How to Configure the Exploited CVE Feed
Learn how to use the Exploited CVE Feed in DigitalStakeout to monitor public discussion, metadata, and signals related to known exploited vulnerabilities.
How to Configure the Exploited CVE Feed
The Exploited CVE Feed in DigitalStakeout XTI enables real-time monitoring of publicly discussed vulnerabilities, with a focus on entries from CISA’s Known Exploited Vulnerabilities (KEV) catalog. It tracks mentions, patch chatter, and threat actor engagement across the surface web, social media, and dark web.
📌 What It Does
- Tracks specified CVE identifiers, vulnerability types, and relevant keywords
- Enriches findings with CWE categories, affected product metadata, and advisory references
- Surfaces early signs of exploit trends and threat activity
Setting Up an Exploited CVE Feed
1. Basic Configuration
| Setting | Description |
|---|---|
| Status | Enable or disable the feed |
| Expires On | Automatically deactivate after a specified date |
| Feed Name | Name your feed for clarity |
| Use Case | Select a purpose (e.g., Threat Intel, DRP, etc.) |
| Tags | Add project or topic tags for easy filtering |
| Send Data To | Route feed output to default location or custom destination |
| Translate on Add | Automatically translate content into your preferred language |
2. Keyword Configuration
| Keyword Type | Use |
|---|---|
| Primary Keywords | Add CVE identifiers (CVE-2023-23752), exploit terms, etc. |
| Must Contain | Require certain keywords to appear |
| Must Not Contain | Filter out irrelevant noise or terms |
| Ignore From Domain | Exclude specific domains from data collection |
To collect all public exploit chatter, use
*as the primary keyword.
🧠 Best Practices
-
Define Clear Objectives
Align keywords and exclusions with the vulnerabilities you care about most. -
Tune Regularly
Update your keyword lists as new CVEs and exploits emerge. -
Review Feed Activity
Use tags, filters, and timelines to spot new patterns and priorities. -
Enable Translation
Capture signals in non-English chatter for early visibility into international threats. -
Integrate Your Workflow
Route this feed into your analytic or threat scoring systems via integrations.
Data Source Coverage
The Exploited CVE Feed pulls from:
- ✅ Surface Web & News Sites
- ✅ Social Media Platforms
- ✅ Dark Web Forums
- ✅ Archive Snapshots
- ✅ Vulnerability Intelligence Databases
Results are AI-enriched, clustered, and tagged for faster triage, but may require context-specific interpretation by your team.
Looking for supported datasets and integration scenarios?
Visit the Exploited CVE Feed feature page on our main site.
Updated 2 days ago