Exploit information

Several databases and tools collect information about exploits of known vulnerabilities. This information is important to prioritize the remediation of vulnerabilities. The project cvss-bt collects information about exploits from various sources which can be imported automatically into SecObserve. The exploit information is linked to the corresponding observations via the CVE Id.

Exploit information from these sources is made available:

• CISA Known Exploited Vulnerabilities Catalog
• Exploit-DB
• Metasploit
• Nuclei
• PoC GitHub
• VulnCheck KEV

Observations can be filtered by the presence of exploit information and the links to exploit information are displayed in the observation details.

Configuration

In the Features section of the Settings the import of exploit information can be enabled or disabled for the whole SecObserve instance. Additionally, the maximum age of CVEs can be set. Data for CVEs older than the specified number of days will not be imported.

The import of exploit information runs together with the EPSS import, see EPSS import / Configuration.