All Collections
Connectors
Threat Intelligence
CTCI Connector
CTCI Connector

Learn all about integrating CTCI TI into the Vulcan Platform

Updated over a week ago

Overview

About CTCI

CTCI is a vulnerability early warning threat intelligence tool that informs on exploited CVEs.

Why integrating Threat Intelligence tools into the Vulcan platform?

Read all about the value you gain out of this integration here.

CTCI Connector details

Supported products

CEWL

Category

Threat Intelligence

Integration type

UNI directional (data is transferred from CTCI to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)

Ingested TI Tag types

CTCI: Honeypot
CTCI: Intelligence

Connector Setup

Prerequisites and user permissions

Before you begin configuring the connector, make sure you have the following:

Configuring the CTCI Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the CTCI icon.

  4. Set up the Connector as follows:

    • Enter the API Token you generated in CTCI

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your CTCI instance, then click Create (or Save Changes).

  6. Allow some time for the sync to complete. Then, you can review the sync status under Log.

  7. To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the CTCI icon shows Connected, the connection is complete.

CTCI in the Vulcan Platform

Finding CTCI-tagged vulnerabilities

CTCI is a Threat Intelligence connector that enriches vulnerability data based on their CVE.
Once the integration is complete, the CTCI TI data becomes available and attached to the relevant vulnerabilities.

  1. Go to Vulnerabilities > filter by Threats > CTCI: Honeypot / CTCI: Intelligence.

    You can focus and narrow your search by selecting more filters.

  2. In the results, you'll see that vulnerabilities have a "CTCI" threat tag.
    Click on a vulnerability/CVE for more details.

  3. In the Vulnerability details window, you can see all the cyber information gathered on that vulnerability including Affected Assets, Threat Tags, Severity Score, Fixes, and much more. the "CTCI" tag will appear next to Threats & Vulnerability Tags.

  4. Go to the Threat Intelligence tab > Expand the attached CTCI Card for more details. Intelligence Cards provide transparency into the evidence for each risk rule.

    Each CTCI card refers to a single CVE and displays key information including a description with CTCI summary notes if there are any. If CTCI doesn't provide a description, a generic description is presented.

Automating remediation actions on CTCI-tagged vulnerabilities

Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the CTCI Connector.

Use the Threats condition to create automation based on Threat Tags and Attack Vectors, such as Threat Intelligence tags by CTCI, Mandiant or Recorded Future.

Click here to learn how to create automation in the Vulcan Cyber Platform.

API endpoints in use

https://api.ctci.ai/api/v1

Description

API Call

GET CVEs list and data

GET /cewl/

Related Articles
Recorded Future Connector
CrowdStrike Connector
Mandiant Connector (API v4 - September 2023)
Mandiant Connector (API v4 - February 2024)
Did this answer your question?