Skip to main content

Brinqa Risk Intelligence

This article details the Brinqa Risk Intelligence integration, how the Brinqa Platform ingests, consolidates, and prioritizes Common Vulnerabilities and Exposures (CVE) records, and the enhanced capabilities provided by Brinqa Risk Intelligence. It highlights the processes and benefits of utilizing Brinqa's capabilities for advanced cybersecurity threat intelligence.

What is Brinqa Risk Intelligence?

Risk Intelligence refers to the organized and refined information of potential or current attacks that can threaten the safety of your organization and assets. It involves gathering data from various sources to identify, categorize, and manage these potential threats. This intelligence is pivotal in proactively detecting and mitigating your organization's risks.

Brinqa Risk Intelligence builds on this foundation by providing a custom risk intelligence integration built directly into the Brinqa Platform. This integration enhances the platform's existing risk intelligence capabilities by incorporating advanced data from various sources, aiming to provide better context and reliability of risk intelligence and vulnerability data coming into the Brinqa Platform.

Why Brinqa Risk Intelligence?

Organizations are facing a steady increase in risks. While the Cybersecurity & Infrastructure Security Agency (CISA) Known Exploited Vulnerability Catalog (KEV) has been beneficial in providing a public data store of high-priority threats, additional risk intelligence context is needed to make the data actionable and useful for organizations. Additionally, publicly available sources such as the National Vulnerability Database (NVD) maintained by the National Institute of Standards (NIST) have faced technical issues, such as API downtime, reliability issues, and latency in updates, creating a gap that Brinqa Risk Intelligence aims to bridge.

The Brinqa Risk Intelligence integration offers the following benefits:

  • Threat group attribution: Identifying vulnerabilities used by specific threat groups aids in targeted remediation.

  • Exploit tool identification: Recognizing threats with available exploit tools helps prioritize critical vulnerabilities.

  • MITRE ATT&CK techniques: Retrieving MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) techniques improves detection and remediation strategies.

Brinqa Risk Intelligence sources

The Brinqa Risk Intelligence integration retrieves data from VulnCheck to provide actionable and contextual vulnerability data:

  • Vulncheck Exploit & Vulnerability Intelligence: Provides comprehensive information on vulnerability exploitation, including monitoring of Git repositories for new exploit proofs of concept (PoCs), caching of exploit PoCs, classification of exploit maturity and type, and evidence of exploitation in the wild.

  • VulnCheck KEV: An alternative to the CISA Known Exploited Vulnerabilities catalog, the largest index of exploited vulnerabilities and alerting customers before they are added to the CISA KEV catalog. This offers a more comprehensive library of known vulnerabilities.

  • NVD++: The NIST NVD is a vulnerability database maintained by the National Institute of Standards. The NVD API has been known to be unreliable for many users. As a result, NVD++ offers a more dependable solution by integrating the NVD 2.0 API with the older 1.0 API. It also provides downloadable JSON backup files, making it a single, cohesive resource.

    info

    For additional information, please see the following VulnCheck resources:

You can view these details by navigating to any CVE record:

  1. Navigate to Findings > Knowledge Base > CVEs.

    • You can also navigate to Findings > Finding Definitions > All finding definitions, click Details for a given record, and then click the CVEs tab (if there is a CVE record associated with the finding).

  2. Point the cursor over a CVE record in the list view and click Details.

  3. Click the Risk Intelligence tab.

The Risk Intelligence tab contains comprehensive information on various risk intelligence data points, including:

  • CISA: CISA vulnerability name, CISA required action, CISA added date, and CISA due date.

  • EPSS: EPSS score, EPSS percentile, and EPSS last modified date.

  • Exploit maturity: Information about the exploit maturity, including whether the exploit is reported, public, commercial, or weaponized.

  • Threat actors and Ransomware campaigns: Details on whether the vulnerability is used by threat actors, botnets, ransomware, and any known active ransomware campaigns, including the first and last reported threat actors.

Brinqa Risk Intelligence risk factors

In addition to the risk intelligence information available on CVEs, Brinqa Risk Intelligence introduces several new risk factors to leverage the detailed threat intelligence data provided by the integration. These include factors such as exploitability rating, threat actor affiliation, and more, providing comprehensive risk intelligence to help you and your organization prioritize your risks effectively.

The Brinqa Risk Intelligence risk factors are turned off initially to avoid undesirable risk score changes. You can opt-in after you've verified that the new risk factors are beneficial to you and your organization.

For additional information, see Brinqa Risk Intelligence risk factors.

Brinqa Risk Intelligence data models

To further enhance your organization's risk intelligence management capabilities, the Brinqa Risk Intelligence integration introduces several new data models. These data models provide more detailed and actionable insights into various aspects of cyber threats, helping you to better prioritize and mitigate risks. The new data models are:

  • Attack pattern: Patterns of attack employed by adversaries to exploit known weaknesses in cyber-enabled capabilities.

  • Attack technique: Methods and tactics utilized by adversaries in various stages of cyber attacks.

  • EOL advisory: Announcements or updates to a product's EOL (end of life).

You can view these details by navigating to Findings > Knowledge Base and selecting any of the items under Knowledge Base.

Brinqa Risk Intelligence connector

Connectors in the Brinqa Platform are Java applications that connect to a data source and retrieve data. In particular, the Brinqa Risk Intelligence connector retrieves and integrates risk intelligence data by connecting to a Brinqa Risk Intelligence server, which is a centralized repository of updated vulnerability and risk intelligence information. This integration acts as a bridge between your Brinqa Platform and the Brinqa Risk Intelligence server, ensuring that your Brinqa Platform is consistently receiving comprehensive and up-to-date risk intelligence data.

The Brinqa Risk Intelligence connector is enabled by default. Most of the connection settings, such as the Connect URL, Username, Password, API Key, API Key Header, and Namespace, are pre-configured by the Brinqa team. Any changes made to these fields are overwritten by the settings in the configuration file managed by the Brinqa team. However, you can modify the following parameters to tailor the integration to your specific needs:

  • Page size: The maximum number of records to get per API request. The default setting is 1000. It is not recommended to go over 1000.

  • Skip certificate verification: Select this option to allow for untrusted certificates.

  • Read timeout: The number of seconds the integration waits to return data before timing out and reporting a failure. The default setting is 60 seconds.