Skip to content
CrowdStrike Developer Center

Spotlight Vulnerability Metadata

The Spotlight Vulnerability Metadata service collection provides operations for retrieving Risk (vulnerability metadata) entities. Perform combined queries to retrieve CVE metadata including CVSS scores, temporal metrics, and risk provider information using FQL filters.

LanguageLast Update
Pythonv1.5.5
PowerShellv2.2.9
Gov0.20.0
TypeScriptv0.6.0
Rustv0.7.0
Rubyv1.2.0

Table of Contents

Section titled “Table of Contents”
OperationDescription
combineVulnMetadataExt
get_cve_metadata		Perform a combined query and get operation for retrieving Risk (vulnerability metadata) entities.

combineVulnMetadataExt

Section titled “combineVulnMetadataExt”

Perform a combined query and get operation for retrieving Risk (vulnerability metadata) entities.

GET /spotlight/combined/vulnerability-metadata-external/v1
Scope Risk Platform Risk: READ Consumes · Produces application/json
PEP 8 get_cve_metadata

Parameters

Section titled “Parameters”
NameTypeData typeDescription
afterquerystringA pagination token used with the limit parameter to manage pagination of results. On your first request, don’t provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results.
filterquerystringFilter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that support exact match: id, provider, cve_ids, cwe_ids, impact.cvss_v2.base_metrics.vector, impact.cvss_v2.temporal_metrics.vector, impact.cvss_v3.base_metrics.integrity_impact, impact.cvss_v3.base_metrics.vector, impact.cvss_v3.temporal_metrics.vector. Available filter fields that support range comparisons (>, <, >=, <=): created_timestamp, impact.cvss_v2.base_metrics.base_score, impact.cvss_v3.base_metrics.base_score, impact.cvss_v2.temporal_metrics.temporal_score, impact.cvss_v3.temporal_metrics.temporal_score, source_created_timestamp, source_updated_timestamp, updated_timestamp. Required.
limitqueryintegerThe number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results.
offsetquerystringStarting index of overall result set from which to return ids.
risk_providerquerystring or list of stringsZero or more risk providers. Zero means all. Supported values: S (for Falcon sensor).
sortquerystringSort vulnerabilities by their properties. Available sort options: created_timestamp|asc/desc, updated_timestamp|asc/desc.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import SpotlightVulnerabilityMetadata


falcon = SpotlightVulnerabilityMetadata(client_id=CLIENT_ID,
                                        client_secret=CLIENT_SECRET
                                        )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_cve_metadata(after="string",
                                   offset="string",
                                   limit=integer,
                                   sort="string",
                                   filter="string",
                                   risk_provider=id_list)
print(response)
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use