CVEasy AI Documentation
Everything you need to set up, configure, and get the most out of CVEasy AI — the first complete CTEM platform.
Quick Setup
Install and run in 5 minutes
Import Scans
Nessus, Qualys, Rapid7 + 6 more
Run BASzy
118 attack modules, 10 campaigns
AI Remediation
Exact commands, not generic advice
FAQ
Common questions answered
EDR Whitelisting
CrowdStrike, SentinelOne, Defender
Installation & Setup
Download the DMG
Download CVEasy AI_0.1.0_aarch64.dmg from your purchase confirmation email. The file is approximately 5GB — it includes everything needed to run offline.
Install to Applications
Double-click the DMG and drag CVEasy AI™ to your Applications folder. That's it — no Homebrew, no Python, no command line.
Launch
Open CVEasy AI from Applications. On first launch, it will seed the database with 330,000+ CVEs (takes about 15 seconds) and start the AI engine automatically.
Activate Your License
Go to Settings → License, paste your license key, and click Activate. Your key is in the purchase confirmation email.
First Steps After Installation
Once CVEasy AI is running, here's what to do first:
Option A: You have existing scan data
If your team runs Nessus, Qualys, Rapid7, or any other vulnerability scanner, import your most recent scan:
- Click Scan Imports in the sidebar
- Click Import Scan
- Upload your scan file (drag & drop or file picker)
- CVEasy auto-detects the format, creates assets, and links CVEs
Option B: You don't have scan data
No scanner? No problem. BASzy discovers your assets automatically:
- Click BASzy in the sidebar
- Click New Scan
- Enter your network range (e.g.,
10.0.0.0/24) - BASzy™ scans the network, discovers assets, and tests for vulnerabilities
How To: Import Scan Data
CVEasy AI supports 9 scanner formats with automatic format detection:
| Scanner | Format | Extension |
|---|---|---|
| Tenable Nessus | XML | .nessus |
| Qualys VMDR | XML | .xml |
| Rapid7 InsightVM | XML / CSV | .xml |
| OpenVAS / GVM | XML | .xml |
| Nuclei | JSONL | .jsonl |
| Burp Suite | XML | .xml |
| OWASP ZAP | XML | .xml |
| Aqua Trivy | JSON | .json |
| Any Scanner | CSV | .csv |
What happens after import
- Assets created — every host in the scan becomes an asset in your inventory
- CVEs linked — vulnerabilities are linked to assets with port and CVSS data
- Missing CVEs fetched — any CVEs not in the database are fetched from NVD automatically
- Risk scores calculated — TRIS™ scores computed for each CVE on each asset
- Attack surface updated — the attack surface view reflects the new data immediately
How To: Run Network Discovery
BASzy's discovery engine finds assets on your network without requiring any scanner software. It performs an 8-phase enumeration:
- ARP sweep — instantly discovers devices on the local subnet
- Ping sweep — identifies live hosts across the target range
- Port scan — checks 47 common ports on each live host
- Banner grab — reads service banners to identify software versions
- SSL/TLS analysis — extracts hostnames from certificates
- DNS resolution — reverse DNS lookup on all discovered IPs
- mDNS/Bonjour — finds Apple devices and IoT
- Classification — categorizes each device (server, workstation, router, printer, IoT)
How To: Generate AI Remediation
CVEasy AI generates specific remediation playbooks — not generic "apply the latest patch" advice. Each playbook includes exact commands, verification steps, and rollback procedures.
Find the CVE
Browse CVEs or click on a finding from a scan import. The CVE detail page shows severity, TRIS™ score, affected products, and threat intelligence.
Click "Generate Remediation"
The AI engine generates a complete playbook in real-time. You'll see it stream in — typically 15-30 seconds.
Review and Apply
The playbook includes: Executive Summary, Severity Assessment, Immediate Actions (with verification), Patch Guide, Detection Queries, and Long-term Hardening.
How To: Run BASzy Attack Campaigns
BASzy includes 10 pre-built attack campaigns that simulate real-world threat scenarios. Each campaign chains multiple techniques exactly like a real attacker.
Available Campaigns
| Campaign | Steps | Validates |
|---|---|---|
| Ransomware Kill Chain | 10 | Email gateway, EDR, segmentation, backups |
| APT29 (Cozy Bear) | 7 | Supply chain, C2 detection, token theft |
| AD Zero to Domain Admin | 7 | Kerberos hardening, LAPS, tiered admin |
| Cloud Infrastructure Breach | 6 | IAM policies, IMDS, CloudTrail |
| Malicious Insider | 6 | DLP, USB controls, email monitoring |
| Initial Access Broker | 5 | Perimeter security, VPN, credential hygiene |
| Business Email Compromise | 5 | DMARC/SPF/DKIM, employee awareness |
| Web App SQLi→Shell→Data | 7 | WAF, input validation, segmentation |
| Network Segmentation | 4 | VLAN boundaries, firewall rules |
| Zero-Day Simulation | 5 | Behavioral detection, anomaly detection |
Understanding Results
Each test in a campaign produces one of four outcomes:
- BLOCKED — your security control prevented the attack (this is good)
- DETECTED — the attack succeeded but was caught (acceptable)
- UNDETECTED — the attack succeeded with no detection (fix this)
- SKIPPED — not applicable to your environment
How To: View Your Attack Surface
The Attack Surface view shows your entire environment from an attacker's perspective: which assets are exposed, which CVEs affect them, and how an attacker could chain exploits to reach your critical data.
Key elements:
- Executive narrative — auto-generated text for board presentations
- Risk-scored assets — sorted by actual risk, not just CVE count
- Attack paths — visual paths from entry points to crown jewels
- Chainable assets — assets with critical CVEs on multiple ports (lateral movement risk)
How To: Generate Reports
Go to Reports in the sidebar. CVEasy generates professional PDF reports suitable for:
- Board presentations — executive summary with risk narrative
- Compliance audits — controls mapped to HIPAA, PCI-DSS, SOC 2, etc.
- Technical teams — detailed findings with remediation steps
- Vulnerability trending — how your posture has changed over time
How To: Backup Your Data
Your CVEasy database contains all your vulnerability data, scan history, asset inventory, and configuration. Back it up regularly.
Manual Backup
- Go to Settings → Backup
- Click Create Backup
- The backup is saved to
~/Library/Application Support/CVEasy AI/backups/ - Click Download to save a copy externally
Restore from Backup
- Go to Settings → Backup
- Click Restore next to the backup you want
- A safety backup of your current data is created automatically
- Restart CVEasy AI to complete the restore
~/Library/Application Support/CVEasy AI/backups/Copy this folder to external storage for disaster recovery.
TRIS™ Scoring — How It Works
TRIS™ (Threat & Remediation Intelligence Score) is a proprietary 7-layer scoring engine that goes far beyond CVSS:
- CVSS Base Score — technical severity of the vulnerability
- EPSS Probability — likelihood of exploitation in the next 30 days
- CISA KEV Status — is this actively exploited in the wild?
- Threat Actor Targeting — are known APT groups using this CVE?
- Asset Criticality — how important is the affected asset?
- Public Exposure — is the asset internet-facing?
- BASzy Validation — was exploitability proven by attack simulation?
TRIS produces a score from 0-95 and assigns a priority band:
- ACT (75-95) — remediate immediately, actively dangerous
- ATTEND (50-74) — high priority, schedule remediation this sprint
- TRACK (25-49) — monitor, remediate in next cycle
- MONITOR (0-24) — low risk, track for changes
Compliance Mapping
CVEasy maps every CVE to 86 controls across 9 compliance frameworks:
- HIPAA (11 controls)
- PCI-DSS v4.0 (15 controls)
- SOC 2 TSC (9 controls)
- ISO 27001:2022 (11 controls)
- NIST CSF v2.0 (8 controls)
- CIS Controls v8 (12 controls)
- FedRAMP / NIST 800-53 (13 controls)
- GDPR (4 controls)
- CCPA (3 controls)
Supported Scanner Formats
CVEasy accepts exports from all major vulnerability scanners. Upload the file and format is auto-detected. Supported: Nessus, Qualys, Rapid7 InsightVM, OpenVAS/GVM, Nuclei, Burp Suite, OWASP ZAP, Aqua Trivy, and generic CSV (any scanner that exports CSV).
Keyboard Shortcuts
| ⌘K | Open search |
| ⌘J | Open AI chat |
| ⌘/ | Toggle sidebar |
EDR Whitelisting
BASzy performs authorized security testing that may trigger EDR/AV alerts. Whitelist the following before running attack simulations:
/Applications/CVEasy AI.app/Contents/MacOS/cveasy-ai /Applications/CVEasy AI.app/Contents/MacOS/cveasy-server /Applications/CVEasy AI.app/Contents/MacOS/llama-server /Applications/CVEasy AI.app/Contents/MacOS/baszy-server
Detailed instructions for CrowdStrike Falcon, SentinelOne, Microsoft Defender, Carbon Black, and Sophos are available in our EDR Whitelisting Guide.
Frequently Asked Questions
Does CVEasy AI need internet access?
No. CVEasy runs 100% offline. The AI engine, CVE database (330,000+ CVEs), and all features work without internet. When online, it automatically syncs new CVEs from NVD, but this is optional.
Can I use my existing Nessus/Qualys scans?
Yes. Upload your scan files directly — CVEasy supports 9 scanner formats including Nessus (.nessus), Qualys XML, Rapid7 XML, OpenVAS, Nuclei, Burp Suite, ZAP, Trivy, and generic CSV. Assets are auto-created and CVEs auto-linked.
What if I don't have a vulnerability scanner?
You don't need one. BASzy's built-in discovery engine scans your network, identifies assets, fingerprints services, and tests for vulnerabilities — all without external tools.
How is TRIS™ different from CVSS?
CVSS measures technical severity. TRIS™ measures actual risk by combining 7 signals: CVSS, EPSS (weaponization probability), CISA KEV (active exploitation), threat actor targeting, asset criticality, public exposure, and BASzy validation (proven exploitability). A CVSS 7.5 that's being actively exploited by APT29 against your industry scores much higher than a CVSS 9.0 that's theoretical.
Is BASzy safe to run in production?
BASzy respects authorization levels. In "low_impact" mode (default), all tests are non-destructive — they detect vulnerabilities without exploiting them. Aggressive testing requires explicit authorization and is designed for dedicated test environments.
How do I back up my data?
Go to Settings → Backup → Create Backup. The backup includes your entire CVE database, scan history, asset inventory, findings, and configuration. Download the backup file to external storage for disaster recovery.
What hardware do I need?
Lite: Mac Mini M2 or later with 16GB unified memory. Pro: Mac Studio M2 Max or later with 36-64GB unified memory. Apple Silicon (M1/M2/M3/M4) is required for the built-in AI engine.
Can multiple people use one installation?
Yes. CVEasy runs as a web application on your local network. Anyone on the same network can access it via browser at the server's IP address. Enterprise licenses support unlimited concurrent users.
How do I update CVEasy AI?
Download the latest DMG from your account and install over the existing application. Your database and settings are preserved — they're stored in ~/Library/Application Support/CVEasy AI/, not inside the app bundle.
What compliance frameworks are supported?
CVEasy maps to 86 controls across 9 frameworks: HIPAA, PCI-DSS v4.0, SOC 2 TSC, ISO 27001:2022, NIST CSF v2.0, CIS Controls v8, FedRAMP (NIST 800-53), GDPR, and CCPA. Each CVE shows which compliance controls it threatens.
Will BASzy trigger my EDR/antivirus?
It might — that's actually the point. BASzy tests whether your security controls detect attack techniques. If your EDR blocks a BASzy test, that's a PASS. If it doesn't, that's a gap to fix. For smooth operation, whitelist CVEasy AI in your EDR before running campaigns.