The NVD are still struggling to keep up with the backlog of CVEs to be analysed. With 26,876 added since February, it is no surprise.

The CVE List was launched in September 1999, listing 321 CVE records. 25 years later there are 265,767 CVE records.

We built an open-source TAXII server, Arango TAXII Server. Here are some examples of how you can consume data from it using a TAXII Client.

Follow along as I show you how to store 200,000 CVEs as STIX objects, then use CVSS, EPSS, CISA KEV and CPE data to search and filter them.

txt2stix + stix2arango + arango_taxii_server = a robust and flexible setup for storing and distributing cyber threat intelligence you've produced.

After becoming ever-more frustrated by intelligence producers naming the same ransomware slightly differently, and with ATT&CK missing lots of ransomware types, I finally got around to trying to solve the problem.

Developing on last weeks post, I show you how to construct STIX Patterns to automatically flag which products are affected by published CVEs.

I wanted to write detection rules to identify what products are vulnerable to a CVE. In this post I walk you through my research.

Turn card numbers into STIX 2.1 objects. Enrich the data with issuer information. Track transactions made by the card. Then link the cards and transactions to other STIX objects in your research (Actors, Incidents, etc.).

I recently conducted a project to identify the most prolific ransomware based on the ransom payments being made. Let me walk you through how I did it.