Incoming feed - CISA Known Exploited Vulnerabilities (KEV) Catalog

Note

This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Create and configure incoming feeds.

	Specifications
Transport type	CISA Known Exploited Vulnerabilities (KEV) Catalog
Content type	CISA KEV JSON
Description	Ingests CISA Known Exploited Vulnerabilities Catalog

Overview

Configure the incoming feed

1. Create or edit an incoming feed.

2. (Recommended) Exclude unstructured data. Select Advanced options > Skip extraction of observables from unstructured text.

3. Under Transport and content, fill out these fields:

   Note

   Required fields are marked with an asterisk (*).

   Field	Description
   Transport type*	Select CISA Known Exploited Vulnerabilities (KEV) Catalog from the drop-down menu.
   Content type*	Select CISA KEV JSON from the drop-down menu.
   API URL*	Default: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json

4. Store your changes by selecting Save.