Skip to content

Latest commit

 

History

History
155 lines (97 loc) · 3.75 KB

Vulners.rst

File metadata and controls

155 lines (97 loc) · 3.75 KB
Raw

Vulners

logo

Vulners_CVE

Details

Author Dmitry Uchakin, Vulners team
Version 1.0
License AGPL-V3
Requires Registration Yes
Requires Subscription Yes
Free Subscription Available Yes
DataType Supported cve
Service Homepage Vulners_CVE

Description

Get information about CVE from powerful Vulners database.

Configuration

Name Description
key API key for Vulners

Vulners_IOC

Details

Author Dmitry Uchakin, Vulners team
Version 1.0
License AGPL-V3
Requires Registration Yes
Requires Subscription Yes
Free Subscription Available Yes
DataType Supported url, domain, ip
Service Homepage Vulners_IOC

Description

Get information from the RST Threat Feed, which integrated with Vulners, for a domain, url or an IP address.

Configuration

Name Description
key API key for Vulners

Additional details from the README file:

Vulners-analyzer

This analyzer consists of 2 parts.

  1. Vulners_IOC: As a result of collaboration between Vulners and RST Threat Feed, the idea was to send IOC analysis results through theHive analyzer: blog post
  2. Vulners_CVE: Vulners have a strong vulnerability database. This data is useful if: "if the case (incident) is related to the exploitation of a vulnerability, then the analyst (manually / automatically) can add it to observables and quickly get all the basic information on it in order to continue analyzing the case."

Vulners API key required.

Setting up analyzer

  • copy the folders "Vulners" analyzer & "Vulners" into your Cortex analyzer path
  • install necessary python modules from the requirements.txt (pip install -r requirements.txt)
  • restart Cortex to initialize the new Responder "systemctl restart cortex"

Get your Vulners api key: .. image:: assets/vulners_api.png :target: assets/vulners_api.png :alt: Vulners API

Add your Vulners API in Cortex settings: .. image:: assets/Cortex_settings.PNG :target: assets/Cortex_settings.PNG :alt: API key in Cortex

Add Observable type in TheHive

By default theHive does not have a "cve" type to be observables, so we have to add it to Administrator Settings:

add observable

Run the Analyzer in TheHive

Network IOCs:

Short template:

Short IOC template

Long template:

Long IOC template

Long_IOC_threat_template

Vulnerabilities:

Short template:

Short CVE template

Long template:

Long CVE template