As part of recent enhancements to the Cb Collective Defense Cloud, updated NVD and Cb Reputation Threat feeds will be published to all Cb Response customers on November 17. This announcement does not affect Cb Protection or Cb Defense customers.
The scope of the NVD feed covers Adobe Reader, Java, Flash, and Google Chrome for vulnerabilities since 2013 with CVSS scores of 7 or greater. This feed update provides significantly improved coverage for these applications.
Because Cb Response retroactively applies threat intelligence to process executions that have been previously recorded and binaries that have previously been seen, customers that have had these applications appear and run in their environment should expect to see more activity related to this feed. As such, as a best practice, we recommend that you do not enable alerts directly on this feed. Contextual information provided by this feed (enabled, but not alerting) can be useful in root cause analysis, kill chain inspection, etc. For customers that are interested in the implications of utilizing a watchlist with this feed, we will be posting a more involved discussion on the User eXchange soon.
Cb Reputation Threat
This updated feed will now provide Cb Reputation Threat scores for all executed hashes in your environment, so there may be more activity associated with this feed in your Cb Response environment. Additionally, this feed will provide different scores for suspected adware (50) vs malware (100) to allow for separating those alerting use cases via watchlists.
Opt-in Require for both feeds
Additionally, these feeds are now customer-specific, and require that Cb Response customers opt-in to sharing hashes with the Cb Collective Defense Cloud to receive content in either feed. If you do not opt-in to sharing hashes with the Collective Defense Cloud, these feeds will contain no reports. Opt-in settings are available in the Cb Response console via "Administration -> Sharing Settings"
All customers will receive these feeds on Nov 17, but if you are interested in getting early access to the feed, please reach out to