What’s New
Leo now autocompletes specific CVE IDs so you can monitor for exploits or attacks, or track threat intelligence reports mentioning the CVE
Looking to monitor a specific CVE ID? Previously, you had to type in the exact CVE ID and be sure it was the right number. Now, Leo autocompletes the CVE ID and shows you the description of the vulnerability, so you can be sure you’re tracking the right one.
Just start typing the CVE ID and choose the correct ID from the menu. Then, refine your Leo Web Alert and add it to a Folder.
This is a small improvement to the UI that makes it much easier for you to quickly track a CVE (instead of entering the ID manually) and to make sure you’re tracking the right CVE.
TRY FEEDLY FOR THREAT INTELLIGENCE
Create a Leo Web Alert to track a CVE and get updates as it develops
The more high profile a CVE becomes, the more likely threat actors will develop exploits for it. You can keep an eye on a trending vulnerability by simply creating a Leo Web Alert and adding it to your “Trending vulnerabilities” Folder, for example.
Track cyber attacks related to the CVE
When it’s taking a while to apply a security patch, you want to keep an eye on the tactics used to exploit the vulnerability. Create a Leo Web Alert for the CVE ID and the concept “Cyber Attacks” and Leo will look for attacks or exploitation attempts related to the specific CVE.
Then, you and your team can use this information about available exploits to prioritize which vulnerabilities to patch. You can also update the Leo Web Alert to add more CVEs if needed, like when a vulnerability has multiple IDs associated with it.
Track indicators of compromise related to exploitation attempts
Tracking, gathering and ingesting indicators of compromise is a great way to proactively hunt for signs of an attack on your environment. Since Leo allows you to gather and export IoCs from multiple sources (including articles, Twitter, Reddit, and emails), you can create a Web Alert to track a specific CVE ID and the “Indicators of Compromise” Leo Concept.
Once you create a Leo Web Alert for IoCs related to the specific CVE you’re tracking you can easily export the resulting IoCs with context and add them to your own security environment.
Track threat intelligence reports published about the CVE
Gather intelligence others have curated by adding the “Threat Intelligence Report” Leo Concept to your Web Alert. When you combine the CVE ID with the Threat Intelligence Report Leo Concept, you’ll get Threat Intel Reports mentioning the CVE.
Bundle these concepts together into a single Web Alert to keep an eye on a specific CVE
And if you want to get all angles of a CVE, you can combine all of these concepts into a single Leo Web Alert. Just track the specific CVE ID and add other Leo Concepts like Indicators of Compromise, Threat Intelligence Reports, and Cyber Attacks.
And don’t forget — to get a complete overview of a specific CVE in the moment, you can also click on the CVE ID and open up the CVE Intelligence Card. You’ll find an at-a-glance overview of exploits, malware families, and related threat actors in a single view.
Try tracking a specific CVE in FeedlyNot a member of the Feedly for Threat Intelligence community yet? Try a free 30 day trial and speed up your discovery and research of emerging threats.START FREE 30-DAY TRIAL
You might also be interested inBlueprint of a highly functional Feedly for Threat Intelligence AccountHow to structure your Feedly for Threat Intelligence account to optimize your open source threat intelligencResearch critical vulnerabilities with Leo CVE Intelligence CardsContextualized CVE information for faster threat research, without the overwhel
Source: Internet Gov forum