Meaning of CVE tag in Immediate Threats

Question

What is the meaning of the CVE tag in Immediate Threats? For example, for "Suspected Exploitation of Apache ActiveMQ CVE-2023-46604", there is a threat, but it only checks the WebGateway and EDR with the IoCs included in the research, not checking the security controls that are in place to detect exploitation of the vulnerability.

icon

Best answer by moshe_elias 13 November 2023, 08:08

View original

moshe_elias · Accepted Answer

Hi the CVE tag has benefits in security control validation and patch prioritization, if the CVE exists in your environment:

It answers the question do my security controls block malware in a specific Immediate threat that exploit the CVE.
In the ATTACK BASED VULNERABILITY MANAGEMENT dashboard you can see the immediate threats and advanced scenarios related to the CVE for further visibility on the level of your org protection from it being exploited.

But malware are only dropped. I don’t test if my security controls blocks malware that expolit that CVE but i test if my security controls block that specific sample of a malware that exploits the CVE.

l_lafortezza · Answer

Hi the CVE tag has benefits in security control validation and patch prioritization, if the CVE exists in your environment:

It answers the question do my security controls block malware in a specific Immediate threat that exploit the CVE.
In the ATTACK BASED VULNERABILITY MANAGEMENT dashboard you can see the immediate threats and advanced scenarios related to the CVE for further visibility on the level of your org protection from it being exploited.

But malware are only dropped. I don’t test if my security controls blocks malware that expolit that CVE but i test if my security controls block that specific sample of a malware that exploits the CVE.

Meaning of CVE tag in Immediate Threats

2 replies

Reply

Reply

Sign up

Login

Login to the community

Login

Scanning file for viruses.

This file cannot be downloaded