Get Started Now

Get Started with a Free account on our PRIOn Knowledge Base

PRIOn KB – Vulnerability triage made simple

PRIOn Knowledge Base (PRIOn KB) is an online SaaS platform that enables the triaging of publicly disclosed vulnerabilities from the Common Vulnerability Exposure (CVE) program. The main purpose of the PRIOn KB platform is to assist users to analyze and prioritize vulnerabilities, without solely relying on Common Vulnerability Scoring System (CVSS) exploitability metrics.

What are the benefits of PRIOn

Fast, Comprehensive and Easy Vulnerability Triaging
Automates the enrichment and the analysis of CVEs. The triage phase makes the examination of a vulnerability fast, comprehensive and easy. It reduces human workload, it saves money and it provides comprehensive information about a vulnerability itself.
Automated Vulnerability Prioritization
Automates the prioritization of the identified vulnerabilities. It provides an actionable quantifiable risk score for each vulnerability. Internal teams will be able to develop a proper remediation plan on focusing into which vulnerabilities must be fixed first.
Third Party Contextualized Intelligence
Collects contextualized intelligence information from a dozen of external sources. Engine collects artifacts such as exploitability, vulnerabilities exploited in the wild, media & news trends and threat actors activity. Internal teams will be able to determine which vulnerability poses the most significant threat.
Cyber Security Frameworks Predictive Modeling
Gains further insights by linking a CVE description with various cyber security classification taxonomy frameworks, including MITRE ATT&CK (Impact), CAPEC (Attack Pattern), CWE (Weakness), OWASP TOP Ten (Impact) and DISA STIGs (Technical Guide) respectively. The PRIOn engine used a predictive technology (deep learning techniques) with a confirmed 96% accuracy rate.
Vulnerability Type Predictive Modeling
A vulnerability type is determined so teams can know the type of the vulnerability, e.g. remote code execution, denial of service etc, without needing to go through the entire CVE description. Again, the PRIOn engine uses a predictive technology (deep learning techniques) with a confirmed 82% accuracy rate.
Machine Readable Format
Supports REST API, which exposes a number of endpoints providing access, programmatically, to PRIOn crunched data. Teams are able to consume those data and integrate them with their existing internal cyber security tools such as SIEM, SOAR etc.

Who uses PRIOn KB?

The most common users of PRIOn KB are from the Computer & Network Security Industry. We have seen interest, primarily, by the following user personas:

      • (IT) Security Engineers/Managers

      • System Administrators

      • (Chief) Information Security Officers

      • Cyber Security Consultants

      • Cyber Security Analysts/Experts

      • Threat Detection Engineers

      • Cyber Defense Specialists

      • Penetration Testers/Red team members

      • Offensive Security Managers

      • Information System Auditors

      • Security researchers/practitioners in general

    How to create a free account?

    The steps for creating a free account are straightforward:

    1. Visit https://kb.prio-n.com
    2. Click the Sign Up button.
    3. Choose whether you want to access it through:
        • Username/Password.

        • Google.

        • LinkedIn.

       

      Keep an eye on your Inbox for an email address verification message.


      🎉🚀 Congratulations, you are ready to access the PRIOn KB platform. 🚀🎉

      How does PRIOn KB work?

      A recurring process takes place where the PRIOn KB engine consumes CVE data from the following CVE databases:

         

         

        Actions, such as transformations/aggregations, on the two lists are applied. The PRIOn KB engine generates and consumes a unique list with all the necessary data. The enrichment phase of a CVE contains the following information:

         

        Contextualized Intelligence: the PRIOn KB engine starts collecting information from a dozen of third party external sources. At the time of writing, the following data are collected:

            • If a public exploit or a Proof of Concept (PoC) exists

            • If an exploit exists in various exploitation frameworks/packs

            • If the vulnerability has been exploited in the wild. Information is provided by the CISA, the Known Exploited Vulnerability (KEV) catalog

            • News & Media Trends about a vulnerability

            • If a weaponized analysis indicators (sandbox information) exists 

            • Public Cyber Threat Intelligence Reports

           

          Predictive Models: Link a CVE description with cyber security frameworks by using deep learning techniques. At the moment, the following frameworks are supported (more are coming):

              • MITRE ATT&CK® 

              • Common Attack Pattern Enumerations and Classifications (CAPEC™)

              • OWASP® TOP Ten

              • DISA Security Technical Implementation Guides (STIGs) by DoD Cyber Exchange

             

            In addition, we extract the  vulnerability type by using deep learning techniques, e.g. “Remote Code Execution”, “SQL Injection”, “Elevation of Privileges”, “Denial of Service” etc.

            PRIOn KB scoring engine analyzes all the above high level features and generates a score. Finally, raw data are visible under the tab “Intelligence” and “Threat Reports” for further analysis.

            PRIOn Knowledge Base Score

            At the time of writing, PRIOn KB generates a score by using the following high-level features characteristics:

                • Exploitability metrics:
                      • Public exploits (Proof of Concepts etc.) available

                      • Exploits exist in various exploitation frameworks/packs

                      • CVE exploited in the wild

                  • Predictive models on the CVE description so scoring engine will be able to:
                        • Link a CVE with multiple cyber security frameworks including MITRE ATT&CK, OWASP, CAPEC etc.

                        • Generate a Vulnerability Type for a CVE under examination, such as Remote Code Execution, Denial of Service, Arbitrary File Upload etc.

                    • Public Cyber Threat Intelligence Information analysis, including threat actors, motivation, origin/victim countries, sectors, tools, TTPs etc.

                    • News & Media Trends

                    • Common Vulnerability Scoring System (CVSS)

                   

                  All of the above high level features generate a quantifiable risk score. The generated score is between 50-100. The PRIOn Scoring engine generates the following data:

                  Score
                  Label
                  Recommended Remediation Timeframe Action*
                  50-60
                  Backlog
                  Within 6 months
                  61-70
                  Should be Patched
                  Within 1 month
                  71-84
                  Must be Patched
                  Within 1 week
                  85-100
                  Patch Immediately
                  Within 1-2 days

                  How to search on PRIOn KB

                  End users can search the PRIOn KB using the following accepted strings:

                      • CVE ID syntax [CVE prefix + Year + Arbitrary Digits].

                      • Using the following keywords:
                            • “desc:<keyword>”

                            • “affects:<keyword>”

                       

                      Examples:

                          • CVE-2021-44228

                          • desc: microsoft

                          • affects: windows

                         

                        Furthermore. you can browse all the disclosed vulnerabilities by year here.

                        Do you support Machine Readable Format (API)?

                        PRIOn KB supports REST API. For more information please check the Introducing PRIOn Knowledge Base (KB) REST API article on how to use it.

                        In the following images, we depict what an end user sees when a CVE is enriched and analyzed. For this use case the CVE-2019-19781 has been chosen.

                        CVE Overview

                         

                        Intelligence Tab

                         

                        Threat Reports Information

                         

                        
                        Happy vulnerability triaging!!!

                        © 2022-2023 PRIOn