admin / SAynapse-Horizon
publicSelf Hosted Cyber Threat Intelligence Hub
SAynapse-Horizon / Synapse-Horizon / backend / src / sources / cisakev.js
1713 B · main
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 | import { makeIoc, fetchWithTimeout, ok, failed, SEVERITY } from '../normalize.js' // CISA Known Exploited Vulnerabilities — public JSON, no auth required. const URL = 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json' const LIMIT = 25 export const meta = { key: 'cisakev', requiresKey: false } export function configured() { return true } export async function fetchSource() { const res = await fetchWithTimeout(URL) const data = await res.json() const vulns = Array.isArray(data?.vulnerabilities) ? data.vulnerabilities : [] // Newest additions first. const recent = [...vulns] .sort((a, b) => new Date(b.dateAdded) - new Date(a.dateAdded)) .slice(0, LIMIT) const iocs = recent.map((v) => { const ransomware = /known/i.test(v.knownRansomwareCampaignUse || '') const vendor = v.vendorProject || 'Unknown vendor' const product = v.product || 'affected product' return makeIoc('cisakev', { detectedAt: v.dateAdded, severity: SEVERITY.CRITICAL, category: 'Active Exploitation', indicator: v.cveID, indicatorType: 'cve', target: `${v.cveID} · ${vendor} ${product}`, confidence: 100, mitre: [{ id: 'T1190', name: 'Exploit Public-Facing Application' }], headline: `Active Exploitation: ${v.cveID} in ${vendor} ${product} added to CISA Known Exploited Vulnerabilities catalog${ ransomware ? ' (known ransomware use)' : '' }`, raw: v, stix: { type: 'vulnerability', name: v.cveID, external_references: [{ source_name: 'cve', external_id: v.cveID }], labels: ['exploited-in-the-wild'], }, }) }) return ok(iocs) } |