Problem
CVE findings are reported without context about active exploitation. No integration with live threat feeds to prioritize critical findings.
Implementation Steps
- Create `src/tengu/intelligence/kev.py`:
- Create `src/tengu/intelligence/greynoise.py`:
- GreyNoise Community API client
- `get_ip_context(ip: str) -> dict` — returns noise/riot classification
- Register new resources in `server.py`:
- `intel://cisa-kev` — Full KEV catalog
- `intel://greynoise/{ip}` — IP context
- Enrich `correlate_findings` to flag CVEs with active exploitation from KEV
Files to Modify
- New: `src/tengu/intelligence/init.py`, `kev.py`, `greynoise.py`
- `src/tengu/server.py` — Register new resources
- `src/tengu/tools/analysis/correlate.py` — Add KEV enrichment
Dependencies
None (standalone)
Problem
CVE findings are reported without context about active exploitation. No integration with live threat feeds to prioritize critical findings.
Implementation Steps
Files to Modify
Dependencies
None (standalone)