How to Configure the Exploited CVE Feed

Learn how to use the Exploited CVE Feed in DigitalStakeout to monitor public discussion, metadata, and signals related to known exploited vulnerabilities.

How to Configure the Exploited CVE Feed

The Exploited CVE Feed in DigitalStakeout XTI enables real-time monitoring of publicly discussed vulnerabilities, with a focus on entries from CISA’s Known Exploited Vulnerabilities (KEV) catalog. It tracks mentions, patch chatter, and threat actor engagement across the surface web, social media, and dark web.


📌 What It Does

  • Tracks specified CVE identifiers, vulnerability types, and relevant keywords
  • Enriches findings with CWE categories, affected product metadata, and advisory references
  • Surfaces early signs of exploit trends and threat activity

Setting Up an Exploited CVE Feed

1. Basic Configuration

SettingDescription
StatusEnable or disable the feed
Expires OnAutomatically deactivate after a specified date
Feed NameName your feed for clarity
Use CaseSelect a purpose (e.g., Threat Intel, DRP, etc.)
TagsAdd project or topic tags for easy filtering
Send Data ToRoute feed output to default location or custom destination
Translate on AddAutomatically translate content into your preferred language

2. Keyword Configuration

Keyword TypeUse
Primary KeywordsAdd CVE identifiers (CVE-2023-23752), exploit terms, etc.
Must ContainRequire certain keywords to appear
Must Not ContainFilter out irrelevant noise or terms
Ignore From DomainExclude specific domains from data collection

To collect all public exploit chatter, use * as the primary keyword.


🧠 Best Practices

  1. Define Clear Objectives
    Align keywords and exclusions with the vulnerabilities you care about most.

  2. Tune Regularly
    Update your keyword lists as new CVEs and exploits emerge.

  3. Review Feed Activity
    Use tags, filters, and timelines to spot new patterns and priorities.

  4. Enable Translation
    Capture signals in non-English chatter for early visibility into international threats.

  5. Integrate Your Workflow
    Route this feed into your analytic or threat scoring systems via integrations.


Data Source Coverage

The Exploited CVE Feed pulls from:

  • ✅ Surface Web & News Sites
  • ✅ Social Media Platforms
  • ✅ Dark Web Forums
  • ✅ Archive Snapshots
  • ✅ Vulnerability Intelligence Databases

Results are AI-enriched, clustered, and tagged for faster triage, but may require context-specific interpretation by your team.


🔗

Looking for supported datasets and integration scenarios?
Visit the Exploited CVE Feed feature page on our main site.