VIP includes a view that enables you to quickly add other threat and vulnerability intelligence feeds. In the Integrations page you can view the feeds you currently have enabled, as well as what feeds you can potentially activate for viewing in VIP, so long as you bring along the proper authorization with that feed.
Activating a Feed
For most feeds in VIP, what is required to enable them is usually some form of an API key. Let's enable GreyNoise data in the platform as an example:
1. First, head to Integrations and click Enable in the GreyNoise card
2. Plug a valid Enterprise-level GreyNoise API key in to the License Key field and click Enable Feed.
And that's it! You should see a green window appear at the bottom letting you know the license key was validated and the feed is now enabled across VIP! Woohoo!
Included with VIP
The following sources of vulnerability information are included with your Nucleus VIP subscription.
| Feed Name | Description |
|---|---|
| CISA KEV | For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild: the Known Exploited Vulnerability(KEV) catalog. CISA strongly recommends all organizations review and monitor the KEV catalog and prioritize remediation of the listed vulnerabilities to reduce the likelihood of compromise by known threat actors. |
| EPSS | The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. Our goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data. The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited. |
| Mandiant | Mandiant Threat Intelligence gives security practitioners unparalleled visibility and expertise into threats that matter to their business right now. Our threat intelligence is compiled by over 385 security and intelligence individuals across 29 countries, researching actors via undercover adversarial pursuits, incident forensics, malicious infrastructure reconstructions and actor identification processes that comprise the deep knowledge embedded in the Mandiant Intel Grid. Threat Intelligence can be delivered as a technology, operated side-by-side with your team, or fully managed by Mandiant experts. |
| NVD | The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics. |
| Zero Day Initiative | The Zero Day Initiative (ZDI) was created to encourage the reporting of 0-day vulnerabilities privately to the affected vendors by financially rewarding researchers. There was a perception that those who find vulnerabilities, especially 0-days are malicious hackers looking to do harm. The reality is that a large majority of people who actually discover new flaws in systems look to do so responsibly and with the intention of fixing the problem. Zero Day Initiative data is correlated to the eventual CVE ID assignment, and can be used to stay on-top of left-of-boom disclosures. |
| Google Project Zero | Formed in 2014, Project Zero is a team of security researchers at Google who study zero-day vulnerabilities in the hardware and software systems that are depended upon by users around the world. their mission is to make the discovery and exploitation of security vulnerabilities more difficult, and to significantly improve the safety and security of the Internet for everyone. |
| Metasploit | Knowledge is power, especially when it’s shared. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game. |
| Nuclei | Nuclei is a fast scanner used to scan across the modern applications, infrastructure, cloud environments, and networks to help you find and remediate vulnerabilities. Nuclei provides templates which contain YAML vulnerability data that offers insight into attack vectors, its severity, priority score, and sometimes even trending exploits. |
| Shodan | Shodan gathers information about all devices directly connected to the Internet. If a device is directly hooked up to the Internet then Shodan queries it for various publicly-available information. The types of devices that are indexed can vary tremendously: ranging from small desktops up to nuclear power plants and everything in between. |
| Shadowserver | Shadowserver collects vast amounts of threat data, send tens of thousands of free daily remediation reports, and cultivates strong reciprocal relationships with network providers, national governments and law enforcement. Shadowserver brings malicious activities and abusable vulnerabilities out of the shadows, expedites their remediation and helps to better secure the Internet. |
| Exploit-DB | The Exploit Database is maintained by OffSec, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by OffSec. The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. |
Bring your own Threat Intel
In addition to the feeds provided by VIP out of the box, you also have the ability to enable certain feeds if you provide your own authorization. The data from the feeds will show up immediately upon verifying the supplied credentials with the feed.
| Feed Name | Description |
|---|---|
| GreyNoise | GreyNoise collects, analyzes, and labels data on IPs that scan the internet and saturate security tools with noise. |
| Intel 471 | Evolve your vulnerability management and program by prioritizing your patch management program. Intel 471 provides you with a lifecycle view of vulnerabilities, including weaponized and productionized threats. You gain ongoing monitoring and reporting of key vulnerabilities, prioritized by risk and impact. You can use insights to understand how threats are changing, prioritize patches, and reduce your risks over time. |
| Microsoft Defender | The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises. |
| Recorded Future | With tens of thousands of new vulnerabilities disclosed every year, organizations just can’t keep up with the pace of patching. Recorded Future Vulnerability Intelligence empowers security teams with the critical context required to prioritize vulnerabilities that pose the most risk to their organization, reducing downtime, and preventing attacks. |