Introduction

The vulnerability scanner is an event-driven module that processes operating system, hotfix and package Syscollector events looking for vulnerabilities relying on CTI data for detection.

The CVE information provided by CTI is the result of a processing pipeline that analyzes, parses and formats the information from multiple sources in a common JSON CVE5 schema.

The vulnerability scanner reads and processes the data creating local RocksDB databases with the CVE information that later will be correlated with the incoming events.

The vulnerabilities detected are represented in a JSON document format ready to be indexed.