Make KEV data visible on findings listing (#12785)

dogboat · web-flow · commit 88716e581178 · 2025-07-17T21:12:50.000-05:00
* add display of kev data to findings listing and filtering

* kev date filter to use date widget

* define labels for kev date filter

* change column title for kev date

* add before/after filters for kev date
diff --git a/dojo/filters.py b/dojo/filters.py
@@ -448,6 +448,11 @@ def get_finding_filterset_fields(*, metrics=False, similar=False, filter_string_
         "epss_score_range",
         "epss_percentile",
         "epss_percentile_range",
+        "known_exploited",
+        "ransomware_used",
+        "kev_date",
+        "kev_before",
+        "kev_after",
     ])
 
     if similar:
@@ -1757,6 +1762,9 @@ class FindingFilterHelper(FilterSet):
             "is an upper bound. Leaving one empty will skip that bound (e.g., leaving the lower bound "
             'input empty will filter only on the upper bound -- filtering on "less than or equal").'
         ))
+    kev_date = DateFilter(field_name="kev_date", lookup_expr="exact", label="Added to KEV On")
+    kev_before = DateFilter(field_name="kev_date", lookup_expr="lt", label="Added to KEV Before")
+    kev_after = DateFilter(field_name="kev_date", lookup_expr="gt", label="Added to KEV After")
 
     o = OrderingFilter(
         # tuple-mapping retains order
@@ -1773,6 +1781,9 @@ class FindingFilterHelper(FilterSet):
             ("service", "service"),
             ("epss_score", "epss_score"),
             ("epss_percentile", "epss_percentile"),
+            ("known_exploited", "known_exploited"),
+            ("ransomware_used", "ransomware_used"),
+            ("kev_date", "kev_date"),
         ),
         field_labels={
             "numerical_severity": "Severity",
@@ -1783,6 +1794,9 @@ class FindingFilterHelper(FilterSet):
             "test__engagement__product__name": "Product Name",
             "epss_score": "EPSS Score",
             "epss_percentile": "EPSS Percentile",
+            "known_exploited": "Known Exploited",
+            "ransomware_used": "Ransomware Used",
+            "kev_date": "Date added to KEV",
         },
     )
 
@@ -1794,6 +1808,9 @@ def set_date_fields(self, *args: list, **kwargs: dict):
         self.form.fields["on"].widget = date_input_widget
         self.form.fields["before"].widget = date_input_widget
         self.form.fields["after"].widget = date_input_widget
+        self.form.fields["kev_date"].widget = date_input_widget
+        self.form.fields["kev_before"].widget = date_input_widget
+        self.form.fields["kev_after"].widget = date_input_widget
         self.form.fields["mitigated_on"].widget = date_input_widget
         self.form.fields["mitigated_before"].widget = date_input_widget
         self.form.fields["mitigated_after"].widget = date_input_widget
diff --git a/dojo/templates/dojo/findings_list_snippet.html b/dojo/templates/dojo/findings_list_snippet.html
@@ -336,6 +336,15 @@ <h3 class="has-filters">
                                     <th scope="col">
                                         {% trans "EPSS Percentile" %}
                                     </th>
+                                    <th scope="col">
+                                        {% trans "Known Exploited" %}
+                                    </th>
+                                    <th scope="col">
+                                        {% trans "Used in Ransomware" %}
+                                    </th>
+                                    <th scope="col">
+                                        {% trans "Date Added to KEV" %}
+                                    </th>
                                     <th class="nowrap" scope="col">
                                         {% if filter_name == 'Closed' %}
                                             {% comment %} The display field is translated in the function. No need to translate here as well{% endcomment %}
@@ -618,6 +627,15 @@ <h3 class="has-filters">
                                         <td class="nowrap text-right">
                                             {{ finding.epss_percentile|format_epss }}
                                         </td>
+                                        <td class="nowrap text-right">
+                                            {{ finding.known_exploited|yesno|capfirst }}
+                                        </td>
+                                        <td class="nowrap text-right">
+                                            {{ finding.ransomware_used|yesno|capfirst }}
+                                        </td>
+                                        <td class="nowrap text-right">
+                                            {{ finding.kev_date|date }}
+                                        </td>
                                         {% if filter_name == 'Closed' %}
                                         <td class="nowrap" data-order="{{ finding.mitigated|date:"U" }}">
                                             {{ finding.mitigated|date }}
@@ -765,6 +783,14 @@ <h3 class="has-filters">
                     { "data": "cve" },
                     { "data": "epss_score", "type": "num", "render": percentSort },
                     { "data": "epss_percentile", "type": "num", "render": percentSort },
+                    { "data": "known_exploited", },
+                    { "data": "used_ransomware", },
+                    { "data": "kev_date", render: function(data, type, row, meta) {
+                        if(type === 'sort') {
+                            return data && Date.parse(data)
+                        }
+                        return data;
+                    }},
                     { "data": "found_date", render: function (data, type, row, meta) {
                         if(type === 'sort') {
                             var api = new $.fn.dataTable.Api(meta.settings);
