Built on original research from some of the best reverse engineers in the world as well as cutting edge machine learning technology, [Exodus Intelligence’s EVE](https://vpx.exodusintel.com) platform provides deep intelligence about the latest vulnerabilities. This integration allows Cortex XSOAR users to add context regarding the nature of vulnerabilities and their likelihood to be exploited in the wild, identify platforms on which given vulnerabilities exist and have been verified to be exploitable, update incidents with specific mitigation guidance, and much more.
Exodus Intelligence’s unmatched vulnerability research capabilities and products provide unique context around your enterprise infrastructure allowing you to better prioritize protection and mitigation efforts. This rich context in conjunction with Cortex XSOAR enables many value-add use cases for alerting and contextual enrichment that would otherwise not be possible.
Some example use cases include:
- Alert on first time an internal host connects to a host on a vulnerable port
- Alert when unexpected values are passed to vulnerable code
- On incident creation enrich case with vulnerability mitigation steps
- Based on an alert regarding a targeted vulnerability, query for alerts related to other hosts with that same vulnerability (or relevant CPE)
To access Exodus Intelligence’s powerful vulnerability dataset via Cortex XSOAR, please contact Exodus Intelligence.
The EVE integration allows you to retrieve vulnerabilities using the Exodus Intelligence API. A new indicator of type Exodus Intelligence will be created for each vulnerability retrieved.
Please note that an Exodus Intelligence account is necessary to access the API. Please visit https://vpx.exodusintel.com and create an account.
Required fields:
- Email
- Password
- Private key
Optional fields:
- Min XI Score
- Max XI Score
Available Commands:
!exodus-get-indicators: Runs the integration
!exodus-reset-data-stream: Reset the integration data stream to a later date. Ie: !exodus-reset-data-stream reset=100 will reset the data stream 100 days in the past.
Exodus Intelligence’s unmatched vulnerability research capabilities and products provide unique context around your enterprise infrastructure allowing you to better prioritize protection and mitigation efforts. This rich context in conjunction with Cortex XSIAM enables many value-add use cases for alerting and contextual enrichment that would otherwise not be possible.
Some example use cases include:
- Alert on first time an internal host connects to a host on a vulnerable port
- Alert when unexpected values are passed to vulnerable code
- On incident creation enrich case with vulnerability mitigation steps
- Based on an alert regarding a targeted vulnerability, query for alerts related to other hosts with that same vulnerability (or relevant CPE)
To access Exodus Intelligence’s powerful vulnerability dataset via Cortex XSIAM, please contact Exodus Intelligence.
The EVE integration allows you to retrieve vulnerabilities using the Exodus Intelligence API. A new indicator of type Exodus Intelligence will be created for each vulnerability retrieved.
Please note that an Exodus Intelligence account is necessary to access the API. Please visit https://vpx.exodusintel.com and create an account.
Required fields:
- Email
- Password
- Private key
Optional fields:
- Min XI Score
- Max XI Score
Available Commands:
!exodus-get-indicators: Runs the integration
!exodus-reset-data-stream: Reset the integration data stream to a later date. Ie: !exodus-reset-data-stream reset=100 will reset the data stream 100 days in the past.
