Vulnerability Management workflows with Feedly AI for Threat Intelligence
Вставка
- Опубліковано 9 лип 2024
- For a free 30 day trial of Feedly for Threat Intelligence, click here: feedly.com/i/enterpriseTrial?...
Let's take a look at how to use Feedly for Threat Intelligence to quickly
- Build an AI Feed to collect critical vulnerabilities affecting your tech stack,
- Analyze their risk using an enriched CVE Insight Card, and
- Share intelligence with your team.
------
To start, I'll quickly build an AI Feed using the High Vulnerability AI model, which collects vulnerabilities with a CVSS score of 8+ or CVSS 5+ with a known exploit. If a CVSS score hasn't been issued yet, Feedly AI will predict the severity.
Next, let's pair this with some of the vendors and products from our tech stack.
If needed, you can customize the target sources and cast a wider or more narrow net.
------
Feedly AI has enhanced the articles with actionable metadata to help you quickly analyze higher-risk CVEs. If we open one, you can see additional data enrichments at the top. Clicking on the 'See CVE Insights Card' button gives us a full view of all the open source information you need to research the vulnerability's risk.
At the top, you can see that this vulnerability is trending and has a known exploit. You can also see its CVSS and EPSS scores.
Below, you can see which systems are affected, known exploits, patches, and more. The timeline shows us significant events associated with the CVE while highlighting the level of awareness and popularity.
In the bottom section, we can see information to enable your research, including Vendor Advisories, Threat Intelligence Reports, blogs, and social media posts about the vulnerability.
-----
Let's assume that this vulnerability is one that we need to share to prioritize for remediation.
With Feedly's REST API, you can automatically push the CVE information to your ticketing system.
You can also use the Feedly STIX2.1 API to ingest vulnerabilities with links to exploits, IoCs, TTPs, malware families, and threat actors automatically into your SIEM or TIP.
You can also send notifications to Slack or Microsoft Teams or publish a daily or weekly intelligence briefing newsletter.
------
For this example, let's use the Slack integration.
When you spot a critical vulnerability and click on the star icon to save it to your "Remediation Needed" Team Board, Feedly automatically sends the article to your "New Critical CVEs" Slack Channel.
-------
Monitoring vulnerabilities affecting your tech stack is one of many intelligence requirements that Feedly AI can help you automate, such as tracking cyber attacks, malware families, threat actors, IoCs, TTPs, and new emerging threats. It's never been faster or easier to proactively collect, analyze, and share actionable threat insights from the open web. - Наука та технологія
