HomeGuidesAPI ReferenceChangelog
Log In
Guides

DHS-CISA CLI

This CLI is provided to ingest alerts and Known Exploitable Vulnerabilities (KEV) from Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS-CISA). The RegScale CLI tool will convert this public data feed into threats for use within the RegScale platform. It is commonly used to support Threat-Hunting and Threat-Based Risk Modeling for RegScale customers.

Init.yaml Configuration

There are two optional variables that will configure the CISA integration. These variables shouldn't be changed, unless DHS-CISA updates the site with different URLs:

  • cisaAlerts - URL of cisa alerts page
  • cisaKev - URL of the cisa KEV page

DHS-CISA Integration Workflow

DHS-CISA alerts and vulnerabilities can be easily ingested with the CLI tool. Below are some example commands:

  • regscale cisa ingest_cisa_kev - The CLI will insert new vulnerabilities as RegScale threats, if the same threat already exists, it will be updated.
  • regscale cisa ingest_cisa_alerts --year 2022 - The CLI will insert or update existing RegScale threats with all the published alerts from the year specified.