Skip to main content

Cyware Threat Intelligence eXchange

VulnCheck

Connector Category: Enrichment Tool

About Integration

VulnCheck provides intelligence about exploits and vulnerabilities, enabling security analysts to make informed decisions to remediate vulnerabilities. Intel Exchange (CTIX) integrates with VulnCheck to enrich existing Common Vulnerabilities and Exposures (CVE) with exploit information as custom fields in existing vulnerability SDOs.

Configure VulnCheck as an Enrichment Tool

Configure VulnCheck as an enrichment tool to enrich CVEs.

Before you Start 

  • Ensure that you have view, create, and update permissions for Enrichment Management in Intel Exchange.

  • Ensure that you have the base URL and API token of your VulnCheck account.

    Note

    Ensure that the API token includes the permissions to retrieve CVE details.

Steps 

To configure VulnCheck as an enrichment tool in Intel Exchange, follow these steps:

  1. Sign in to Intel Exchange and go to Administration > Enrichment Management > Enrichment Tools.

  2. Search and select the VulnCheck enrichment tool.

  3. Click Add Account.

  4. Enter a unique account name to identify the instance. For example, Prod_VulnCheck.

  5. Enter the base URL of your VulnCheck instance. The default base URL is https://api.vulncheck.com/v3/index/.

  6. Enter the API token of your VulnCheck account to authenticate communication between the Intel Exchange and VulnCheck servers.

  7. Select Verify SSL to verify the SSL certificate and secure the connection between the Intel Exchange and VulnCheck servers. By default, Verify SSL is selected.

    Note

    We recommend you enable Verify SSL. If you disable this option, Intel Exchange may configure an instance for an expired SSL certificate. This may not establish the connection properly and Intel Exchange will not be able to notify you in case of a broken or improper connection.

  8. Click Save.

After successfully adding an account, you can view and enable the VulnCheck feed enrichment types. You can also configure quota to define a limit to the number of enrichment requests a VulnCheck account makes. After the quota expires, you can not make enrichment requests until the quota resets for the next quota duration. For more information, see Define Quota in Configure Enrichment Tools.

To understand the number of API calls and quota units consumed by the VulnCheck enrichment tool per polling, refer to the following table.

Enrichment Tool

Feed Enrichment Type

No. of API calls

Quota Consumed

VulnCheck

Fetch Vulnerability

3

3

When you enrich a vulnerability object using the VulnCheck enrichment tool, Intel Exchange sends GET requests to the following VulnCheck endpoints:

  • vulncheck-nvd2

  • exploits

  • vulncheck-kev

If you are a premium VulnCheck user, you can retrieve data from all three endpoints. Otherwise, you can retrieve data from the vulncheck-kev endpoint only.