Details
Author | Dmitry Uchakin, Vulners team |
Version | 1.0 |
License | AGPL-V3 |
Requires Registration | Yes |
Requires Subscription | Yes |
Free Subscription Available | Yes |
DataType Supported | cve |
Service Homepage | Vulners_CVE |
Description
Get information about CVE from powerful Vulners database.
Configuration
Name | Description |
key | API key for Vulners |
Details
Author | Dmitry Uchakin, Vulners team |
Version | 1.0 |
License | AGPL-V3 |
Requires Registration | Yes |
Requires Subscription | Yes |
Free Subscription Available | Yes |
DataType Supported | url, domain, ip |
Service Homepage | Vulners_IOC |
Description
Get information from the RST Threat Feed, which integrated with Vulners, for a domain, url or an IP address.
Configuration
Name | Description |
key | API key for Vulners |
Additional details from the README file:
This analyzer consists of 2 parts.
- Vulners_IOC: As a result of collaboration between Vulners and RST Threat Feed, the idea was to send IOC analysis results through theHive analyzer: blog post
- Vulners_CVE: Vulners have a strong vulnerability database. This data is useful if: "if the case (incident) is related to the exploitation of a vulnerability, then the analyst (manually / automatically) can add it to observables and quickly get all the basic information on it in order to continue analyzing the case."
Vulners API key required.
- copy the folders "Vulners" analyzer & "Vulners" into your Cortex analyzer path
- install necessary python modules from the requirements.txt (pip install -r requirements.txt)
- restart Cortex to initialize the new Responder "systemctl restart cortex"
Get your Vulners api key: .. image:: assets/vulners_api.png :target: assets/vulners_api.png :alt: Vulners API
Add your Vulners API in Cortex settings: .. image:: assets/Cortex_settings.PNG :target: assets/Cortex_settings.PNG :alt: API key in Cortex
By default theHive does not have a "cve" type to be observables, so we have to add it to Administrator Settings:
Short template:
Long template:
Short template:
Long template: