User Guide
Synapse-US-CISA User Guide
Synapse-US-CISA adds new Storm commands to ingest data sources published by the US CISA, including the Known Exploited Vulnerabilities list.
Getting Started
Check with your Admin to enable permissions.
Loading the Known Exploited Vulnerabilities list
To synchronize the currently published CISA KEV into your Synapse instance run the following command:
us.cisa.kev.sync
This will yield risk:vuln
nodes populated with the CISA Known Exploited
Vulnerabilities metadata. The command is safe to run again, and may be added
to a cron job to ensure you synchronize any future changes.
Use of meta:source
nodes
Synapse-US-CISA uses a meta:source
node and -(seen)>
light
weight edges to track nodes observed from each published data source.
> meta:source=d356266dee430ac3132d19e9d831b844
meta:source=d356266dee430ac3132d19e9d831b844
.created = 2024/12/20 18:16:53.859
:name = cisa known exploited vulnerabilities
Storm can be used to filter nodes to include/exclude nodes which have been observed by Synapse-US-CISA. The following example shows how to filter the results of a query to include only results observed by Synapse-US-CISA:
> #cool.tag.lift +{ <(seen)- meta:source=d356266dee430ac3132d19e9d831b844 }