Documentation Index

Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview of Nucleus Threat Data

  • 1 minute(s) read
Prev Next

Overview

Nucleus fuses multi-source threat intelligence with vulnerability data and org-defined asset risk criticality context to enable sophisticated analysis, prioritization, remediation, and monitoring capabilities. The current sources of threat intelligence that are integrated into the platform and included with all Nucleus subscriptions are Mandiant, EPSS, and CISA BOD 22-01. More high-quality sources of intelligence will be added in the future because incorporating this data into your vulnerability management program is paramount to achieving the highest levels of maturity and performance. Follow the links below to learn more about each source of threat and vulnerability intelligence.

VIP vs Nucleus

All feeds are available in the VIP console available to Nucleus Advantage customers. A selection of feeds are available in the Nucleus console itself for Core platform users.

What’s Included

When customers use Nucleus, there are a variety of vulnerability intelligence sources that are provided alongside Nucleus, both commercial and open-source. These feeds can be used in the Nucleus platform in a variety of ways, in order to enable advanced prioritization and triage capabilities. For more details on what is provided from each, please see their respective docs pages.

Nucleus Insights

Nucleus has its own vulnerability intelligence feed, called Nucleus Insights, available for users to leverage in a variety of use cases.

Shadowserver

Nucleus has partnered with Shadowserver to provide exploitation information in both the VIP and Nucleus platforms for use in prioritization and triage.

Others

As can be seen in the image above, Nucleus works with a variety of upstream data feeds and open source organizations to bring comprehensive threat intelligence to the VM process. This list is updating all the time, but includes:

  • CISA KEV

  • EPSS

  • Exploit-DB

  • Google Project Zero

  • Metasploit

  • NVD & MITRE CVE project

  • Nuclei

  • OSV Database

  • Shodan

  • Vulncheck

  • Zeroday Initiative

Use in the Console

These feeds can be leveraged a variety of ways in the Nucleus platform.

Vulnerability Analysis

Any of these feeds can be used to analyze vulnerability data within the Nucleus console per vulnerability, alongside the pages where you can take immediate action, such as vulnerability assignment, reports, etc.

Automation Rules

Any of the fields from any of these data sources can be used when defining Automation Workflows, in order to ensure specific and advanced automated triage workflows within the Nucleus console.

Reports

Threat intelligence information, as well as any automated adjustments to your vulnerabilities, can be leveraged when generating reports, to keep your communications up to date internally and externally.