Overview
About CTCI
CTCI is a vulnerability early warning threat intelligence tool that informs on exploited CVEs.
Why integrating Threat Intelligence tools into the Vulcan platform?
Read all about the value you gain out of this integration here.
CTCI Connector details
Supported products | |
Category | Threat Intelligence |
Integration type | UNI directional (data is transferred from CTCI to the Vulcan Platform in one direction) |
Supported version and type | SaaS (latest) |
Ingested TI Tag types |
|
Connector Setup
Prerequisites and user permissions
Before you begin configuring the connector, make sure you have the following:
API token with “auditor” role
Configuring the CTCI Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the CTCI icon.
Set up the Connector as follows:
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your CTCI instance, then click Create (or Save Changes).
Allow some time for the sync to complete. Then, you can review the sync status under Log.
To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the CTCI icon shows Connected, the connection is complete.
CTCI in the Vulcan Platform
Finding CTCI-tagged vulnerabilities
CTCI is a Threat Intelligence connector that enriches vulnerability data based on their CVE.
Once the integration is complete, the CTCI TI data becomes available and attached to the relevant vulnerabilities.
Go to Vulnerabilities > filter by Threats > CTCI: Honeypot / CTCI: Intelligence.
You can focus and narrow your search by selecting more filters.
In the results, you'll see that vulnerabilities have a "CTCI" threat tag.
Click on a vulnerability/CVE for more details.In the Vulnerability details window, you can see all the cyber information gathered on that vulnerability including Affected Assets, Threat Tags, Severity Score, Fixes, and much more. the "CTCI" tag will appear next to Threats & Vulnerability Tags.
Go to the Threat Intelligence tab > Expand the attached CTCI Card for more details. Intelligence Cards provide transparency into the evidence for each risk rule.
Each CTCI card refers to a single CVE and displays key information including a description with CTCI summary notes if there are any. If CTCI doesn't provide a description, a generic description is presented.
Automating remediation actions on CTCI-tagged vulnerabilities
Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the CTCI Connector.
Use the Threats condition to create automation based on Threat Tags and Attack Vectors, such as Threat Intelligence tags by CTCI, Mandiant or Recorded Future.
Click here to learn how to create automation in the Vulcan Cyber Platform.
API endpoints in use