VulnCheck
Connector Category: Enrichment Tool
About Integration
VulnCheck provides intelligence about exploits and vulnerabilities, enabling security analysts to make informed decisions to remediate vulnerabilities. Intel Exchange (CTIX) integrates with VulnCheck to enrich existing Common Vulnerabilities and Exposures (CVE) with exploit information as custom fields in existing vulnerability SDOs.
Configure VulnCheck as an Enrichment Tool
Configure VulnCheck as an enrichment tool to enrich CVEs.
Before you Start
Ensure that you have view, create, and update permissions for Enrichment Management in Intel Exchange.
Ensure that you have the base URL and API token of your VulnCheck account.
Note
Ensure that the API token includes the permissions to retrieve CVE details.
Steps
To configure VulnCheck as an enrichment tool in Intel Exchange, follow these steps:
Sign in to Intel Exchange and go to Administration > Enrichment Management > Enrichment Tools.
Search and select the VulnCheck enrichment tool.
Click Add Account.
Enter a unique account name to identify the instance. For example, Prod_VulnCheck.
Enter the base URL of your VulnCheck instance. The default base URL is
https://api.vulncheck.com/v3/index/.Enter the API token of your VulnCheck account to authenticate communication between the Intel Exchange and VulnCheck servers.
Select Verify SSL to verify the SSL certificate and secure the connection between the Intel Exchange and VulnCheck servers. By default, Verify SSL is selected.
Note
We recommend you enable Verify SSL. If you disable this option, Intel Exchange may configure an instance for an expired SSL certificate. This may not establish the connection properly and Intel Exchange will not be able to notify you in case of a broken or improper connection.
Click Save.
After successfully adding an account, you can view and enable the VulnCheck feed enrichment types. You can also configure quota to define a limit to the number of enrichment requests a VulnCheck account makes. After the quota expires, you can not make enrichment requests until the quota resets for the next quota duration. For more information, see Define Quota in Configure Enrichment Tools.
To understand the number of API calls and quota units consumed by the VulnCheck enrichment tool per polling, refer to the following table.
Enrichment Tool | Feed Enrichment Type | No. of API calls | Quota Consumed |
|---|---|---|---|
VulnCheck | Fetch Vulnerability | 3 | 3 |
When you enrich a vulnerability object using the VulnCheck enrichment tool, Intel Exchange sends GET requests to the following VulnCheck endpoints:
vulncheck-nvd2exploitsvulncheck-kev
If you are a premium VulnCheck user, you can retrieve data from all three endpoints. Otherwise, you can retrieve data from the vulncheck-kev endpoint only.