Skip to main content

Cybersixgill DVE Enrichment

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Powered by the broadest automated collection from the deep and dark web, Cybersixgill’s Dynamic Vulnerability Exploit (DVE) Score is a feed of common known vulnerabilities, scored by their probability of getting exploited. The DVE Score feed enables Cortex XSOAR users to track threats from vulnerabilities that others define as irrelevant, but have a higher probability of being exploited. It is the only solution that predicts the immediate risks of a vulnerability based on threat actors’ intent.

DVE Score is also the most comprehensive CVE enrichment solution on the market: Cortex XSOAR users gain unparalleled context and can accelerate threat response and decision making, effectively giving security teams a head start on vulnerability management.

· Anticipate the exploitation of a vulnerability up to 90 days in advance · Track threats from CVEs that most others define as irrelevant or obsolete, but a higher probability of being exploited by active cyber threat actors. · Gain visibility as well as the ability to prioritize and articulate the remediation process across the organization - straight from Cortex XSOAR

To obtain access to Cybersixgill DVE Score feed via Cortex XSOAR, please contact Cybersixgill at getstarted@cybersixgill.com.

Configure Sixgill_Darkfeed_Enrichment on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for "Cybersixgill DVE Enrichment".

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Sixgill API client IDSixgill API client IDTrue
    Sixgill API client secretSixgill API client secretTrue
    insecureTrust any certificate (not secure)False
    proxyUse system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

cybersixgill-cve-enrich#


Returns information for each CVE in the input list

Base Command#

cybersixgill-cve-enrich

Input#

Argument NameDescriptionRequired
cve_idA comma-separated list of CVEs to check.Required

Context Output#

PathTypeDescription
Sixgill.CVE.valueStringThe value of the CVE.
Sixgill.CVE.DescriptionStringDescription of the given DVE ID.
Sixgill.CVE.CreatedDateThe creation date of the CVE.
Sixgill.CVE.ModifiedDateThe modified date of the CVE.
Sixgill.CVE.Cybersixgill_DVE_score_currentStringThe current Cybersixgill DVE Score.
Sixgill.CVE.Cybersixgill_DVE_score_highest_ever_dateStringThe date on which Sixgill's highest DVE score ever reported.
Sixgill.CVE.Cybersixgill_DVE_score_highest_everStringSixgill's highest DVE score ever reported.
Sixgill.CVE.Cybersixgill_Previously_exploited_probabilityStringSixgill's score of previously exploited probability.
Sixgill.CVE.Previous_LevelStringPrevious level of the CVE ID.
Sixgill.CVE.CVSS_3_1_scoreStringCVSS 3.1 score.
Sixgill.CVE.CVSS_3_1_severityStringCVSS 3.1 severity.
Sixgill.CVE.NVD_LinkStringNVD link.
Sixgill.CVE.NVD_last_modified_dateDateNVD last modified date.
Sixgill.CVE.NVD_publication_dateDateNVD publication date.
Sixgill.CVE.CVSS_2_0_scoreStringCVSS 2.0 score.
Sixgill.CVE.CVSS_2_0_severityStringCVSS 2.0 severity.
Sixgill.CVE.NVD_Vector_V2_0StringNVD vector v2.0.
Sixgill.CVE.NVD_Vector_V3_1StringNVD vector v3.1.
Sixgill.CVE.rawJSONStringThe raw JSON of the CVE entich information.

Command Example#

Human Readable Output#