Flashpoint Vulnerability Feed
This Integration is part of the Flashpoint Vulnerability Feed Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.10.0 and later.
Flashpoint Vulnerability Feed Integration allows importing vulnerability intelligence from the Flashpoint platform, empowering teams to reduce exposure windows by identifying high-risk vulnerabilities weeks before public sources. This includes independent research, zero-day disclosures, analyst recommendations, affected and non-affected versions, and over 105,000 vulnerabilities not found in the public NVD/CVE feeds database. This integration was integrated and tested with API v1 of Flashpoint.
Fetch Indicators#
Fetching the Ignite vulnerabilities. The vulnerabilities that are updated after the provided "First fetch time" will be fetched in the ascending order.
Configure Flashpoint Vulnerability Feed in Cortex#
| Parameter | Description | Required |
|---|---|---|
| Server URL | Server URL to connect to Flashpoint Ignite. | True |
| API Key | API key used for secure communication with the Flashpoint Ignite platform. | True |
| First Fetch Time | Backfill vulnerabilities by providing date or relative timestamp. Formats accepted: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ. Default: 3 days. | False |
| Fetch indicators | Enable to fetch indicators. | False |
| Indicator Reputation | Indicators from this integration instance will be marked with this reputation. | False |
| Source Reliability | Reliability of the source providing the intelligence data. | True |
| Traffic Light Protocol Color | The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. | False |
| Ransomware Score | Filter by Ransomware score. | False |
| Attack Types | Filter by Attack type classification. | False |
| Severity | Filter by severity, which is calculated based on CVSS values. | False |
| Product Names | Filter by associated product names (case-insensitive). | False |
| Vendor Names | Filter by associated vendor names (case-insensitive). | False |
| CWE IDs | Filter by CWE IDs assigned by Mitre. | False |
| Minimum CVSS v2 Score | Filter by lower limit of the CVSS v2 score. Prioritizes Flashpoint generated scores when possible. Example value 7.0 Note: Value must be a float between 0 and 10. | False |
| Maximum CVSS v2 Score | Filter by upper limit of the CVSS v2 score. Prioritizes Flashpoint generated scores when possible. Example value 10.0 Note: Value must be a float between 0 and 10. | False |
| Minimum CVSS v3 Score | Filter by lower limit of the CVSS v3 score. Prioritizes Flashpoint generated scores when possible. Example value 7.0 Note: Value must be a float between 0 and 10. | False |
| Maximum CVSS v3 Score | Filter by upper limit of the CVSS v3 score. Prioritizes Flashpoint generated scores when possible. Example value 10.0 Note: Value must be a float between 0 and 10. | False |
| Minimum CVSS v4 Score | Filter by lower limit of the CVSS v4 score. Prioritizes Flashpoint generated scores when possible. Example value 7.0 Note: Value must be a float between 0 and 10. | False |
| Maximum CVSS v4 Score | Filter by upper limit of the CVSS v4 score. Prioritizes Flashpoint generated scores when possible. Example value 10.0 Note: Value must be a float between 0 and 10. | False |
| Reference Types | Filter by reference types. | False |
| Reference Values | Filter by reference values. Use with Reference Types to filter by specific reference type. | False |
| Locations | Filter by location type classification. | False |
| Minimum EPSS v3 Score | Filter by lower limit of the EPSS v3 score. Example value 0.5 Note: Value must be a float between 0 and 1. | False |
| Maximum EPSS v3 Score | Filter by upper limit of the EPSS v3 score. Example value 1.0 Note: Value must be a float between 0 and 1. | False |
| Filter by Tags | Filter vulnerabilities by tags. | False |
| feedExpirationPolicy | False | |
| feedExpirationInterval | False | |
| Feed Fetch Interval | Interval in minutes to fetch indicators. | False |
| Create relationships | Create relationships between indicators as part of Enrichment. | False |
| Bypass exclusion list | When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. | False |
| Tags | Provides the tags to be added to the indicators. Supports CSV values. | False |
| Trust any certificate (not secure) | Indicates whether to allow connections without verifying SSL certificate's validity. | False |
| Use system proxy settings | Indicates whether to use XSOAR's system proxy settings to connect to the API. | False |
Enable enrichment#
To enable enrichment for the "Flashpoint Vulnerability" and "CVE" indicator types to retrieve the latest information, follow the steps below:
- Install the "Flashpoint" content pack or update it to version 2.2.0 or later.
- Configure the "Flashpoint Ignite" integration to allow the execution of enrichment commands. The Fetch Incidents option is not required for this setup.
- [Optional] Open the "Flashpoint Vulnerability" or "CVE" indicator and click the "Enrich" button to retrieve the latest information.
Commands#
You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
flashpoint-vulnerability-get-indicators#
Retrieves indicators from the Flashpoint Vulnerability Feed. It displays the content of the fetch-indicators command.
Base Command#
flashpoint-vulnerability-get-indicators
Input#
| Argument Name | Description | Required |
|---|---|---|
| last_touched_after | Get vulnerabilities that were last touched after the specified date or relative timestamp. Formats accepted: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ. Default is 3 days. | Optional |
| last_touched_before | Get vulnerabilities that were last touched before the specified date or relative timestamp. Formats accepted: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ. Default is now. | Optional |
| ransomware_scores | Filter by Ransomware score. Possible values are: Critical, High, Medium, Low. | Optional |
| attack_types | Filter by Attack type classification. Possible values are: Authentication Management, Cryptographic, Infrastructure, Input Manipulation, Misconfiguration, Man-In-The-Middle (MITM), Other, Race Condition, Attack Type Unknown. | Optional |
| severities | Filter by severity, which is calculated based on CVSS values. Possible values are: Critical, High, Medium, Low, Informational. | Optional |
| products | Filter by associated product names (case-insensitive). | Optional |
| vendors | Filter by associated vendor names (case-insensitive). | Optional |
| cwe_ids | Filter by CWE IDs assigned by Mitre. | Optional |
| min_cvssv2_score | Filter by lower limit of the CVSSv2 score. Prioritizes Flashpoint generated scores when possible. Example value 7.0 Note: Value must be a float between 0 and 10. | Optional |
| max_cvssv2_score | Filter by upper limit of the CVSSv2 score. Prioritizes Flashpoint generated scores when possible. Example value 10.0 Note: Value must be a float between 0 and 10. | Optional |
| min_cvssv3_score | Filter by lower limit of the CVSSv3 score. Prioritizes Flashpoint generated scores when possible. Example value 7.0 Note: Value must be a float between 0 and 10. | Optional |
| max_cvssv3_score | Filter by upper limit of the CVSSv3 score. Prioritizes Flashpoint generated scores when possible. Example value 10.0 Note: Value must be a float between 0 and 10. | Optional |
| min_cvssv4_score | Filter by lower limit of the CVSSv4 score. Prioritizes Flashpoint generated scores when possible. Example value 7.0 Note: Value must be a float between 0 and 10. | Optional |
| max_cvssv4_score | Filter by upper limit of the CVSSv4 score. Prioritizes Flashpoint generated scores when possible. Example value 10.0 Note: Value must be a float between 0 and 10. | Optional |
| ref_types | Filter by reference types. Possible values are: Bug Tracker, Bugtraq ID, CERT, CERT VU, CIAC Advisory, CVE ID, D2 Elliot, DISA IAVA, Exploit Activity, Exploit Database, Flashpoint, Generic Exploit URL, Generic Informational URL, Immunity CANVAS, Immunity CANVAS (D2ExploitPack), Immunity CANVAS (White Phosphorus), ISS X-Force ID, Japan Vulnerability Notes, Keyword, Mail List Post, Metasploit URL, Microsoft Knowledge Base Article, Microsoft Security Bulletin, Nessus Script ID, News Article, Nikto Item ID, Other Advisory URL, Other Solution URL, OVAL ID, Packet Storm, RedHat RHSA, Related VulnDB ID, SCIP VulDB ID, Secunia Advisory ID, Security Tracker, Snort Signature ID, Tenable PVS, US-CERT Cyber Security Alert, Vendor Specific Advisory URL, Vendor Specific Solution URL, Vendor URL, Vendor Specific News/Changelog Entry, VUPEN Advisory. | Optional |
| ref_values | Filter by reference values. Use with Reference Types to filter by specific reference type. | Optional |
| locations | Filter by location type classification. Possible values are: Context Dependent, Dial-up Access Required, Local Access Required, Legacy: Local / Remote, Mobile Phone / Hand-held Device, Physical Access Required, Remote / Network Access, Location Unknown, Wireless Vector. | Optional |
| min_epss_score | Filter by lower limit of the EPSS v3 score. Example value 0.5 Note: Value must be a float between 0 and 1. | Optional |
| max_epss_score | Filter by upper limit of the EPSS v3 score. Example value 1.0 Note: Value must be a float between 0 and 1. | Optional |
| tags | Filter vulnerabilities by tags. | Optional |
| limit | The maximum number of indicators to return. Default is 50. | Optional |
| from | Offset for pagination. Default is 0. | Optional |
Context Output#
There is no context output for this command.
Command Example#
Human Readable Output#
Vulnerabilities#
ID Indicator Value Title Vulnerability Status EPSS Score Ransomware Score Published Modified Description Solution Technical Description Tags CVSS v2 CVSS v3 CVSS v4 Products CWEs Exploits Count External References 111111 CVE-YYYY-XXXX Sample Vulnerability Title Active 0.001 None 2026-01-01T00:00:00Z 2026-01-01T00:00:00Z This is a dummy description for testing purposes. Upgrade to a fixed version. Dummy technical details go here. dummy - access_vector: NETWORK
access_complexity: MEDIUM
authentication: SINGLE_INSTANCE
confidentiality_impact: NONE
integrity_impact: NONE
availability_impact: COMPLETE
source: Flashpoint
generated_at: 2026-01-01T00:00:00Z
score: 5.0- attack_vector: NETWORK
attack_complexity: LOW
privileges_required: NONE
user_interaction: NONE
scope: UNCHANGED
confidentiality_impact: NONE
integrity_impact: NONE
availability_impact: HIGH
source: NVD
generated_at: 2026-01-01T00:00:00Z
score: 7.5
vector_string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
version: 3.1
updated_at: 2026-01-01T00:00:00Z
- attack_vector: NETWORK
attack_complexity: LOW
privileges_required: NONE
user_interaction: NONE
scope: UNCHANGED
confidentiality_impact: HIGH
integrity_impact: LOW
availability_impact: NONE
source: Flashpoint
generated_at: 2026-01-01T00:00:00Z
score: 8.2
vector_string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
version: 3.1
updated_at: 2026-01-01T00:00:00Z- score: 7.1
threat_score: 7.1
source: NVD
generated_at: 2026-01-01T00:00:00Z
updated_at: 2026-01-01T00:00:00Z
vector_string: CVSS:4.0/AV:N/AC:L/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
version: 4.0
attack_vector: NETWORK
attack_complexity: LOW
attack_requirements: NONE
privileges_required: NONE
user_interaction: NONE
exploit_maturity: NOT_DEFINED
vulnerable_system_confidentiality_impact: NONE
vulnerable_system_integrity_impact: NONE
vulnerable_system_availability_impact: HIGH
subsequent_system_confidentiality_impact: NONE
subsequent_system_integrity_impact: NONE
subsequent_system_availability_impact: NONE
- score: 9.2
threat_score: 9.2
source: Flashpoint
generated_at: 2026-01-01T00:00:00Z
updated_at: 2026-01-01T00:00:00Z
vector_string: CVSS:4.0/AV:N/AC:L/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
version: 4.0
attack_vector: NETWORK
attack_complexity: LOW
attack_requirements: NONE
privileges_required: NONE
user_interaction: NONE
exploit_maturity: NOT_DEFINED
vulnerable_system_confidentiality_impact: HIGH
vulnerable_system_integrity_impact: LOW
vulnerable_system_availability_impact: NONE
subsequent_system_confidentiality_impact: NONE
subsequent_system_integrity_impact: NONE
subsequent_system_availability_impact: NONE- id: 123
name: Sample Product
versions:
- id: 456
vulndb_version_id: 789
name: 1.0.0
affected: Affected
all_prior_versions_affected: false
cpes:
- name: cpe:2.3🅰️vendor:product:1.0.0:::::::*
source: Flashpoint-specified
- name: cpe:2.3🅰️vendor:product:1.0.1:::::::*
source: Flashpoint-specified
vendor_id: 456
vendor: Sample Vendor- cwe_id: 999
name: Dummy CWE
source: example
cve_ids: CVE-YYYY-XXXX0 - value: https://example.com/advisory
type: Vendor Specific Advisory URL
url: https://example.com/advisory
created_at: 2026-01-01T00:00:00Z