CVE.ICU CVE Dashboard

The CVE.icu add-on provides a robust framework for bringing real-time vulnerability intelligence directly into Splunk. Unlike traditional collectors that rely on slow API crawling, this package utilizes an architecture that streams data from official GitHub release ZIP files, enabling the initial ingestion of over 300,000 records in minutes. Key Technical Features: Vulnerability Intelligence V5 Support: Fully supports the modern CVE JSON 5.x schema, including cveMetadata, CNA containers, and ADP enrichment data. Advanced Risk Prioritization: Goes beyond basic CVSS scores by integrating the Exploit Prediction Scoring System (EPSS) and CISA's Known Exploited Vulnerabilities (KEV) catalog to help security teams identify "patch-now" threats. Operational Excellence: Includes a resource-aware modular input with built-in memory management, execution timeouts, and smart checkpointing to ensure stable performance in Splunk Cloud environments. Secure Configuration: Implements a Splunk-native REST setup handler that utilizes encrypted storage for API tokens and includes automated cache-clearing to ensure a seamless user experience. Comprehensive Dashboards: Features multiple visualization options, ranging from real-time KPI panels and severity distribution charts to accelerated tstats-based views for instant analysis of historical trends.