This post has been de-listed
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
We have a vuln threat intel process where we take applicable CVE that are critical vulns or high vulns that has either has known exploitation or public POC and report them to the relevant team to get them patched.
I have been handed in a requirement to pass relevant vulns/CVEs to perform manual threat hunting. What kind of criteria should there be to prioritise which one should be done. E.g. If critical -> go straight to threat hunt. If actively exploited -> go straight to threat hunt. If high (and has public POC) and its RCE or ease exploitation -> go straight to threat hunt otherwise hold off for a bit.
Is there a better way to define these criteria?
Subreddit
Post Details
- Posted
- 9 months ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/AskNetsec/c...