陌讯skills聚合平台

cve-impact

📁 dmartinol/ai5-marketplaces 📅 10 days ago
1
总安装量
1
周安装量
#51115
全站排名
安装命令
npx skills add https://github.com/dmartinol/ai5-marketplaces --skill cve-impact

Agent 安装分布

claude-code 1

Skill 文档

CVE Impact Analysis Skill

This skill helps SREs analyze CVE vulnerabilities to understand their impact on systems before creating remediation playbooks.

Integration with Remediator Agent: The remediator agent orchestrates this skill as part of its Step 1 (Impact Analysis) workflow for complex remediation scenarios. For simple standalone impact analysis, you can invoke this skill directly.

When to Use This Skill

Use this skill directly when you need:

  • Standalone CVE impact analysis without remediation planning
  • Quick risk assessment for a single CVE
  • Understanding which systems are affected by a CVE
  • CVE severity assessments for change management documentation
  • Risk assessment reports for management

Use the remediator agent when you need:

  • CVE analysis followed by remediation playbook generation
  • Complex workflows involving multiple CVEs and systems
  • Integrated risk assessment + remediation planning + execution guidance
  • Batch remediation across infrastructure
  • End-to-end CVE management (analysis → validation → remediation → verification)

How they work together: The remediator agent orchestrates this skill as part of its comprehensive workflow, combining impact analysis with context gathering, playbook generation, and execution guidance. The agent uses the skill’s analysis capabilities and extends them with remediation planning.

Workflow

0. List Critical CVEs (Optional – For Discovery Queries)

MCP Tool: get_cves (from insights-mcp vulnerability toolset)

Use this step when users ask: “What are the critical vulnerabilities?”, “Show me high-severity CVEs”, “List all vulnerabilities on my account”

Retrieve all CVEs affecting the account, filtered by severity:

# Get all CVEs with Critical or Important severity
get_cves(
  severity=["Critical", "Important"],
  sort_by="cvss_score",
  limit=20
)

# Expected output:
CVE-2024-1234 (CVSS 9.8, Critical) - kernel
  Affected systems: 15
  Remediation: Available

CVE-2024-5678 (CVSS 8.1, Important) - httpd
  Affected systems: 8
  Remediation: Available

CVE-2024-9012 (CVSS 7.5, Important) - openssl
  Affected systems: 25
  Remediation: Available

After listing CVEs:

  • Sort by CVSS score (highest first) or by number of affected systems
  • Provide summary table with CVE ID, severity, affected systems count, remediation availability
  • Offer to analyze any specific CVE in detail (use Step 1 below)
  • Offer to create remediation plan (transition to remediator agent)

1. CVE Information Retrieval (For Specific CVE Analysis)

MCP Tool: get_cve (from insights-mcp vulnerability toolset)

Retrieve comprehensive CVE metadata:

CVE ID: CVE-YYYY-NNNNN
CVSS Score: X.X (Base score from NIST)
Severity: Critical/High/Medium/Low
Attack Vector: Network/Adjacent/Local/Physical
Attack Complexity: Low/High
Privileges Required: None/Low/High
User Interaction: None/Required
Scope: Unchanged/Changed
Confidentiality Impact: None/Low/High
Integrity Impact: None/Low/High
Availability Impact: None/Low/High

Description: [CVE description from NVD/Red Hat]
Affected Packages: [List of packages and versions]
Published Date: YYYY-MM-DD
Last Modified: YYYY-MM-DD

2. Affected Systems Identification

MCP Tool: get_cve_systems (from insights-mcp vulnerability toolset)

Identify which systems in your infrastructure are affected by the CVE:

Affected Systems:
- system-uuid-1 (hostname: web-server-01, IP: 10.0.1.10)
  - Package: httpd-2.4.37-1.el8
  - Status: Vulnerable

- system-uuid-2 (hostname: web-server-02, IP: 10.0.1.11)
  - Package: httpd-2.4.37-1.el8
  - Status: Vulnerable

Total Affected Systems: N

3. System Classification

Classify affected systems by environment and criticality based on tags from Red Hat Insights:

System Classification:
- Production systems: N (highest priority)
- Staging systems: M (test before prod)
- Development systems: K (lowest priority)
- Bare metal: X systems
- Virtual machines: Y systems

4. Risk Assessment

Provide a risk assessment based on:

  • CVSS score and severity
  • Number of affected systems
  • System criticality (production vs non-production)
  • Attack vector and exploitability
  • Known exploits in the wild

Output Format:

Risk Assessment Summary
━━━━━━━━━━━━━━━━━━━━━━━

Overall Risk Level: Critical/High/Medium/Low

Factors:
✓ CVSS Score: X.X (Severity: High)
✓ Affected Systems: N systems
✓ Environment: Production (Critical)
✓ Attack Vector: Network (Remote exploitable)
✓ Exploitability: Proof-of-concept exists
✓ User Interaction: None required

Recommendation: Immediate remediation recommended
Priority: P0 (within 24 hours) / P1 (within 7 days) / P2 (within 30 days)

5. Impact Analysis

Analyze the potential business impact:

Impact Analysis
━━━━━━━━━━━━━━━━━━━━━━━

Service Impact:
- Web services (web-server-01, web-server-02): High availability risk
- API endpoints: Potential data exposure

Business Impact:
- Confidentiality: Customer data could be exposed
- Integrity: System files could be modified
- Availability: Service disruption possible

Compliance Impact:
- PCI-DSS: Non-compliance if not remediated
- SOC 2: Control failure

6. Remediation Readiness Check

Check if remediation is available:

Remediation Availability
━━━━━━━━━━━━━━━━━━━━━━━

✓ Automated Playbook: Available
✓ Package Update: httpd-2.4.37-2.el8 (fixed version)
✓ Reboot Required: No
✓ Estimated Downtime: < 5 minutes per system

OR

✗ Automated Playbook: Not available
✓ Manual Steps Required: Yes
  1. Update package manually: yum update httpd
  2. Restart service: systemctl restart httpd
  3. Verify fix: httpd -v

Output Template

When completing a CVE impact analysis, provide output in this format:

# CVE Impact Analysis Report

## CVE Information
**CVE ID**: CVE-YYYY-NNNNN
**CVSS Score**: X.X
**Severity**: Critical/High/Medium/Low
**Published**: YYYY-MM-DD

**Description**:
[Brief description of the vulnerability]

**Affected Packages**:
- package-name version-range

## Affected Systems
**Total Systems**: N

| System | Hostname | Environment | Package | Status |
|--------|----------|-------------|---------|--------|
| uuid-1 | server-01 | Production | httpd-2.4.37 | Vulnerable |
| uuid-2 | server-02 | Production | httpd-2.4.37 | Vulnerable |

## Risk Assessment
**Overall Risk**: Critical/High/Medium/Low
**Priority**: P0/P1/P2
**Recommendation**: [Immediate remediation / Schedule maintenance / Monitor]

**Key Factors**:
- Attack Vector: [Network/Local/etc]
- Exploitability: [Known exploits / PoC available / Theoretical]
- Impact: [High/Medium/Low]

## Business Impact
- **Confidentiality**: [Impact description]
- **Integrity**: [Impact description]
- **Availability**: [Impact description]

## Remediation Options
- ✓ Automated playbook available
- ✓ Manual steps documented
- ⚠ Requires testing in staging first
- ⚠ Maintenance window recommended

## Next Steps
1. [ ] Approve remediation plan
2. [ ] Schedule maintenance window (if needed)
3. [ ] Create remediation playbook (use remediator agent)
4. [ ] Test in staging environment
5. [ ] Execute in production
6. [ ] Verify remediation success

Examples

Example 0: List Critical Vulnerabilities (Discovery Query)

User Request: “What are the most critical vulnerabilities on my account?”

Skill Response:

  1. Call get_cves(severity=["Critical", "Important"], sort_by="cvss_score", limit=20)
  2. Parse and sort results by CVSS score
  3. Return summary table:
# Critical Vulnerabilities Summary

Found 12 Critical/Important CVEs affecting your systems:

| CVE ID | CVSS | Severity | Affected Systems | Remediation | Priority |
|--------|------|----------|------------------|-------------|----------|
| CVE-2024-1234 | 9.8 | Critical | 15 systems | Available | P0 - Immediate |
| CVE-2024-5678 | 8.1 | Important | 8 systems | Available | P1 - 7 days |
| CVE-2024-9012 | 7.5 | Important | 25 systems | Available | P1 - 7 days |
| ... | ... | ... | ... | ... | ... |

**Recommendations**:
- CVE-2024-1234: Immediate remediation required (CVSS 9.8, network exploitable)
- CVE-2024-5678: Schedule remediation within 7 days
- CVE-2024-9012: High system count (25 systems) - consider batch remediation

**Next Steps**:
- Analyze any specific CVE for details: "Analyze CVE-2024-1234"
- Create remediation plan: "Remediate CVE-2024-1234 on all affected systems"
  1. Wait for user to request specific CVE analysis or remediation
  2. If user says “remediate CVE-X”, respond: “I’ll transition to the remediator agent to create the remediation playbook”

Example 1: High-Severity CVE Analysis

User Request: “Analyze the impact of CVE-2024-1234”

Skill Response:

  1. Retrieve CVE details using get_cve
  2. List affected systems using get_cve_systems
  3. Classify systems by environment and criticality
  4. Provide risk assessment and recommendations
  5. Suggest next steps (use remediator agent if remediation needed)

Example 2: Multiple CVE Comparison

User Request: “Compare the impact of CVE-2024-1234 and CVE-2024-5678”

Skill Response:

  1. Retrieve details for both CVEs
  2. Create comparison table (CVSS, severity, affected systems)
  3. Recommend prioritization order
  4. Suggest batch remediation if both should be fixed together

Example 3: Environment-Specific Analysis

User Request: “Which production systems are affected by CVE-2024-1234?”

Skill Response:

  1. Retrieve CVE details
  2. Filter affected systems by environment tag
  3. Provide production-specific impact assessment
  4. Include business impact analysis for production services

Integration with Remediator Agent

After completing impact analysis, the skill should:

  1. Suggest transition to remediation if risk is high:

    Based on this analysis, immediate remediation is recommended.

Would you like me to create a remediation playbook?
(This will use the remediator agent)

  2. Provide context for remediation:

    • CVE ID
    • Affected system UUIDs
    • Recommended execution method (AAP/Tower/Manual)
    • Suggested maintenance window

Error Handling

CVE not found:

CVE-YYYY-NNNNN was not found in the Red Hat CVE database.

Possible reasons:
- CVE ID is incorrect
- CVE is too recent and not yet in database
- CVE doesn't affect RHEL systems

Suggestions:
- Verify CVE ID format (CVE-YYYY-NNNNN)
- Check NVD database: https://nvd.nist.gov/vuln/search
- Try alternative CVE IDs if this is an alias

No affected systems:

CVE-YYYY-NNNNN Analysis Complete

Good news! No systems in your infrastructure are affected by this CVE.

Possible reasons:
- Your systems are already patched
- Affected packages are not installed
- Systems are running different versions

No action required.

Best Practices

  1. Always start with risk assessment before deciding on remediation
  2. Check for known exploits using CVE description and references
  3. Consider business impact not just CVSS scores
  4. Group related CVEs for batch remediation when possible
  5. Document findings for compliance and audit purposes
  6. Test in staging first for high-impact changes

Tools Reference

This skill primarily uses:

  • get_cve (vulnerability toolset) – Get details about a specific CVE
  • get_cve_systems (vulnerability toolset) – Get list of systems affected by a CVE
  • get_cves (vulnerability toolset) – Get list of all CVEs affecting the account (optional)
  • get_system_cves (vulnerability toolset) – Get list of CVEs affecting a specific system (optional)
  • get_host_details (inventory toolset) – Get detailed system information (optional)

All tools are provided by the insights-mcp MCP server configured in .mcp.json.

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。