What is Vulcan Threat Intelligence?
The Vulcan Cyber platform relies on threat intelligence to offer the most reliable risk rating for a given vulnerability. Vulnerabilities are ranked based on severity. Known exploits published in the wild are easier to take advantage of, as they require less technical expertise. They therefore pose a greater risk and as such receive a higher score. In order to stay on top of the latest exploits, the threat intelligence database is updated on a daily basis, with vulnerability scores being adjusted accordingly.
Threat Intelligence Sources
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high-end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by Offensive Security.
Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide.
Seebug is an open vulnerability platform based on vulnerability and PoC/Exp sharing communities.
SAINT Security Suite’s penetration testing provides easy-to-use, powerful capabilities to test and verify risk exposures from vulnerabilities in your network.
Packet Storm Security is an information security website offering current and historical computer security tools, exploits, and security advisories.
Zero Science Lab is a macedonian information security research and development laboratory that finds and publishes vulnerabilities and weaknesses in a large number of world-famous software packages and web applications.
0day Today is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.
Vulnerability Lab offers information on vulnerabilities, security holes, and bad security practices in software and applications.
MITRE CVE is a nonprofit operating federally funded research and development centers in the United States. MITRE CVE provides a free dictionary for organizations to improve their cyber security. Vulcan parses the OWASP Top 10 from the MITRE CVE feed.
Vulcan is connected to the daily feed of the NVD (National Vulnerability Database)—the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP).
Note: NVD is a correlation of over 2,500 exploits sources; the full sources will be shown in the vulnerability details.
The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services. Vulcan parses MSRC CVRF (Common Vulnerability Reporting Framework) monthly updates, pulling new CVE data.
Vulcan scrapes all open projects in GitHub, the largest code repository, searching for CVE tags and keywords that indicate an exploit. Then, Vulcan manually validates that the result is an actual exploit.
The Common Vulnerability Scoring System (CVSS) Vector is an integral part of the CVSS score. Vulcan parses all risk-affecting parameters to ensure the most accurate score.
CISA KEV Catalog Vulnerabilities
Metasploit (through Vulners)
Packet Storm (through Vulners)
0day.today (through Vulners)
Zero Science Lab (through Vulners)
Vulnerability Lab (through Vulners)
Exploit DB (through Vulners)
seebug.org (through Vulners)
Immunity (through Vulners)
SAINTexploit (through Vulners)
Canvas (through Vulners)
CISA and other verified sources
CISA KEV Catalog Vulnerabilities
Elevation of Privilege
Denial of Service
Security Feature Bypass
OWASP Top 10
CISA and other verified sources.
How often does Vulcan revisit the data?
Vulcan’s collectors update all threat intelligence sources on a daily basis.
How does Vulcan fuse the data?
Vulcan correlates data using CVE and CWE, matching against Vulcan’s vulnerability database.
Important note: If a vulnerability in Vulcan does not have either CVE or CWE mapped, it will not benefit from threat intelligence correlation.
Figure 1: Vulcan UI displays how risk score (critical) is affected by both the TI (Exploitable) and the asset impact (1 High impact tags)
How does the data affect the risk calculation?
On the Vulcan platform, configuring “Risk Priority Weights” affects the risk score of a specific vulnerability. The calculation is Boolean, generating full points if there is a “Threat Intelligence” tag, or no points if no tag exists.