With plerion vulnerabilities, you can query vulnerabilities across your cloud assets and manage vulnerability exemptions.
For more about vulnerabilities in the Plerion dashboard, see Vulnerabilities.
Synopsis
plerion vulnerabilities <subcommand> [options]
Subcommands
list
List vulnerabilities with filtering.
plerion vulnerabilities list [options]
Options
| Flag | Type | Description |
|---|
--severity | string | CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL (comma-separated) |
--provider | string | Cloud provider: AWS, Azure, GCP, Kubernetes (case-insensitive) |
--has-kev | flag | Only CISA Known Exploited Vulnerabilities |
--has-exploit | flag | Only vulnerabilities with known exploits |
--has-vendor-fix | flag | Only vulnerabilities with a vendor fix available |
--is-exploitable | flag | Only exploitable vulnerabilities |
--is-exempted | boolean | Filter by exemption status (true or false) |
--asset-id | string | Filter by asset ID(s) |
--vulnerability-id | string | Filter by CVE/vulnerability IDs (comma-separated) |
--asset-group-id | string | Filter by asset group IDs (comma-separated) |
--environment-id | string | Filter by environment IDs or names (comma-separated) |
--execution-id | string | Filter by execution IDs (comma-separated) |
--region | string | Filter by cloud region(s) |
--integration-id | string | Filter by integration IDs |
--sort-by | string | Sort field (e.g. hasKev, severityLevelValue, firstObservedAt) |
--sort-order | string | asc or desc |
--package-name | string | Filter by package name |
--target-name | string | Filter by target name |
--target-type | string | Filter by target type |
--target-class | string | Filter by target class (e.g. lang-pkgs, os-pkgs) |
--start | string | First observed start date (ISO 8601) |
--end | string | First observed end date (ISO 8601) |
--per-page | number | Results per page (max 2000) |
--all | flag | Fetch all pages automatically |
exemptions list
plerion vulnerabilities exemptions list --profile-id <id> [--per-page N] [--all]
| Flag | Type | Description |
|---|
--profile-id | string | (required) Profile ID or default |
--per-page | number | Results per page (default: 100, max: 1000) |
--all | flag | Fetch all pages automatically |
exemptions get
plerion vulnerabilities exemptions get --profile-id <id> --id <exemption-id>
exemptions create
plerion vulnerabilities exemptions create --profile-id <id> --name <n> --reason <r> --conditions <json> --audit-note <note>
| Flag | Type | Description |
|---|
--reason | string | (required) Exemption reason. Validated against allowed values (see below) |
--conditions | string | (required) Conditions JSON. Must include at least one of: vulnerabilityIds, assetGroupIds, assetIds, assetRegions, assetTags |
--audit-note | string | (required) Audit note (max 250 chars) |
The --conditions, --reason, and --audit-note flags are all required when creating an exemption.
Reason values
| Value | Description |
|---|
ACCEPTED_RISK | Risk has been accepted |
COMPENSATING_CONTROL | A compensating control is in place |
NO_VENDOR_FIX | No vendor fix is available |
NOT_IN_USE | The vulnerable component is not in use |
OTHER_REASONS | Other reasons (provide details in name) |
exemptions update
plerion vulnerabilities exemptions update --profile-id <id> --id <exemption-id> [--name <n>] [--reason <r>] [--audit-note <note>] [--conditions <json>]
| Flag | Type | Description |
|---|
--audit-note | string | Updated audit note |
--conditions | string | Updated conditions (JSON) |
exemptions delete
plerion vulnerabilities exemptions delete --profile-id <id> --id <exemption-id>
Examples
# Critical vulnerabilities with known exploits
plerion vulnerabilities list --severity CRITICAL --has-exploit
# CISA KEV list
plerion vulnerabilities list --has-kev --output table
# All critical and high vulnerabilities
plerion vulnerabilities list --severity CRITICAL,HIGH --all --output json > vulns.json
# Create an exemption
plerion vulnerabilities exemptions create \
--profile-id my-profile \
--name "Accepted CVE-2022-22965" \
--reason ACCEPTED_RISK \
--conditions '{"vulnerabilityIds":["CVE-2022-22965"]}' \
--audit-note "Accepted risk per security review"
# List exemptions
plerion vulnerabilities exemptions list --profile-id my-profile
# Fetch all exemptions across all pages
plerion vulnerabilities exemptions list --profile-id my-profile --all
# Delete an exemption
plerion vulnerabilities exemptions delete --profile-id my-profile --id ex-abc123
Output columns
Table output includes all fields returned by the API:
| Column | Description |
|---|
| CVE / ID | CVE identifier or Plerion vulnerability ID |
| TITLE | Vulnerability title |
| SEVERITY | CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL |
| SEVERITY VALUE | Numeric CVSS-style severity score |
| SEVERITY SOURCE | Source of the severity rating |
| PROVIDER | Cloud provider |
| ASSET ID | Affected asset ID |
| ASSET TYPE | Asset type |
| TARGET NAME | Affected package or target name |
| DESCRIPTION | Vulnerability description |
| PRIMARY URL | Link to CVE or advisory |
| KEV | CISA Known Exploited Vulnerability |
| EXPLOIT | Has known exploit |
| FIX | Vendor fix available |
| PUBLISHED | Publication date |
| FIRST OBSERVED | First observed timestamp |
| LAST OBSERVED | Last observed timestamp |
| INTEGRATION ID | Integration ID |
| TENANT ID | Tenant ID |
| ORG ID | Organization ID |
| EXECUTION ID | Scan execution ID |
| SCHEMA VERSION | API schema version |
Exemptions output columns
| Column | Description |
|---|
| ID | Exemption ID |
| PROFILE ID | Profile the exemption belongs to |
| NAME | Exemption name/description |
| REASON | Exemption reason |
| AUDIT NOTE | Auditor note |
| CREATED BY | User who created the exemption |
| UPDATED BY | User who last updated the exemption |
| CREATED AT | Creation timestamp |
| UPDATED AT | Update timestamp |
