Skip to main content
Ctrl+K
Logo image Logo image

EclecticIQ Integrations

Site Navigation

  • EclecticIQ Integrations Life Cycle Policy
  • Generic
  • Integrations
  • Developers

Section Navigation

  • AlienVault
    • Incoming feed - AlienVault OTX Pulses Feed
  • BFK
    • Incoming feed - BFK API
  • Binary Defense
    • Incoming feed - Binary Defense Systems Artillery Threat Intelligence Feed
  • Bitdefender
    • Incoming feed - Bitdefender Advanced Threat Intelligence Domain Feed
    • Incoming feed - Bitdefender Advanced Threat Intelligence Hash Feed
    • Incoming feed - Bitdefender Advanced Threat Intelligence IP Feed
  • Censys
    • Enricher - Censys
  • CentralOps
    • Enricher - CentralOps Domain Dossier
  • CIRCL
    • Enricher - CIRCL IPs related to SSL certificate
    • Enricher - CIRCL SSL Certificate Fetcher
    • Enricher - CVE Search
    • Incoming feed - CVE Search API
  • CISA
    • Incoming feed - CISA Known Exploited Vulnerabilities (KEV) Catalog
  • Cisco
    • Enricher - Cisco ASN Info
    • Enricher - Cisco DNS RR History
    • Enricher - Cisco Malicious Domains
    • Enricher - Cisco Related Domains
    • Enricher - Cisco Threat Grid
    • Enricher - Cisco Umbrella Threat Grid integration
    • Enricher - Cisco Whois
    • Incoming feed - Cisco Threat Grid Curated Feed
    • Incoming feed - Cisco Threat Grid Samples API
  • Cofense
    • Incoming feed - Cofense PhishMe Intelligence
  • CrowdStrike
    • Enricher - CrowdStrike Enricher
    • Enricher - Crowdstrike Vulnerability Intelligence (Related Reports) Enricher
    • Enricher - Crowdstrike Vulnerability Intelligence (Related Threat Actors) Enricher
    • Incoming feed - Crowdstrike Falcon Intelligence Indicator Feed
    • Incoming feed - Crowdstrike Falcon Intelligence Reports Feed
    • Incoming feed - Crowdstrike Falcon Intelligence Threat Actor Feed
    • Incoming feed - Crowdstrike Falcon Intelligence Yara Rule Feed
    • Outgoing feed - Crowdstrike Falcon Custom IOC upload
    • Outgoing feed - Crowdstrike Falcon LogScale Outgoing feed
  • cybercrime-tracker.net
    • Incoming feed - Cybercrime Tracker
    • Incoming feed - Cybercrime Tracker Domain Provider
    • Incoming feed - Cybercrime Tracker Zbot Provider
  • Cybereason
    • Outgoing feed - Cybereason
  • Cyfirma
    • Enricher - Cyfirma Threat IOC Search Enricher
  • Digital Shadows
    • Incoming feed - Digital Shadows Searchlight Global Incidents Provider
    • Incoming feed - Digital Shadows Searchlight Private Incidents Provider
  • DomainTools
    • Enricher - DomainTools Iris Investigate
  • Dragos
    • Incoming feed - Dragos Threat Feed
  • DShield
    • Enricher - DShield
  • EclecticIQ
    • Incoming feed - EclecticIQ Commercial Sources Feed
    • Incoming feed - EclecticIQ Open Sources Feed
  • Elasticsearch
    • Enricher - Elasticsearch sightings
  • Exabeam
    • Incoming feed - Exabeam Event Feed
    • Outgoing feed - Exabeam Outgoing Feed
  • Farsight Security
    • Enricher - Farsight DNSDB
  • Feedly for Threat Intelligence
    • Incoming feed - Feedly for Threat Intelligence Streams
  • Flashpoint
    • Incoming feed - Flashpoint Indicator feed
    • Incoming feed - Flashpoint Intelligence Reports Provider
  • Forcepoint
    • Outgoing feed - Forcepoint
  • Fox-IT
    • Enricher - Fox-IT InTELL Portal
  • GreyNoise
    • Enricher - GreyNoise API
    • Incoming feed - GreyNoise Noise Incoming Feed
  • Group-IB
    • Incoming feed - Group-IB APT Threat
    • Incoming feed - Group-IB Brand Abuse Phishing Kit
    • Incoming feed - Group-IB Compromised Data Accounts
    • Incoming feed - Group-IB Compromised Data Cards
    • Incoming feed - Group-IB Human Intelligence Threat
    • Incoming feed - Group-IB Malware C2
    • Incoming feed - Group-IB Attacks Phishing
    • Incoming feed - Group-IB Phishing Brand Abuse
    • Incoming feed - Group-IB Attacks Phishing Kit
    • Incoming feed - Group-IB Suspicious IP Socks Proxy
  • Hybrid Analysis
    • Enricher - HybridAnalysis
  • Infoblox
    • Outgoing feed - Infoblox NIOS
  • Intel 471
    • Enricher - Intel 471 Adversary Intelligence Enricher
    • Enricher - Intel 471 Posts Enricher
    • Incoming feed - Intel 471 Adversary Intelligence Feed
    • Incoming feed - Intel 471 Malware Intelligence Reports Feed
    • Incoming feed - Intel 471 Vulnerability Intelligence
    • Incoming feed - Intel 471 Watcher Alerts
  • IntSights
    • Incoming feed - IntSights Alerts
  • Joe Security
    • Incoming feed - JoeSandbox Analysis Feed
  • Kaspersky
    • Enricher - Kaspersky
    • Incoming feed - Kaspersky APT Reports
    • Incoming feed - Kaspersky Threat Intelligence
  • Risk Analytics (formerly Malware Domains)
    • Incoming feed - Malwaredomains Provider
  • Mandiant (previously FireEye)
    • Enricher - FireEye iSIGHT
    • Incoming feed - FireEye iSIGHT Intelligence Report API
    • Incoming feed - Mandiant Threat Intelligence Feed v4 (Campaign Feed)
    • Incoming feed - Mandiant Threat Intelligence Feed v4 (Indicator Feed)
    • Incoming feed - Mandiant Threat Intelligence Feed v4 (Malware Feed)
    • Incoming feed - Mandiant Threat Intelligence Feed v4 (Report Feed)
    • Incoming feed - Mandiant Threat Intelligence Feed v4 (Threat Actor Feed)
    • Incoming feed - Mandiant Threat Intelligence Feed v4 (Vulnerability Feed)
  • MaxMind
    • Enricher - MaxMind GeoIP
  • Microsoft
    • Enricher - Microsoft Defender Threat Intelligence
    • Incoming feed - Microsoft Sentinel Alerts Feed
    • Outgoing feed - Microsoft Azure Sentinel Outgoing Feed
  • MISP
    • Enricher - MISP API enricher
    • Incoming feed - MISP
    • Outgoing feed - MISP
  • NCFTA
    • Incoming feed - NCFTA ListServ Intel
  • NSFOCUS
    • Enricher - NSFocus Intelligence
    • Incoming feed - NSFocus Provider
  • NVD
    • Incoming feed - NVD - Vulnerability Intelligence Feed
  • OpenPhish
    • Incoming feed - OpenPhish
  • OpenResolve (Cisco)
    • Enricher - OpenResolve
  • Palo Alto Networks
    • Enricher - Palo Alto Autofocus
    • Incoming feed - Palo Alto Autofocus Hash Feed 1
    • Incoming feed - Palo Alto Networks Auto Focus Threat Intelligence
    • Incoming feed - Palo Alto PAN-OS Traffic Report
    • Outgoing feed - Palo Alto PAN-OS External Dynamic List
  • RiskIQ PassiveTotal (Microsoft)
    • Enricher - PassiveTotal IP/Domain
    • Enricher - PassiveTotal Malware
    • Enricher - PassiveTotal Passive DNS
    • Enricher - PassiveTotal Whois
  • PhishTank
    • Enricher - PhishTank
  • Proofpoint
    • Enricher - Proofpoint Email Threat
    • Incoming feed - Proofpoint Email Brand Defense
  • PyDat
    • Enricher - PyDat
  • Qualys
    • Enricher - Qualys Enricher
  • Recorded Future
    • Enricher - Recorded Future
    • Incoming feed - Recorded Future Analyst Note Feed
    • Incoming feed - Recorded Future Domain Feed
    • Incoming feed - Recorded Future Hash Feed
    • Incoming feed - Recorded Future IP Feed
    • Incoming feed - Recorded Future URL Feed
    • Incoming feed - Recorded Future Vulnerability Feed
  • RIPEstat
    • Enricher - RIPEstat GeoIP
    • Enricher - RIPEstat Whois
  • Shodan
    • Enricher - Shodan
  • Sigma rules
    • Incoming feed - SigmaHQ Rules Feed
  • Silobreaker
    • Enricher - Silobreaker
    • Incoming feed - Silobreaker
  • Splunk
    • Enricher - Splunk sightings
  • SpyCloud
    • Enricher - SpyCloud Breach Data
    • Incoming feed - SpyCloud Breach API
    • Incoming feed - SpyCloud Watchlist Ingest
  • ThreatCrowd
    • Enricher - ThreatCrowd
  • Red Sky Alliance (formerly Wapack Labs)
    • Incoming feed - Threat Recon
  • Unshorten.me
    • Enricher - Unshorten-URL
  • VirusTotal
    • Enricher APIv3
      • Domain
      • Virus Total | APIv3 | Hash enricher
      • IP
      • URL
    • Enricher APIv2
    • Incoming feed
  • VMRay
    • Incoming feed - VMRay Malware Submission Feed
  • Webroot
    • Enricher - Webroot
  • XMCO
    • Incoming feed - XMCO YUNO advisories
  • YARA rules
    • Incoming feed - YARA Rules Project
  • ZoomInfo
    • Enricher - ZoomInfo Company Enricher
  • Zscaler
    • Outgoing feed - Zscaler Outgoing Feed

Enricher - CVE Search#

Note

This article describes how to configure a particular enrichment source. To see how to configure enrichers in general, see Configure enrichers.

Specifications

Enricher name

CVE Search

Input

CVE.

Output

Enriches supported observable types with CVE details.

API endpoint

https://cve.circl.lu/api/cve/

Description\

Enriches supported observable types with information about common software and hardware vulnerabilities, along with the corresponding exposures. The enricher contacts the Computer Incident Response Center Luxembourg (CIRCL) cve-search API to retrieve all the available details associated with the input CVE IDs. CVE information about common software and hardware vulnerabilities, along with the corresponding exposures, is stored in the platform as enrichment observables.

Configure the CVE Search enricher parameters#

  1. Edit the enricher.

  2. From the Observable types drop-down menu, select one or more observable types you want to enrich with data retrieved through the CVE Search enricher.

  3. In the CVE API URL field is automatically filled in with the default domain for the endpoint.
    You can add a proxy or set up ports according to your needs.
    Default value: https://cve.circl.lu/api/cve/.

  4. To store your changes, click Save; to discard them, click Cancel.

previous

Enricher - CIRCL SSL Certificate Fetcher

next

Incoming feed - CVE Search API
On this page
  • Configure the CVE Search enricher parameters