Hacker Sidekick Workshop Dataset: Vulnerability Prioritization (Scenario 1)
Generated: 2026-01-21

Files
- HS_workshop_vuln_prioritization_findings.csv
    A workshop-friendly "scanner export style" dataset with 850 findings across 20 assets.
    It is derived from public example scan outputs (OpenVAS and Nessus) and enriched with a CISA KEV flag.
- source_openvas_sample.xml
    Public OpenVAS report sample (single host) used as one of the inputs.
- source_example_nessus_report.nessus
    Public Nessus .nessus report sample (single host) used as one of the inputs.
- known_exploited_vulnerabilities.csv
    CISA KEV catalog mirror (CSV) used to flag known exploited CVEs.

How to use in the workshop
1) Ingest HS_workshop_vuln_prioritization_findings.csv into Hacker Sidekick.
2) Ask HS to propose a prioritized remediation plan using:
   - Exploit likelihood: is_cisa_kev, normalized_severity_0_10, exploit_likelihood_hint
   - Business impact: asset_criticality_1_5, data_classification, environment, internet_exposed
   - Compensating controls: compensating_controls
3) Have participants justify the Top 10 and build an SLA-driven patching schedule.

Notes
- The dataset contains synthetic asset context (criticality, exposure, compensating controls, detection age) to enable prioritization conversations.
- The vulnerability titles / ports / CVEs come from the public example scanner outputs listed above.
