Exploited CVE Feed
The Exploited CVE Feed enables you to monitor public mentions, reports, and discussions about vulnerabilities from CISA’s Known Exploited Vulnerabilities (KEV) catalog.
Functionality
- Scans and tracks specified CVEs and related terms across a range of online sources.
- Provides enriched metadata, such as CWE classifications, impacted products, and source details.
- Keeps users updated on mentions, trends, and advisories related to vulnerabilities.
Benefits
- Offers a comprehensive view of how and where specific CVEs are being discussed online.
- Supports vulnerability management by highlighting actively exploited issues.
- Facilitates informed decision-making with real-time insights into exploitation activity.
Creating a CVE Exploit Feed
Configuration Options
1. Status
- Enabled: Activates the feed for monitoring.
- Disabled: Pauses the feed.
2. Expires On
Set an expiration date for the feed. This allows the feed to automatically deactivate after a defined period.
3. Feed Name
Assign a descriptive name for the feed to easily identify its purpose or focus.
4. Use Case
Select a use case to align the feed with your specific objectives. Options include:
- Threat Intelligence
- Digital Risk Protection
- etc...
5. Tags
Apply relevant tags to organize and categorize the feed for streamlined management. Examples might include project names, industries, or geographic identifiers.
6. Send Data To
Choose a destination for processed data, such as a predefined project, integration point, or default location. Examples include:
- Default Location
- Other feed
7. Translate on Add
Select a language to automatically translate ingested content. This helps ensure that multilingual data is accessible and actionable.
Keyword Configuration
Primary Keywords
Define the main keywords to monitor, such as CVE identifiers (e.g., CVE-2023-23752) or relevant terms like "exploit" or "patch advisory."
- To create an unrestricted feed, use
*
as the primary keyword.
Must Contain
Specify mandatory keywords or phrases that must appear in the content for it to be included in the feed.
Must Not Contain
Define exclusion criteria to filter out irrelevant or unwanted content.
Ignore From Domain
Exclude specific domains or websites from the feed to reduce noise and improve focus.
Best Practices
-
Define Clear Objectives:
Tailor your feed settings (keywords, tags, exclusions) to meet specific monitoring goals. -
Regularly Update Keywords:
Adjust keyword configurations to reflect changes in trends, priorities, or focus areas. -
Review Feed Data Frequently:
Analyze collected data to refine monitoring strategies and identify emerging patterns. -
Enable Translation for Multilingual Data:
Use the translation feature to gain global insights from diverse sources. -
Integrate with Other Tools:
Leverage feed outputs with analytical or reporting tools for enhanced insights.
Source Data
The Exploited CVE Feed collects data from a wide range of sources, including:
- Surface Web
- News Outlets
- Social Media Platforms
- Dark Web
- Archive.org
This ensures comprehensive coverage of public vulnerability-related activity.
Note:
Source data is classified by AI and refined for actionable insights but may require further context based on your organizational needs.
Updated 9 days ago