CISA vulnerability reports added
27 May 2024
The US Cybersecurity and Infrastructure Security Agency (CISA) maintains a very useful list of actively abused vulnerabilities. That list is now available in ShadowTrackr internally as extra fields on the cves index. The specific fields are mentioned in the
cves index documentation.
To save you some effort there are 3 new reports available in the
report library that use this data:
CISA - Your vulnerable assets
A report with your assets that have CVEs mentioned by CISA. These are actively exploited, you want this list to be empty.
CISA - Most recent CVEs
A list of all vulnerabilities that CISA added to their list in the last month
CISA - Most exploited products
An overview of the products that where most often exploited in the last 3 months.
More vulnerabilities found
21 May 2024
As you might notice in the software vulnerabilities and weekly reports, as of last weekend ShadowTrackr finds more vulnerabilities. The CVE database is completely renewed, and with it we have a new version matching algorithm that is better than the previous one.
The vulnerabilities are still shown in the same way as before, it's just that more are detected.
One thing that is different is that the CVE database is also available as an index in ShadowTrackr, and you can query it if you want, for instance:
index=cves product=nginx cvss_score>8
Or:
index=cves product=php version=8.2.8
The primary reason to create and index for the CVEs is to be able to us it in reports. Some additional information still needs to be added for that to be really useful, but the first steps have been taken now :-)
More cipher fields in certifcates
06 May 2024
Again some new fields are added to certificates:
- cipherorder_sslv3
- cipherorder_tlsv1
- cipherorder_tlsv1_1
- cipherorder_tlsv1_2
- cipherorder_tlsv1_3
You can use these to build queries like this one, which finds all certificates on servers that still support RC4 ciphers:
index=certificates cipherorder_sslv3=*RC4* OR
cipherorder_tlsv1=*RC4* OR cipherorder_tlsv1_1=*RC4* OR
cipherorder_tlsv1_2=*RC4* OR cipherorder_tlsv1_3=*RC4*