Skip to main content
Threat Intelligence Sources and Logic

Learn all about Vulcan Threat Intelligence

Updated over 5 months ago

What is Vulcan Threat Intelligence?

The Vulcan Cyber platform relies on threat intelligence to offer a vulnerability's most reliable risk rating. Vulnerabilities are ranked based on severity. Known exploits published in the wild are more accessible to exploit as they require less technical expertise. They pose a greater risk and, as such, receive a higher score. To stay on top of the latest exploits, the threat intelligence database is updated daily, with vulnerability scores adjusted accordingly.

Threat Intelligence Sources

SOURCE

LINK

NOTES

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.

The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications and high-end penetration testing services. Offensive Security provides the Exploit Database as a non-profit project and as a public service.

Immunity's CANVAS provides penetration testers and security professionals worldwide with hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework.

Seebug is an open vulnerability platform based on vulnerability and PoC/Exp sharing communities.

SAINT Security Suite’s penetration testing provides easy-to-use, powerful capabilities to test and verify risk exposures from vulnerabilities in your network.

Packet Storm Security is an information security website offering current and historical computer security tools, exploits, and security advisories.

Zero Science Lab is a Macedonian information security research and development laboratory that finds and publishes vulnerabilities and weaknesses in many world-famous software packages and web applications.

0day Today is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.
Our aim is to collect exploits from submittals and various mailing lists and concentrate them in one, easy-to-navigate database.

Vulnerability Lab offers information on vulnerabilities, security holes, and bad security practices in software and applications.

MITRE CVE is a nonprofit organization operating federally funded research and development centers in the United States. It provides a free dictionary for organizations to improve their cyber security. Vulcan parses the OWASP Top 10 from the MITRE CVE feed.

Vulcan is connected to the daily feed of the NVD (National Vulnerability Database)—the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP).

Note: NVD is a correlation of over 2,500 exploits sources; the full sources will be shown in the vulnerability details.

The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services. Vulcan parses monthly updates of MSRC CVRF (Common Vulnerability Reporting Framework), pulling new CVE data.

Vulcan scrapes all open projects in GitHub, the largest code repository, searching for CVE tags and keywords that indicate an exploit. Then, Vulcan manually validates that the result is an actual exploit.

Original CVE

The Common Vulnerability Scoring System (CVSS) Vector is an integral part of the CVSS score. Vulcan parses all risk-affecting parameters to ensure the most accurate score.

CISA KEV Catalog Vulnerabilities
Identify which assets in your environment have known vulnerabilities that CISA has confirmed as being exploited in the wild. Cross-reference CISA KEV vulnerabilities with Mandiant threat intelligence, CVSS, and more to better understand every vulnerability’s risk.

The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. Our goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data. The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The formula to calculate the EPSS of a vulnerability with multiple CVEs :

Vulni = { cve1, cve2, …, cven) P(Vulni) = P(at least one exploited vulnerability) = 1 - P(no vulnerabilities are exploited) = 1 – (1-P(cve1))(1-P(cve2))…(1-P(cven))

1 – (1-P(cve1))(1-P(cve2))…(1-P(cven))

Generated Tags

TAG

SOURCE

Exploitable

Metasploit (through Vulners)

Packet Storm (through Vulners)

0day.today (through Vulners)

Zero Science Lab (through Vulners)

GitHub

Vulnerability Lab (through Vulners)

Exploit DB (through Vulners)

seebug.org (through Vulners)

Immunity (through Vulners)

SAINTexploit (through Vulners)

Canvas (through Vulners)

NVD

Weaponized

CISA and other verified sources

CISA

CISA KEV Catalog Vulnerabilities
Identify which assets in your environment have known vulnerabilities that CISA has confirmed as being exploited in the wild. Cross-reference CISA KEV vulnerabilities with Mandiant threat intelligence, CVSS, and more to better understand every vulnerability’s risk.

Elevation of Privilege

Microsoft CVRF

Execution

Microsoft CVRF

Denial of Service

Microsoft CVRF

Remote Code

Microsoft CVRF

Information Leakage

Microsoft CVRF

Security Feature Bypass

Microsoft CVRF

Tampering

Microsoft CVRF

Spoofing

Microsoft CVRF

OWASP Top 10

MITRE CVE

Malware

CISA and other verified sources.

Remote

CVSS Vector

Local

CVSS Vector

Unauthenticated

CVSS Vector

FAQ

How often does Vulcan revisit the data?

Vulcan’s collectors update all threat intelligence sources daily.

How does Vulcan fuse the data?

Vulcan correlates data using CVE and CWE, matching against Vulcan’s vulnerability database.

Important note: If a vulnerability in Vulcan does not have either CVE or CWE mapped, it will not benefit from threat intelligence correlation.

Figure 1: Vulcan UI displays how risk score (critical) is affected by both the TI (Exploitable) and the asset impact (1 High impact tags)

How does the data affect the risk calculation?

On the Vulcan platform, configuring “Risk Priority Weights” affects the risk score of a specific vulnerability. The calculation is Boolean, generating full points if there is a “Threat Intelligence” tag, or no points if no tag exists.


Read next

Did this answer your question?