Supported Cortex XSOAR versions: 6.0.0 and later.
Qintel’s Patch Management Intelligence (PMI) product simplifies the vulnerability management process by providing vital context around reported Common Vulnerabilities and Exposures. With this integration, users can query PMI to surface CVEs that are known by Qintel to be leveraged by eCrime and Nation State adversaries. This integration was integrated and tested with version 0.16.0 of PMI
Navigate to Settings > Integrations > Servers & Services.
Search for QintelPMI.
Click Add instance to create and configure a new integration instance.
Parameter Required PMI API URL (optional) False Qintel Credentials True Password True Trust any certificate (not secure) False Use system proxy settings False
Click Test to validate the URLs, token, and connection.
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Queries Qintel for CVE intelligence
|cve||List of CVEs.||Required|
|CVE.ID||String||The ID of the CVE, for example: CVE-2015-1653|
|CVE.CVSS||String||The CVSS of the CVE, for example: 10.0|
|CVE.Published||Date||The timestamp of when the CVE was published.|
|CVE.Modified||Date||The timestamp of when the CVE was last modified.|
|CVE.Description||String||A description of the CVE.|
|Qintel.CVE.ID||string||The ID of the CVE|
|Qintel.CVE.AffectedSystem||string||Systems affected by the CVE|
|Qintel.CVE.AffectedVersions||string||Systems affected by the CVE|
|Qintel.CVE.LastObserved||string||Last threat actor observation time|
|Qintel.CVE.Observations||array||List of observations|
Vulnerability in Example System affecting versions: 1.0, 1.1 Last observed: 2021-04-20 04:00:00 |actor|actor_type|exploit_type|exploit_notes|date_observed| |---|---|---|---|---| | Unattributed Threat Actor | other | cve | | 2021-04-20 04:00:00 |