User Guide

Synapse-US-CISA User Guide

Synapse-US-CISA adds new Storm commands to ingest data sources published by the US CISA, including the Known Exploited Vulnerabilities list.

Getting Started

Check with your Admin to enable permissions.

Loading the Known Exploited Vulnerabilities list

To synchronize the currently published CISA KEV into your Synapse instance run the following command:

us.cisa.kev.sync

This will yield risk:vuln nodes populated with the CISA Known Exploited Vulnerabilities metadata. The command is safe to run again, and may be added to a cron job to ensure you synchronize any future changes.

Use of meta:source nodes

Synapse-US-CISA uses a meta:source node and -(seen)> light weight edges to track nodes observed from each published data source.

> meta:source=d356266dee430ac3132d19e9d831b844
meta:source=d356266dee430ac3132d19e9d831b844
        .created = 2024/04/17 17:19:00.065
        :name = cisa known exploited vulnerabilities

Storm can be used to filter nodes to include/exclude nodes which have been observed by Synapse-US-CISA. The following example shows how to filter the results of a query to include only results observed by Synapse-US-CISA:

> #cool.tag.lift +{ <(seen)- meta:source=d356266dee430ac3132d19e9d831b844 }