECTIVE_REQUIRES_CONTENT_UPDATE
+ - EXPLOIT_CONFIRMED
+ - EXPLOIT_UNREACHABLE
+ - NOT_INSTALLED
+ - NO_CONTROLS_FOUND
+ - UNKNOWN_COVERAGE
outputs:
- contextPath: Core.VulnerabilityIssue.ISSUE_ID
description: The unique identifier for the vulnerability issue.
@@ -1702,6 +1717,39 @@ script:
- contextPath: Core.VulnerabilityIssue.FINDING_SOURCES
description: The finding sources that originally generated the security finding of the vulnerability.
type: String
+ - contextPath: Core.VulnerabilityIssue.COMPENSATING_CONTROLS_DETECTED_COVERAGE
+ description: The coverage status of detected compensating controls, mirroring the input parameter enum values.
+ type: String
+ - contextPath: Core.VulnerabilityIssue.CORTEX_VULNERABILITY_RISK_SCORE
+ description: The risk score assigned to the vulnerability.
+ type: Number
+ - contextPath: Core.VulnerabilityIssue.FIX_VERSIONS
+ description: The package versions that contain a fix for the vulnerability.
+ type: Array
+ - contextPath: Core.VulnerabilityIssue.ASSET_TYPES
+ description: The types of assets affected by the vulnerability.
+ type: Array
+ - contextPath: Core.VulnerabilityIssue.COMPENSATING_CONTROLS_DETECTED_CONTROLS
+ description: The compensating controls that were detected for the vulnerability.
+ type: Array
+ - contextPath: Core.VulnerabilityIssue.EXPLOIT_LEVEL
+ description: The exploitability level or status of the vulnerability.
+ type: String
+ - contextPath: Core.VulnerabilityIssue.ISSUE_NAME
+ description: The name of the vulnerability issue.
+ type: String
+ - contextPath: Core.VulnerabilityIssue.PACKAGE_IN_USE
+ description: Indicates whether the vulnerable package is actively used in the environment.
+ type: Boolean
+ - contextPath: Core.VulnerabilityIssue.PROVIDERS
+ description: The providers or sources of the vulnerability information.
+ type: Array
+ - contextPath: Core.VulnerabilityIssue.OS_FAMILY
+ description: The operating system family of the affected asset.
+ type: String
+ - contextPath: Core.VulnerabilityIssue.IMAGE
+ description: Information related to the affected container or system image.
+ type: String
- arguments:
- description: Comma-separated list of IDs of the issues to get recommendations for (maximum 10 per request).
name: issue_ids
diff --git a/Packs/Core/Integrations/CortexPlatformCore/README.md b/Packs/Core/Integrations/CortexPlatformCore/README.md
index 072cecddda19..3ec305007858 100644
--- a/Packs/Core/Integrations/CortexPlatformCore/README.md
+++ b/Packs/Core/Integrations/CortexPlatformCore/README.md
@@ -498,8 +498,8 @@ Retrieves vulnerabilities based on specified filters.
| **Argument Name** | **Description** | **Required** |
| --- | --- | --- |
| limit | The maximum number of vulnerabilities to return. Default is 50. | Optional |
-| sort_field | The field by which to sort the results. Default is LAST_OBSERVED. | Optional |
-| sort_order | The order in which to sort the results. Possible values are: DESC, ASC. | Optional |
+| sort_field | The field by which to sort the results. Possible values are: PLATFORM_SEVERITY, CVSS_SCORE, EPSS_SCORE, CORTEX_VULNERABILITY_RISK_SCORE, LAST_OBSERVED. Default is LAST_OBSERVED. | Optional |
+| sort_order | The order in which to sort the results. Possible values are: DESC, ASC. Default is DESC. | Optional |
| cve_id | The CVE ID. Accepts a comma-separated list. | Optional |
| issue_id | The issue ID. Accepts a comma-separated list. | Optional |
| cvss_score_gte | The minimum CVSS score. | Optional |
@@ -512,7 +512,10 @@ Retrieves vulnerabilities based on specified filters.
| start_time | The start time for filtering according to case creation time. Supports free-text relative and absolute times. For example: 7 days ago, 2023-06-15T10:30:00Z, 13/8/2025. | Optional |
| end_time | The end time for filtering according to case creation time. Supports free-text relative and absolute times. For example: 7 days ago, 2023-06-15T10:30:00Z, 13/8/2025. | Optional |
| severity | The severity of the vulnerability issue. Possible values are: info, low, medium, high, critical. | Optional |
-| assignee | The email of the user assigned to the vulnerability. Accepts a comma-separated list.
Use 'unassigned' for unassigned vulnerabilities or 'assigned' for all assigned vulnerabilities.
. | Optional |
+| assignee | The email of the user assigned to the vulnerability. Accepts a comma-separated list. Use 'unassigned' for unassigned vulnerabilities or 'assigned' for all assigned vulnerabilities. | Optional |
+| finding_sources | The finding sources of the vulnerability. Accepts a comma-separated list. Possible values are: CORTEX_AGENT, CORTEX_AGENTLESS_SCANNER, CORTEX_ATTACK_SURFACE_MANAGEMENT, CORTEX_ATTACK_SURFACE_TESTING, CORTEX_CLI_SCANNER, CORTEX_CONTAINER_REGISTRY_SCANNER, CORTEX_NETWORK_SCANNER, CORTEX_SERVERLESS_FUNCTION_SCANNER, QUALYS, TENABLE. | Optional |
+| cvrs_gte | The minimum risk score assigned to the vulnerability (range 0-100). | Optional |
+| compensating_controls_effective_coverage | No description provided. Possible values are: EFFECTIVE, EFFECTIVE_REQUIRES_CONFIGURATION_UPDATE, EFFECTIVE_REQUIRES_CONTENT_UPDATE, EXPLOIT_CONFIRMED, EXPLOIT_UNREACHABLE, NOT_INSTALLED, NO_CONTROLS_FOUND, UNKNOWN_COVERAGE. | Optional |
#### Context Output
@@ -533,6 +536,18 @@ Retrieves vulnerabilities based on specified filters.
| Core.VulnerabilityIssue.HAS_KEV | Boolean | Indicates if the vulnerability is a Known Exploited Vulnerability \(KEV\). |
| Core.VulnerabilityIssue.EXPLOITABLE | Boolean | Indicates if the vulnerability is exploitable. |
| Core.VulnerabilityIssue.ASSET_IDS | String | The unique identifier for the asset. |
+| Core.VulnerabilityIssue.FINDING_SOURCES | String | The finding sources that originally generated the security finding of the vulnerability. |
+| Core.VulnerabilityIssue.COMPENSATING_CONTROLS_DETECTED_COVERAGE | String | The coverage status of detected compensating controls, mirroring the input parameter enum values. |
+| Core.VulnerabilityIssue.CORTEX_VULNERABILITY_RISK_SCORE | Number | The risk score assigned to the vulnerability. |
+| Core.VulnerabilityIssue.FIX_VERSIONS | Array | The package versions that contain a fix for the vulnerability. |
+| Core.VulnerabilityIssue.ASSET_TYPES | Array | The types of assets affected by the vulnerability. |
+| Core.VulnerabilityIssue.COMPENSATING_CONTROLS_DETECTED_CONTROLS | Array | The compensating controls that were detected for the vulnerability. |
+| Core.VulnerabilityIssue.EXPLOIT_LEVEL | String | The exploitability level or status of the vulnerability. |
+| Core.VulnerabilityIssue.ISSUE_NAME | String | The name of the vulnerability issue. |
+| Core.VulnerabilityIssue.PACKAGE_IN_USE | Boolean | Indicates whether the vulnerable package is actively used in the environment. |
+| Core.VulnerabilityIssue.PROVIDERS | Array | The providers or sources of the vulnerability information. |
+| Core.VulnerabilityIssue.OS_FAMILY | String | The operating system family of the affected asset. |
+| Core.VulnerabilityIssue.IMAGE | String | Information related to the affected container or system image. |
### core-search-assets
diff --git a/Packs/Core/ReleaseNotes/3_4_70.md b/Packs/Core/ReleaseNotes/3_4_70.md
new file mode 100644
index 000000000000..4f304a79be42
--- /dev/null
+++ b/Packs/Core/ReleaseNotes/3_4_70.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Cortex Platform - Core
+
+- Added support for the following arguments in the **core-get-vulnerabilities** command: *cvrs_gte* and *compensating_controls_effective_coverage*.
diff --git a/Packs/Core/pack_metadata.json b/Packs/Core/pack_metadata.json
index 1a5842c47bdf..acdd79889bbf 100644
--- a/Packs/Core/pack_metadata.json
+++ b/Packs/Core/pack_metadata.json
@@ -2,7 +2,7 @@
"name": "Core",
"description": "Automates incident response",
"support": "xsoar",
- "currentVersion": "3.4.69",
+ "currentVersion": "3.4.70",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",