Threat Intelligence

Overview

The Praetorian Guard Platform (PGP) Threat Intelligence feature provides real-time insights into vulnerabilities and threats affecting your organization's attack surface. his capability aggregates data from multiple authoritative sources — including CISA KEV, NVD, EPSS, and MITRE ATT&CK — to deliver actionable intelligence about emerging threats, vulnerabilities, and exploit activities.

Main Features

Vulnerability Search and Discovery

Search for specific CVEs using the search bar
View comprehensive vulnerability details including:
- Vulnerability description
- Published and last-modified dates (from NVD)
- CVE identifier
- Associated threat actors, botnets, and ransomware families
- MITRE ATT&CK techniques and CWE weaknesses

Intelligence Categories

The threat intelligence drawer is organized into three tabs:

1. Overview Tab

Vulnerability Description: Detailed explanation of the vulnerability
EPSS (Exploit Prediction Scoring System):
- Score indicating likelihood of exploitation (0–1)
- Percentile showing relative risk compared to other vulnerabilities
- Visual indicators for risk tiers (see Understanding Risk Metrics below)
CVSS (Common Vulnerability Scoring System):
Support for CVSS 2.0, 3.0, 3.1, and 4.0
Metric group display depends on the CVSS version (see below)
Detailed breakdown of scoring components and vector strings
Visual representation of severity levels

2. Exploitation Timeline Tab

Exploit Timeline: A horizontal visual timeline with colored event markers showing a chronological view of key events.

Tracked events include:

CISA KEV: date added, due date
VulnCheck KEV: date added, due date
Exploits: first exploit published, first weaponized exploit, most recent exploit published
Botnets: first reported botnet, most recent reported botnet
Ransomware: first reported ransomware, most recent reported ransomware
Threat Actors: first reported threat actor, most recent reported threat actor
NVD: published date, last modified date

Exploitation Statistics:

Number of known exploits
Count of associated threat actors
Count of botnet families
Count of ransomware families

3. MITRE Tab

Threat Actors: Associated threat actor groups linked to the vulnerability

ATT&CK Framework Integration:
- Associated MITRE ATT&CK techniques with technique IDs and descriptions
- Links open the official MITRE documentation in a new tab
CWE (Common Weakness Enumeration):
- Associated weakness categories and descriptions
- Source attribution and external references (links open in a new tab)

Understanding Risk Metrics

EPSS Score Interpretation

EPSS scores range from 0 to 1, with higher scores indicating a greater likelihood of exploitation in the next 30 days.
The percentile ranking shows relative risk compared to all other vulnerabilities.
Chariot uses the following color-coded tiers:

Tier	EPSS Score Range	Color
Low	≤ 0.001	Blue
Medium	0.001 – 0.024	Yellow
High	0.024 – 0.099	Orange
Critical	0.099 – 0.884	Red
Severe	≥ 0.884	Dark Red

CVSS Score Interpretation

CVSS scores range from 0 to 10. Chariot displays metric groups based on the CVSS version:

CVSS Version	Metric Groups Shown
2.0	Base, Temporal
3.0	Base, Temporal
3.1	Base, Temporal
4.0	Base, Threat

Each vector string exposes details such as attack complexity, required privileges, user interaction, and impact measurements (confidentiality, integrity, availability).

Data Sources

Chariot's Threat Intelligence aggregates data from:

NVD (National Vulnerability Database) — CVE metadata, CVSS scoring
EPSS — Exploit Prediction Scoring System
CISA KEV — Known Exploited Vulnerabilities catalog
- VulnCheck KEV — Expanded KEV coverage
- MITRE ATT&CK — Adversary techniques
- MITRE CWE — Weakness taxonomy
- Threat actor, botnet, and ransomware family intelligence feeds

Getting Help

For assistance with PGP's threat intelligence features, contact support at support@praetorian.com.