Beta in API: Exploited CVE tracking
29 July 2024
If you keep track of vulnerabilities, you'll want to know if they are actively exploited or not. We now track exploit and abuse from several sources. Although some sources keep exploit availability and abuse separate, in ShadowTrackr there is only one: either the CVE is exploited (value: 1) or it is not (value: 0).
Tracking actual abuse is quite tricky, since you never have a complete view. It's safe to assume that if an exploit is available, there is abuse.
As of this week, there is an "exploited" field present in all CVE data in the API. If all goes well, the exploited data will soon be available in de GUI and reports too.
New CVEs found alert for assets
21 July 2024
After some elaborate restructuring of data and indexes it is finally here: CVE alerts.
There is a new index called
cves_assets which keeps tracks of CVEs found per asset.
As you know, an asset is either a host (ip address) or url (website or certificate). Any software found on an asset that has a version number is checked for CVEs and the results are stored in the cves_assets index. You can use the following query to create alerts for High and Critical CVEs:
index=cves_assets cvss_score>=7 first_seen>-24h
Of course, there's also a template alert for this available in the
alerts library.
Restructuring indexes
09 July 2024
Although it might not look like it yet, there is a lot going on. Alerts on newly found CVEs, a feature requested by several of you, requires quite some restructuring of indexes before it can be build. That restructuring has been done now. The new indexes are getting filled up and work on the final step is underway.
More restructuring is underway in the IP address context data. The new version is way more efficient and will allow more features, but requires some major code refactoring. I'll keep you posted.