Splunk App
CVE Enrichment for Splunk
Accurate CVE context in the analyst workflow. No external lookups, no stale descriptions, no waiting 84 days for NVD.
CVE intelligence built for Splunk analysts.
Most Splunk teams we talk to have the same complaint. The CVE rows in their dashboards are accurate enough to glance at, and wrong often enough to ignore. Analysts re-check CVSS scores, hunt for the right CPE string, and copy summaries out of advisories that are already months stale. The root problem is the NVD. Roughly 80% of public CVSS analyses contain errors, and new CVEs sit for an average of 84 days before an NVD analyst reviews them. By the time a score arrives, your correlation rules have often been running against stale data for months, or nothing at all.
We built this app to fix that layer. Every CVE score is derived from an attack graph. We model the full attack surface, walk every viable path, and score each one against CVSS 3.1 and 4.0. Our methodology was presented at VulnCon26 by FIRST. New CVEs are enriched within minutes of publication. If an analyst disagrees with a score, they can open the graph and audit it step by step.
Each enriched record includes corrected CVSS 3.1 and 4.0 vectors, verified CPE matches, plain-English summaries written from our own analysis, and exploit signals (EPSS, KEV listing, public PoC presence) all in the same row. It works on Splunk Enterprise 8.2+ and Splunk Cloud with no schema changes and no external tabs. Subscribe, install the app from Splunkbase, paste your key, and enrichment starts within the minute.
Does it work with Splunk Enterprise and Splunk Cloud?
Both. The app is built for Splunk Enterprise 8.2+ and Splunk Cloud and behaves the same on each. No extra configuration depending on the deployment.
What exactly do I install?
One thing: the Volerion app from Splunkbase. Open it, paste the API key from your Volerion dashboard, and you are done. The app validates the connection and starts enriching CVEs on the next pipeline run.
How fresh is the data?
New CVEs are enriched within minutes of publication. For comparison, the NVD has taken an average of roughly 84 days to enrich a record over the last two years, meaning your correlation rules would otherwise be working with a score that is months old, or no score at all.
What does it cost, and is there a contract?
EUR 799 per month, billed monthly. No contract, cancel from the dashboard at any time, and you keep access until the period ends. Annual billing gets you two months free. Two optional discounts (logo rights, design partner) take EUR 200 off if either applies to you.
Coming Soon