PRIOn Knowledge Base (PRIOn KB) is an online SaaS platform that enables the triaging of publicly disclosed vulnerabilities from the Common Vulnerability Exposure (CVE) program. The main purpose of the PRIOn KB platform is to assist users to analyze and prioritize vulnerabilities, without solely relying on Common Vulnerability Scoring System (CVSS) exploitability metrics.
What are the benefits of PRIOn
|
|
|
|---|---|
|
Fast, Comprehensive and Easy Vulnerability Triaging
|
Automates the enrichment and the analysis of CVEs. The triage phase makes the examination of a vulnerability fast, comprehensive and easy. It reduces human workload, it saves money and it provides comprehensive information about a vulnerability itself.
|
|
Automated Vulnerability Prioritization
|
Automates the prioritization of the identified vulnerabilities. It provides an actionable quantifiable risk score for each vulnerability. Internal teams will be able to develop a proper remediation plan on focusing into which vulnerabilities must be fixed first.
|
|
Third Party Contextualized Intelligence
|
Collects contextualized intelligence information from a dozen of external sources. Engine collects artifacts such as exploitability, vulnerabilities exploited in the wild, media & news trends and threat actors activity. Internal teams will be able to determine which vulnerability poses the most significant threat.
|
|
Cyber Security Frameworks Predictive Modeling
|
Gains further insights by linking a CVE description with various cyber security classification taxonomy frameworks, including MITRE ATT&CK (Impact), CAPEC (Attack Pattern), CWE (Weakness), OWASP TOP Ten (Impact) and DISA STIGs (Technical Guide) respectively. The PRIOn engine used a predictive technology (deep learning techniques) with a confirmed 96% accuracy rate.
|
|
Vulnerability Type Predictive Modeling
|
A vulnerability type is determined so teams can know the type of the vulnerability, e.g. remote code execution, denial of service etc, without needing to go through the entire CVE description. Again, the PRIOn engine uses a predictive technology (deep learning techniques) with a confirmed 82% accuracy rate.
|
|
Machine Readable Format
|
Supports REST API, which exposes a number of endpoints providing access, programmatically, to PRIOn crunched data. Teams are able to consume those data and integrate them with their existing internal cyber security tools such as SIEM, SOAR etc.
|
Who uses PRIOn KB?
The most common users of PRIOn KB are from the Computer & Network Security Industry. We have seen interest, primarily, by the following user personas:
-
- (IT) Security Engineers/Managers
-
- System Administrators
-
- (Chief) Information Security Officers
-
- Cyber Security Consultants
-
- Cyber Security Analysts/Experts
-
- Threat Detection Engineers
-
- Cyber Defense Specialists
-
- Penetration Testers/Red team members
-
- Offensive Security Managers
-
- Information System Auditors
-
- Security researchers/practitioners in general
How to create a free account?
The steps for creating a free account are straightforward:
- Visit https://kb.prio-n.com
- Click the Sign Up button.
- Choose whether you want to access it through:
-
- Username/Password.
-
- Google.
-
- LinkedIn.
Keep an eye on your Inbox for an email address verification message.
Congratulations, you are ready to access the PRIOn KB platform.
How does PRIOn KB work?
A recurring process takes place where the PRIOn KB engine consumes CVE data from the following CVE databases:
Actions, such as transformations/aggregations, on the two lists are applied. The PRIOn KB engine generates and consumes a unique list with all the necessary data. The enrichment phase of a CVE contains the following information:
Contextualized Intelligence: the PRIOn KB engine starts collecting information from a dozen of third party external sources. At the time of writing, the following data are collected:
-
- If a public exploit or a Proof of Concept (PoC) exists
-
- If an exploit exists in various exploitation frameworks/packs
-
- If the vulnerability has been exploited in the wild. Information is provided by the CISA, the Known Exploited Vulnerability (KEV) catalog
-
- News & Media Trends about a vulnerability
-
- If a weaponized analysis indicators (sandbox information) exists
-
- Public Cyber Threat Intelligence Reports
Predictive Models: Link a CVE description with cyber security frameworks by using deep learning techniques. At the moment, the following frameworks are supported (more are coming):
-
- MITRE ATT&CK®
-
- Common Attack Pattern Enumerations and Classifications (CAPEC™)
-
- OWASP® TOP Ten
-
- DISA Security Technical Implementation Guides (STIGs) by DoD Cyber Exchange
In addition, we extract the vulnerability type by using deep learning techniques, e.g. “Remote Code Execution”, “SQL Injection”, “Elevation of Privileges”, “Denial of Service” etc.
PRIOn KB scoring engine analyzes all the above high level features and generates a score. Finally, raw data are visible under the tab “Intelligence” and “Threat Reports” for further analysis.
PRIOn Knowledge Base Score
At the time of writing, PRIOn KB generates a score by using the following high-level features characteristics:
-
- Exploitability metrics:
-
- Public exploits (Proof of Concepts etc.) available
-
- Exploits exist in various exploitation frameworks/packs
-
- CVE exploited in the wild
-
- Exploitability metrics:
-
- Predictive models on the CVE description so scoring engine will be able to:
-
- Link a CVE with multiple cyber security frameworks including MITRE ATT&CK, OWASP, CAPEC etc.
-
- Generate a Vulnerability Type for a CVE under examination, such as Remote Code Execution, Denial of Service, Arbitrary File Upload etc.
-
- Predictive models on the CVE description so scoring engine will be able to:
-
- Public Cyber Threat Intelligence Information analysis, including threat actors, motivation, origin/victim countries, sectors, tools, TTPs etc.
-
- News & Media Trends
-
- Common Vulnerability Scoring System (CVSS)
All of the above high level features generate a quantifiable risk score. The generated score is between 50-100. The PRIOn Scoring engine generates the following data:
|
Score
|
Label
|
Recommended Remediation Timeframe Action*
|
|---|---|---|
|
50-60
|
Backlog
|
Within 6 months
|
|
61-70
|
Should be Patched
|
Within 1 month
|
|
71-84
|
Must be Patched
|
Within 1 week
|
|
85-100
|
Patch Immediately
|
Within 1-2 days
|
How to search on PRIOn KB
End users can search the PRIOn KB using the following accepted strings:
-
- CVE ID syntax [CVE prefix + Year + Arbitrary Digits].
-
- Using the following keywords:
-
- “desc:<keyword>”
-
- “affects:<keyword>”
-
- Using the following keywords:
Examples:
-
- CVE-2021-44228
-
- desc: microsoft
-
- affects: windows
Furthermore. you can browse all the disclosed vulnerabilities by year here.
Do you support Machine Readable Format (API)?
PRIOn KB supports REST API. For more information please check the Introducing PRIOn Knowledge Base (KB) REST API article on how to use it.
In the following images, we depict what an end user sees when a CVE is enriched and analyzed. For this use case the CVE-2019-19781 has been chosen.
CVE Overview
Intelligence Tab
Threat Reports Information
Happy vulnerability triaging!!!