products

Building cve2stix: Architecting as a cloud first service (part 6)

Products March 20, 2023

In this post I will show you the architecture of the hosted version of cve2stix.

Building cve2stix: Designing the API (part 5)

Products March 06, 2023

In this post I will show you the design decisions that went into building the cve2stix API (and why I didn’t choose TAXII).

Building cve2stix: Enriching NVD CVE data (part 4)

Products February 20, 2023

In this post I will show you how cve2stix enriches CVEs to provide additional context to each vulnerability.

Building cve2stix: Modelling NVD Data as STIX 2.1 Objects (part 3)

Products February 06, 2023

In this post I will show you how to use STIX 2.1 SDOs, SCOs, and SROs to standardised the way vulnerabilities are represented.

Building cve2stix: CPE and CVEs matching (part 2)

Products January 23, 2023

In this post I will show you how to analyse CPE combinations reported in CVEs to identify vulnerable products.

Building cve2stix: CPEs, CVEs, and the NVD APIs (part 1)

Products January 09, 2023

In this post I will introduce the important concepts of CVEs and CPEs and explain how to work with them using the NVD API.

file2stix + RSS = Structured Threat Intelligence from blog posts

Products October 03, 2022

In this post I will show you how file2stix can be used to process RSS feeds, including dealing with partial feeds and historic posts.

Building file2stix: Parse unstructured text into STIX 2.1 Objects

Products September 19, 2022

In this post I will describe some of the problems I wanted to solve building file2stix, the research that went into it, and a few tips to get up and running with the tool.

Blog