脆弱性カード

Vulnerability Intelligence Cards (aka Vulnerability Cards) provide an on-demand summary of essential information related to a specific Vulnerability, and are updated in real time as Recorded Future collects new information. You can use Vulnerability Cards as a starting point when assessing whether this Vulnerability poses a specific risk to your organization, and further can be used in identifying associated indicators of compromise. Vulnerability Cards are also pivot points during investigations that start with another indicator, a malware, or a threat actor.

脆弱性カードのいくつかの共通コンポーネントの説明は、インテリジェンスカードの概要にあります。以下の詳細は、脆弱性カードに固有のものです。

リスク・スコアおよびリスク・スコア履歴グラフ:

For CVEs, the Vulnerability card presents a vulnerability risk score determined by several factors that Recorded Future considers, including the CVSS. More information can be found by looking at the Vulnerability Risk Rules.

mceclip9.png
  


各CVEには、CVEのリスクスコアが時間の経過とともにどのように変化したかを視覚化するグラフが含まれます。 グラフ内の任意の日にカーソルを合わせると、その特定の日のCVEのリスクスコアが表示され、その特定の日のCVEの重要度が示されます。 リスク・スコア履歴グラフを使用すると、効果的なパッチの優先順位付け戦略を調査および決定できます。 

リスクエビデンス、NVDサマリー、 影響を受ける製品と注目すべきリンク

For CVEs, the Vulnerability card includes the latest information about the CVE published by NIST NVD. This includes the text summary of the vulnerability, the set of affected products in the CPE (Common Platform Enumeration), and notable links as identified by NVD. Affected Products are shown with human-readable names, and you can click on any Product Identifier to see the corresponding CPE identifier and CPE well-formed name.

mceclip1.png
  

It is common for a very recently disclosed vulnerability to include partial information, while NVD is vetting and confirming portions of the disclosure.

全国由来データベースの概要:

mceclip4.png
  

タイムライン

Vulnerability Cards may show two timelines. The first timeline, colored in blue, summarizes all reported events involving this entity in the last 60 days. The second timeline summarizes reported Cyber Attack and Cyber Exploit events specifically. Each day in the cyber event timeline is color-coded by the criticality of the Cyber Threat signal for this entity on that date.

mceclip5.png
  

外部リンク

This section includes links to pages with more information about the vulnerability, specifically around patches and remediations. 

mceclip6.png
  

最近の参考文献

この脆弱性に関するダークウェブ上の最近の参照の役立つ検索。

mceclip7.png