CPE generation

Asset Intelligence automatically generates Common Product Enumeration (CPE) entries for enriched assets, improving vulnerability matching accuracy.

Overview

As part of the enrichment process, Asset Intelligence (AI) generates Common Product Enumeration (Common Platform Enumeration (CPE)) entries for each enriched asset. CPEs are standardized identifiers that link assets to known products in vulnerability databases.

How CPE generation works

When AI enriches an asset, the enrichment service returns CPE data along with the enrichment results. The platform then:

Generates CPE strings in the standard CPE 2.3 format.
Calculates a likelihood score for each CPE match.
Removes any previously generated CPEs for the asset if the CPE signature has changed.
Inserts the new CPE records and links them to the asset.

CPE fields

Each generated CPE record contains the following fields:

CPE string: The full CPE 2.3 identifier
Part: The CPE part (hardware, operating system, or application)
Vendor: The CPE vendor identifier
Product: The CPE product identifier
Version: The CPE version identifier
Edition and update: Additional CPE classification data
Likelihood: A score indicating the confidence of the CPE match
Human-readable names: Readable versions of vendor, product, version, and edition

Impact on vulnerability matching

CPEs generated by AI are used for vulnerability matching. When the platform has an accurate CPE for an asset, it can match the asset against known vulnerabilities more precisely. This matching uses the Common Vulnerabilities and Exposures (CVE) database.

AI-generated CPEs are identified by the asset-enrichment translator tag. This distinguishes them from CPEs generated by other sources.

CPE updates

CPEs are automatically updated when the enrichment service provides new data. Each asset has a CPE signature hash that prevents unnecessary updates. When the signature changes, old CPEs are replaced with the updated versions.