Query CVE information #25
Assignees
Labels
needs triage
This issue has been automatically labelled and needs further triage
playbook:activity=2
Playbooks for activity 2
playbook:state=proposal
A 'proposal' for a new playbook
Comments
cudeso
added
playbook:state=proposal
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The title of the playbook
Query CVE information
Purpose of the playbook
This playbook queries the MISP events and enabled OSINT caches for the use of a specific CVE. It lists the found events in a chronological order with the context (taxonomies, galaxies) that was attached to the event. The playbook then queries public sources (CVE search, vulners, Shodan, ...) for additional CVE information. The results are stored in the playbook and sent to Mattermost or Slack or added as an alert in TheHive or DFIR-IRIS (to be discussed for implementation).
External resources used by this playbook
cvesearch, vulners, Shodan, Mattermost (or Slack), TheHive (optional), DFIR-IRIS (optional)
Target audience
CSIRT, CTI
Breefly list the execution steps or workflow
No response
The text was updated successfully, but these errors were encountered: