Common Platform Enumeration

CPE stands for Common Platform Enumeration. It is a structured naming scheme for information technology systems, software, and packages. The structure and dictionary is maintained by NIST and free to use.

Support

Every entry contains a CPE list by providing full CPE 2.2 and 2.3 support. It is possible to use CPE strings in search queries on the web site and in the API alike. CPE data points are provided as virtual fields.

Please refer to our documentation about version handling in regards of data quality and confidence.

Extended Dictionary

Unfortunately, the official CPE dictionary is very slowly updated and misses the flexibility that we require. This is the reason why we use an extended CPE dictionary with additional products and versions.

It is not the intention to derive from the dictionary that other sources are using. Entries are adopted to match the official dictionary whenever possible. Please let us know if you identify a mismatch.

The CPE values are virtual fields, which are generated on-the-fly. Our changes to the CPE values are not reflected with a commit nor an update of the affected entries (e.g. you won't see these changes as updates via API. You would have to refetch entries manually to get the updated version with new values.

Recommendations

We recommend using our extended CPE dictionary. As well as adding some kind of fuzziness to your searches and matching. Otherwise the slightest changes become obstacles. For example, in the official CPE dictionary the naming conventions for Internet Explorer changed between versions:

  • cpe:/a:microsoft:ie
  • cpe:/a:microsoft:internet_explorer
This was tried to be fixed years later by correlation. Other peculiarities make adopting CPE a challenge.

If you need any assistance, we do provide engineering and implementation support for customers.

Do you know our Splunk app?

Download it now for free!