DigitalStakeoutAbout Us
Guides

Exploited CVE Feed

The Exploited CVE Feed enables you to monitor public mentions, reports, and discussions about vulnerabilities from CISA’s Known Exploited Vulnerabilities (KEV) catalog.

Functionality

  • Scans and tracks specified CVEs and related terms across a range of online sources.
  • Provides enriched metadata, such as CWE classifications, impacted products, and source details.
  • Keeps users updated on mentions, trends, and advisories related to vulnerabilities.

Benefits

  • Offers a comprehensive view of how and where specific CVEs are being discussed online.
  • Supports vulnerability management by highlighting actively exploited issues.
  • Facilitates informed decision-making with real-time insights into exploitation activity.

Creating a CVE Exploit Feed

Configuration Options

1. Status

  • Enabled: Activates the feed for monitoring.
  • Disabled: Pauses the feed.

2. Expires On

Set an expiration date for the feed. This allows the feed to automatically deactivate after a defined period.

3. Feed Name

Assign a descriptive name for the feed to easily identify its purpose or focus.

4. Use Case

Select a use case to align the feed with your specific objectives. Options include:

  • Threat Intelligence
  • Digital Risk Protection
  • etc...

5. Tags

Apply relevant tags to organize and categorize the feed for streamlined management. Examples might include project names, industries, or geographic identifiers.

6. Send Data To

Choose a destination for processed data, such as a predefined project, integration point, or default location. Examples include:

  • Default Location
  • Other feed

7. Translate on Add

Select a language to automatically translate ingested content. This helps ensure that multilingual data is accessible and actionable.

Keyword Configuration

Primary Keywords

Define the main keywords to monitor, such as CVE identifiers (e.g., CVE-2023-23752) or relevant terms like "exploit" or "patch advisory."

  • To create an unrestricted feed, use * as the primary keyword.

Must Contain

Specify mandatory keywords or phrases that must appear in the content for it to be included in the feed.

Must Not Contain

Define exclusion criteria to filter out irrelevant or unwanted content.

Ignore From Domain

Exclude specific domains or websites from the feed to reduce noise and improve focus.

Best Practices

  1. Define Clear Objectives:
    Tailor your feed settings (keywords, tags, exclusions) to meet specific monitoring goals.

  2. Regularly Update Keywords:
    Adjust keyword configurations to reflect changes in trends, priorities, or focus areas.

  3. Review Feed Data Frequently:
    Analyze collected data to refine monitoring strategies and identify emerging patterns.

  4. Enable Translation for Multilingual Data:
    Use the translation feature to gain global insights from diverse sources.

  5. Integrate with Other Tools:
    Leverage feed outputs with analytical or reporting tools for enhanced insights.

Source Data

The Exploited CVE Feed collects data from a wide range of sources, including:

  • Surface Web
  • News Outlets
  • Social Media Platforms
  • Dark Web
  • Archive.org

This ensures comprehensive coverage of public vulnerability-related activity.

Note:

Source data is classified by AI and refined for actionable insights but may require further context based on your organizational needs.

Updated 28 days ago