What is Vulcan Threat Intelligence?
The Vulcan Cyber platform relies on threat intelligence to offer a vulnerability's most reliable risk rating. Vulnerabilities are ranked based on severity. Known exploits published in the wild are more accessible to exploit as they require less technical expertise. They pose a greater risk and, as such, receive a higher score. To stay on top of the latest exploits, the threat intelligence database is updated daily, with vulnerability scores adjusted accordingly.
Threat Intelligence Sources
SOURCE | LINK | NOTES |
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. | ||
| The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications and high-end penetration testing services. Offensive Security provides the Exploit Database as a non-profit project and as a public service. | |
| Immunity's CANVAS provides penetration testers and security professionals worldwide with hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework. | |
| Seebug is an open vulnerability platform based on vulnerability and PoC/Exp sharing communities. | |
| SAINT Security Suite’s penetration testing provides easy-to-use, powerful capabilities to test and verify risk exposures from vulnerabilities in your network. | |
| Packet Storm Security is an information security website offering current and historical computer security tools, exploits, and security advisories. | |
| Zero Science Lab is a Macedonian information security research and development laboratory that finds and publishes vulnerabilities and weaknesses in many world-famous software packages and web applications. | |
| 0day Today is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals. | |
| Vulnerability Lab offers information on vulnerabilities, security holes, and bad security practices in software and applications. | |
| MITRE CVE is a nonprofit organization operating federally funded research and development centers in the United States. It provides a free dictionary for organizations to improve their cyber security. Vulcan parses the OWASP Top 10 from the MITRE CVE feed. | |
| Vulcan is connected to the daily feed of the NVD (National Vulnerability Database)—the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). Note: NVD is a correlation of over 2,500 exploits sources; the full sources will be shown in the vulnerability details. | |
| The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services. Vulcan parses monthly updates of MSRC CVRF (Common Vulnerability Reporting Framework), pulling new CVE data. | |
| Vulcan scrapes all open projects in GitHub, the largest code repository, searching for CVE tags and keywords that indicate an exploit. Then, Vulcan manually validates that the result is an actual exploit. | |
| Original CVE | The Common Vulnerability Scoring System (CVSS) Vector is an integral part of the CVSS score. Vulcan parses all risk-affecting parameters to ensure the most accurate score. |
CISA KEV Catalog Vulnerabilities | ||
The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. Our goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data. The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
The formula to calculate the EPSS of a vulnerability with multiple CVEs :
|
Generated Tags
TAG | SOURCE |
Exploitable | Metasploit (through Vulners) Packet Storm (through Vulners) 0day.today (through Vulners) Zero Science Lab (through Vulners) GitHub Vulnerability Lab (through Vulners) Exploit DB (through Vulners) seebug.org (through Vulners) Immunity (through Vulners) SAINTexploit (through Vulners) Canvas (through Vulners) NVD |
Weaponized | CISA and other verified sources |
CISA | CISA KEV Catalog Vulnerabilities |
Elevation of Privilege | Microsoft CVRF |
Execution | Microsoft CVRF |
Denial of Service | Microsoft CVRF |
Remote Code | Microsoft CVRF |
Information Leakage | Microsoft CVRF |
Security Feature Bypass | Microsoft CVRF |
Tampering | Microsoft CVRF |
Spoofing | Microsoft CVRF |
OWASP Top 10 | MITRE CVE |
Malware | CISA and other verified sources. |
Remote | CVSS Vector |
Local | CVSS Vector |
Unauthenticated | CVSS Vector |
FAQ
How often does Vulcan revisit the data?
Vulcan’s collectors update all threat intelligence sources daily.
How does Vulcan fuse the data?
Vulcan correlates data using CVE and CWE, matching against Vulcan’s vulnerability database.
Important note: If a vulnerability in Vulcan does not have either CVE or CWE mapped, it will not benefit from threat intelligence correlation.
Figure 1: Vulcan UI displays how risk score (critical) is affected by both the TI (Exploitable) and the asset impact (1 High impact tags)
How does the data affect the risk calculation?
On the Vulcan platform, configuring “Risk Priority Weights” affects the risk score of a specific vulnerability. The calculation is Boolean, generating full points if there is a “Threat Intelligence” tag, or no points if no tag exists.
Read next