> For the complete documentation index, see [llms.txt](https://docs.reveald.com/technical-documentation/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.reveald.com/technical-documentation/epiphany-workflows/technical-analysis/vulnerability-management/search-for-vulnerabilities.md). # Search for Vulnerabilities ## Workflow Epiphany allows you to quickly search for any vulnerability within its database by going to the **Attack Path Tools -> Vulnerabilities** page and using the **Vulnerability Lookup** tool. This is designed to help lessen the time you need to go find the data you need about the latest vulnerability or to help your prioritize what to do next. The [Dashboard](/technical-documentation/epiphany-workflows/technical-analysis/create-an-analysis-focused-dashboard.md)'s toobox includes environmental and attack path components specifically designed to track vulnerabilities and highlight their use in attack paths. For the Epiphany-specific process we'll use the following workflow: 1. Go to **Attack Path Tools -> Vulnerabilities.** 2. Search for a vulnerability. 3. Review the results. ### Search For a Vulnerability The Vulnerability Lookup tool provides quick access to all the vulnerability knowledge within Epiphany for you to use in your vulnerability management decisions. ![Epiphany Vulnerability Lookup tool.](/files/Z8pCypogmQYVgku6F2iZ) The Vulnerability Lookup tool is capable of full-text search of a vulnerability, meaning you can enter the CVE number of the vulnerability, vulnerability key words such as the affected application, or remediation-related terms. Epiphany will locate all the matches in the database. Epiphany will only display results for vulnerabilities that appear within your environment in order to lessen the required time searching through the data. A couple of key items in the search table to keep in mind: 1. **EIP Score.** This score is the Epiphany model's evaluation of the viability of this vulnerability for exploitation. This is the default ranking system Epiphany uses for how "bad" a vulnerability might be in your environment. 2. **Type.** This is the classification of the vulnerability in how and "where" it would be used by the attacker. Epiphany classifies three types of vulnerabilities you need to know about: remote code execution (RCE), social engineering (SE), and local privilege escalation (LPE). These are the three main types used by attackers to gain a foothold and move throughout the environment. 3. **Host Count.** This is the number of devices within the environment that have this vulnerability present. {% hint style="info" %} **NOTE:** Clicking on the **Host Count** displays a searchable list of all the devices affected by the vulnerability. From here you can narrow down the results to just those in paths or those that meet some other criteria. {% endhint %} ![A host count pop-up that is pre-filtered. ](/files/NgibZlr1eAxWRUqAwKUB) ### Review Results Epiphany is all about speed. Everything you want to know is at your fingertips in Epiphany, including vulnerability data. To get the best results when searching through the vulnerability data and Epiphany in general, always include *in\_path=True* with your search to start with only those devices or identities that are exposed to an attack path and widen or narrow your search from there. Happy hunting! --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.reveald.com/technical-documentation/epiphany-workflows/technical-analysis/vulnerability-management/search-for-vulnerabilities.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.