Automated creation of zero day vulnerability
A zero day vulnerability scenario demonstrates how TISC detects and manages vulnerabilities that have not yet received CVE assignments.
Role required: sn_sec_tisc.admin
This feature enables automatic detection and processing of zero day vulnerabilities through configurable tagging rules. For more information, see Configure Tagging Rules in TISC.
Prerequisite:
Verify that the RSS Feeds with Zero Day mentions tagging rule is enabled. This ensures automatic association of the RSS Feeds with the Vulnerability Intelligence: ZERODAY taxonomy.
Zero Day Vulnerability Processing - Vulnerability Source Record Creation
Zero Day Vulnerability Processing - Vulnerability Source Record Creation.
- an RSS feed record is associated with a specific Zero Day taxonomy value.
- an RSS feed which is associated with the zero day taxonomy is updated and contains new entities such as CWE IDs, CVE IDs, CPEs, or Product IDs.
Record identification: Each Vulnerability Source record is uniquely identified using the RSS feed GUID, ensuring traceability to the original source.
The processing layer creates a zero day vulnerability record for the corresponding vulnerability source record, only when the vulnerability record doesn’t exists.
| Field | Description |
|---|---|
| Name | Combination of RSS feed GUID and timestamp. |
| Description | Indicates the record is created from the RSS feed, including the GUID reference. |
| Zero day flag | Set to True. |
| CVE ID | Populated when exactly one CVE is identified. |
| Additional Context | Includes extracted CVE IDs and Product IDs. |
- CVE IDs (vulnerabilities)
- CWE IDs (weaknesses)
- CPEs and Product IDs (affected products)
For more information about the extraction and correlation mechanism, see KB2936701 article.