demisto · inbalapt1 · Dec 17, 2025 · Dec 17, 2025 · Dec 17, 2025 · Dec 17, 2025
@@ -1344,6 +1344,10 @@ def get_vulnerabilities_command(client: Client, args: dict) -> CommandResults:
             "assigned": FilterType.NIS_EMPTY,
         },
     )
+    filter_builder.add_field("CORTEX_VULNERABILITY_RISK_SCORE", FilterType.GTE, arg_to_number(args.get("cvrs_gte")))
+    filter_builder.add_field(
+        "COMPENSATING_CONTROLS_DETECTED_COVERAGE", FilterType.EQ, argToList(args.get("compensating_controls_effective_coverage"))
+    )
 
     request_data = build_webapp_request_data(
         table_name=VULNERABLE_ISSUES_TABLE,
@@ -1374,6 +1378,17 @@ def get_vulnerabilities_command(client: Client, args: dict) -> CommandResults:
         "EXPLOITABLE",
         "ASSET_IDS",
         "FINDING_SOURCES",
+        "COMPENSATING_CONTROLS_DETECTED_COVERAGE",
+        "CORTEX_VULNERABILITY_RISK_SCORE",
+        "FIX_VERSIONS",
+        "ASSET_TYPES",
+        "COMPENSATING_CONTROLS_DETECTED_CONTROLS",
+        "EXPLOIT_LEVEL",
+        "ISSUE_NAME",
+        "PACKAGE_IN_USE",
+        "PROVIDERS",
+        "OS_FAMILY",
+        "IMAGE",
     ]
     filtered_data = [{k: v for k, v in item.items() if k in output_keys} for item in data]
 

@@ -1653,6 +1653,21 @@ script:
             - CORTEX_SERVERLESS_FUNCTION_SCANNER
             - QUALYS
             - TENABLE
+        - name: cvrs_gte
+          description: The minimum risk score assigned to the vulnerability (range 0-100).
+        - name: compensating_controls_effective_coverage
+          description: The assessed effectiveness and coverage of detected compensating controls.
+          isArray: true
+          auto: PREDEFINED
+          predefined:
+          - EFFECTIVE
+          - EFFECTIVE_REQUIRES_CONFIGURATION_UPDATE
+          - EFFECTIVE_REQUIRES_CONTENT_UPDATE
+          - EXPLOIT_CONFIRMED
+          - EXPLOIT_UNREACHABLE
+          - NOT_INSTALLED
+          - NO_CONTROLS_FOUND
+          - UNKNOWN_COVERAGE
       outputs:
         - contextPath: Core.VulnerabilityIssue.ISSUE_ID
           description: The unique identifier for the vulnerability issue.
@@ -1702,6 +1717,39 @@ script:
         - contextPath: Core.VulnerabilityIssue.FINDING_SOURCES
           description: The finding sources that originally generated the security finding of the vulnerability.
           type: String
+        - contextPath: Core.VulnerabilityIssue.COMPENSATING_CONTROLS_DETECTED_COVERAGE
+          description: The coverage status of detected compensating controls, mirroring the input parameter enum values.
+          type: String
+        - contextPath: Core.VulnerabilityIssue.CORTEX_VULNERABILITY_RISK_SCORE
+          description: The risk score assigned to the vulnerability.
+          type: Number
+        - contextPath: Core.VulnerabilityIssue.FIX_VERSIONS
+          description: The package versions that contain a fix for the vulnerability.
+          type: Array
+        - contextPath: Core.VulnerabilityIssue.ASSET_TYPES
+          description: The types of assets affected by the vulnerability.
+          type: Array
+        - contextPath: Core.VulnerabilityIssue.COMPENSATING_CONTROLS_DETECTED_CONTROLS
+          description: The compensating controls that were detected for the vulnerability.
+          type: Array
+        - contextPath: Core.VulnerabilityIssue.EXPLOIT_LEVEL
+          description: The exploitability level or status of the vulnerability.
+          type: String
+        - contextPath: Core.VulnerabilityIssue.ISSUE_NAME
+          description: The name of the vulnerability issue.
+          type: String
+        - contextPath: Core.VulnerabilityIssue.PACKAGE_IN_USE
+          description: Indicates whether the vulnerable package is actively used in the environment.
+          type: Boolean
+        - contextPath: Core.VulnerabilityIssue.PROVIDERS
+          description: The providers or sources of the vulnerability information.
+          type: Array
+        - contextPath: Core.VulnerabilityIssue.OS_FAMILY
+          description: The operating system family of the affected asset.
+          type: String
+        - contextPath: Core.VulnerabilityIssue.IMAGE
+          description: Information related to the affected container or system image.
+          type: String
     - arguments:
         - description: Comma-separated list of IDs of the issues to get recommendations for (maximum 10 per request).
           name: issue_ids

@@ -498,8 +498,8 @@ Retrieves vulnerabilities based on specified filters.
 | **Argument Name** | **Description** | **Required** |
 | --- | --- | --- |
 | limit | The maximum number of vulnerabilities to return. Default is 50. | Optional |
-| sort_field | The field by which to sort the results. Default is LAST_OBSERVED. | Optional |
-| sort_order | The order in which to sort the results. Possible values are: DESC, ASC. | Optional |
+| sort_field | The field by which to sort the results. Possible values are: PLATFORM_SEVERITY, CVSS_SCORE, EPSS_SCORE, CORTEX_VULNERABILITY_RISK_SCORE, LAST_OBSERVED. Default is LAST_OBSERVED. | Optional |
+| sort_order | The order in which to sort the results. Possible values are: DESC, ASC. Default is DESC. | Optional |
 | cve_id | The CVE ID. Accepts a comma-separated list. | Optional |
 | issue_id | The issue ID. Accepts a comma-separated list. | Optional |
 | cvss_score_gte | The minimum CVSS score. | Optional |
@@ -512,7 +512,10 @@ Retrieves vulnerabilities based on specified filters.
 | start_time | The start time for filtering according to case creation time. Supports free-text relative and absolute times. For example: 7 days ago, 2023-06-15T10:30:00Z, 13/8/2025. | Optional |
 | end_time | The end time for filtering according to case creation time. Supports free-text relative and absolute times. For example: 7 days ago, 2023-06-15T10:30:00Z, 13/8/2025. | Optional |
 | severity | The severity of the vulnerability issue. Possible values are: info, low, medium, high, critical. | Optional |
-| assignee | The email of the user assigned to the vulnerability. Accepts a comma-separated list. <br/>Use 'unassigned' for unassigned vulnerabilities or 'assigned' for all assigned vulnerabilities.<br/>. | Optional |
+| assignee | The email of the user assigned to the vulnerability. Accepts a comma-separated list. Use 'unassigned' for unassigned vulnerabilities or 'assigned' for all assigned vulnerabilities. | Optional |
+| finding_sources | The finding sources of the vulnerability. Accepts a comma-separated list. Possible values are: CORTEX_AGENT, CORTEX_AGENTLESS_SCANNER, CORTEX_ATTACK_SURFACE_MANAGEMENT, CORTEX_ATTACK_SURFACE_TESTING, CORTEX_CLI_SCANNER, CORTEX_CONTAINER_REGISTRY_SCANNER, CORTEX_NETWORK_SCANNER, CORTEX_SERVERLESS_FUNCTION_SCANNER, QUALYS, TENABLE. | Optional |
+| cvrs_gte | The minimum risk score assigned to the vulnerability (range 0-100). | Optional |
+| compensating_controls_effective_coverage | No description provided. Possible values are: EFFECTIVE, EFFECTIVE_REQUIRES_CONFIGURATION_UPDATE, EFFECTIVE_REQUIRES_CONTENT_UPDATE, EXPLOIT_CONFIRMED, EXPLOIT_UNREACHABLE, NOT_INSTALLED, NO_CONTROLS_FOUND, UNKNOWN_COVERAGE. | Optional |
 
 #### Context Output
 
@@ -533,6 +536,18 @@ Retrieves vulnerabilities based on specified filters.
 | Core.VulnerabilityIssue.HAS_KEV | Boolean | Indicates if the vulnerability is a Known Exploited Vulnerability \(KEV\). |
 | Core.VulnerabilityIssue.EXPLOITABLE | Boolean | Indicates if the vulnerability is exploitable. |
 | Core.VulnerabilityIssue.ASSET_IDS | String | The unique identifier for the asset. |
+| Core.VulnerabilityIssue.FINDING_SOURCES | String | The finding sources that originally generated the security finding of the vulnerability. |
+| Core.VulnerabilityIssue.COMPENSATING_CONTROLS_DETECTED_COVERAGE | String | The coverage status of detected compensating controls, mirroring the input parameter enum values. |
+| Core.VulnerabilityIssue.CORTEX_VULNERABILITY_RISK_SCORE | Number | The risk score assigned to the vulnerability. |
+| Core.VulnerabilityIssue.FIX_VERSIONS | Array | The package versions that contain a fix for the vulnerability. |
+| Core.VulnerabilityIssue.ASSET_TYPES | Array | The types of assets affected by the vulnerability. |
+| Core.VulnerabilityIssue.COMPENSATING_CONTROLS_DETECTED_CONTROLS | Array | The compensating controls that were detected for the vulnerability. |
+| Core.VulnerabilityIssue.EXPLOIT_LEVEL | String | The exploitability level or status of the vulnerability. |
+| Core.VulnerabilityIssue.ISSUE_NAME | String | The name of the vulnerability issue. |
+| Core.VulnerabilityIssue.PACKAGE_IN_USE | Boolean | Indicates whether the vulnerable package is actively used in the environment. |
+| Core.VulnerabilityIssue.PROVIDERS | Array | The providers or sources of the vulnerability information. |
+| Core.VulnerabilityIssue.OS_FAMILY | String | The operating system family of the affected asset. |
+| Core.VulnerabilityIssue.IMAGE | String | Information related to the affected container or system image. |
 
 ### core-search-assets
 

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Cortex Platform - Core
+
+- Added support for the following arguments in the **core-get-vulnerabilities** command: *cvrs_gte* and *compensating_controls_effective_coverage*.
@@ -2,7 +2,7 @@
     "name": "Core",
     "description": "Automates incident response",
     "support": "xsoar",
-    "currentVersion": "3.4.69",
+    "currentVersion": "3.4.70",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",