Blog

The Vulmatch blog

• 

  Using STIX Objects to Make Vulnerability Prioritisation Easy (and Free)

  TUTORIAL September 02, 2024

  Follow along as I show you how to store 200,000 CVEs as STIX objects, then use CVSS, EPSS, CISA KEV and CPE data to search and filter them.
• 

  Writing Detection Rules to Identify if Products in my Stack are Vulnerable

  TUTORIAL August 12, 2024

  Developing on last weeks post, I show you how to construct STIX Patterns to automatically flag which products are affected by published CVEs.
• 

  How Known Affected Software Configorations on the CVE Website are Constructed

  TUTORIAL August 05, 2024

  I wanted to write detection rules to identify what products are vulnerable to a CVE. In this post I walk you through my research.