Vulsã¾ã¤ã‚Š#10 | 「残æ¥ï¼Ÿæ¥é€±ã§OK?ã€é‡‘曜åˆå¾Œã®è„†å¼±æ€§å¯¾å¿œåˆ¤æ–ã«ä½¿ãˆã‚‹SSVCã®ãƒ‡ãƒ¢ | Vuls Blog
2024å¹´8月20æ—¥ã«é–‹å‚¬ã•ã‚ŒãŸã€ŒVulsç¥ã‚Š#10 | 脆弱性管ç†ã®æœ€å‰ç·šã€œãƒªã‚¹ã‚¯è©•ä¾¡ã‹ã‚‰SSVCã€VEXã€AIã¾ã§ã€œã€ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã€Œã€Œæ®‹æ¥ï¼Ÿ æ¥é€±ã§OK?ã€é‡‘曜åˆå¾Œã®è„†å¼±æ€§å¯¾å¿œåˆ¤æ–ã«ä½¿ãˆã‚‹SSVCã®ãƒ‡ãƒ¢ ã€ã®è¦ç‚¹ã‚’書ãèµ·ã“ãŸè¨˜äº‹ã§ã™ã€‚ YouTubeアーカイブã¯ã“ã¡ã‚‰ã§ã™ã€‚ ä¼šå ´ã¸ã®è³ªå• 先日IPAã®ä¸æ ¸äººæ育æˆãƒ—ãƒã‚°ãƒ©ãƒ å’æ¥ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã‹ã‚‰ã€ã€Œè„†å¼±æ€§å¯¾å¿œã«ãŠã‘るリスク評価手法ã®ã¾ã¨ã‚ã€ã¨ã„ã†è³‡æ–™ãŒå…¬é–‹ã•ã‚Œã¾ã—ãŸã€‚ã“ã®è³‡æ–™ã¯æœ¬æ—¥ç´¹ä»‹ã™ã‚‹SSVCã‚„EPSS, KEVãªã©ãŒæ—¥æœ¬èªžã§ã‚ã‹ã‚Šã‚„ã™ã説明ã•ã‚Œã¦ãŠã‚Šã€ã¾ãŸãƒˆãƒªã‚¢ãƒ¼ã‚¸ã«ã¤ã„ã¦ã„ãã¤ã‹ã®æ–¹æ³•ãŒè¨˜è¼‰ã•ã‚Œã¦ã„ã‚‹ã®ã§ä¸€èªã‚’ãŠã™ã™ã‚ã—ã¾ã™ãŒã€ã“ã®ä¸ã§ã“ã®å›³ã®é€šã‚Š60社ã¸ã®ä¼æ¥ã«ã‚¢ãƒ³ã‚±ãƒ¼ãƒˆã‚’å–ã£ã¦ã„ã¾ã™ã€‚ æ„外ã«ãŠã‚‚ã£ãŸã®ãŒã€CVSSã®ç’°å¢ƒè©•ä¾¡åŸºæº–ã‚’60社ä¸15社も使ã£ã¦ã„る点ã§ã™ã€‚ç§ã¯2016å¹´ã«Vulsを開発ã—ã¦ä»¥é™è„†å¼±æ€§ç®¡ç†ã‚’テーマã«æ´»å‹•
CVE_Prioritizerã¨SploitScanã§è€ƒãˆã‚‹ã€KEV Catalog/EPSS/CVSS/SSVC | Vuls Blog
CVE_Prioritizerã¨SploitScanã§è€ƒãˆã‚‹ã€KEV Catalog/EPSS/CVSS/SSVC 概è¦EPSSã‚„KEV Catalogを有用ã«ä½¿ã†ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆãŒæœ€è¿‘出ã¦ãã¾ã—ãŸã€‚ ã“れらã«ã¤ã„ã¦å†…容を確èªã—ã€ã©ã®ã‚ˆã†ã«ä½¿ãˆã‚‹ã‹ã€åŒæ§˜ãªSSVCã¨ã©ã†é•ã†ã‹ã‚’見ã¦ã„ãã¾ã™ã€‚ CVE_Prioritizer https://github.com/TURROKS/CVE_Prioritizer SploitScan https://github.com/xaitax/SploitScan Exective Summary EPSS, KEVã®ãƒ‡ãƒ¼ã‚¿ç‰¹æ€§ã‚’考ãˆã‚‹å¿…è¦ãŒã‚ã‚‹ EPSSã¯æ©Ÿä¼šã®ã¿ã€KEVã¯æ©Ÿä¼šã¨è„†å¼±æ€§ã‚’示㙠当該プãƒã‚¸ã‚§ã‚¯ãƒˆã¯ä½¿ã„ã‚„ã™ãã€CVSSã®ã¿ã§åˆ¤æ–ã—ã¦ã„る組織ã¯ã€CVE_Prioritizerã‚’ã¾ãšã¯ä½¿ã£ã¦ã¿ã‚‹ã®ãŒè‰¯ã„ã‹ã‚‚ã—ã‚Œãªã„ 当該プãƒã‚¸ã‚§ã‚¯ãƒˆã¯ システム固
既知ã®æ‚ªç”¨ã•ã‚ŒãŸè„†å¼±æ€§ã‚«ã‚¿ãƒã‚°ï¼ˆæ—¥æœ¬èªžç‰ˆï¼‰
アメリカ政府CISAã«ã‚ˆã‚‹ã€Œæ—¢çŸ¥ã®æ‚ªç”¨ã•ã‚ŒãŸè„†å¼±æ€§ã‚«ã‚¿ãƒã‚°ã€ã®æ—¥æœ¬èªžè¨³
1
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
VulnCheck KEV - VulnCheck
Vulsã¾ã¤ã‚Š#10 | 「残æ¥ï¼Ÿæ¥é€±ã§OK?ã€é‡‘曜åˆå¾Œã®è„†å¼±æ€§å¯¾å¿œåˆ¤æ–ã«ä½¿ãˆã‚‹SSVCã®ãƒ‡ãƒ¢ | ドクセル
API Overview
VulnCheck KEV
GitHub - myseq/vcheck-cli: A cmdline tool for VulnCheck KEV.
A Deep Dive into KEV
GitHub - hogehuga/threatWatchDog
GitHub - hogehuga/epss-db: Download all epss data, and import database. We can explore the data by SQL querys!
GitHub - Ostorlab/KEV: Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
GitHub - xaitax/SploitScan: SploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated exploits.
GitHub - r3volved/CVEAggregate: Build a CVE library with aggregated CISA, EPSS and CVSS data
GitHub - TURROKS/CVE_Prioritizer: Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time threat information, gain a competitive advantage, and stay informed about the latest tre
{{#tags}}- {{label}}
{{/tags}}