RegScale Now Supports CISA Threat Feeds

August 28, 2022 | By J. Travis Howerton

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity — DHS CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild: the Known Exploited Vulnerability (KEV) catalog. CISA strongly recommends all organizations review and monitor the KEV catalog and prioritize remediation of the listed vulnerabilities to reduce the likelihood of compromise by known threat actors. In addition, CISA maintains an alert system that provides timely information about current security issues, vulnerabilities, and exploits.

At RegScale, we commonly work with customers who don’t know where to get started on threat-based risk modeling and are often challenged with limited resources. To help these customers improve their security posture, we have combined the free resources from the experts at DHS CISA with our RegScale Command Line Interface (CLI) to provide automated threat feeds in RegScale as they are published. These threat feeds represent the exploits that are being actively exploited in the wild or that may represent the highest risk to an organization’s security posture. When given limited resources, focusing on the DHS CISA threats in the KEV and alerts can help organizations prioritize their efforts based on risk. You no longer have to sift through volumes of threat feeds and alerts, the experts at CISA have already reviewed the data, prioritized it, and published a streamlined list of threats that can be mitigated to reduce the largest amount of risk.

So how does it work? Our Enterprise Edition (EE) customers can download and configure the CLI to periodically fetch the data from CISA and auto-load it into the RegScale Threat module. Each KEV in the catalog and each published alert is created in RegScale via automation with no manual data entry. From there, your risk analysts can determine if these threats apply in your environment, document the risk to the organization, and drive risk mitigation efforts to mitigate or eliminate the threat. Since DHS regularly publishes updates, the CLI can keep you up to date over time with the latest threats while eliminating the need to manually review and load into RegScale for further analysis.

Schedule a free demo today to learn how RegScale can support your threat-based risk modeling program. If you are ready to start automating your threat alert processes, this demo will also show how you can leverage RegScale to deliver continuous risk reduction. In addition to offering free tools, we have experienced risk professionals who can assist you in building robust threat-modeling programs that will help you protect your organization’s sensitve data. With RegScale, our customers get software with a service to provide a concierge like experience for reducing risk in your IT systems.

Ready to get started?

Choose the path that is right for you! 

Skip the line

My organization doesn’t have GRC tools yet and I am ready to start automating my compliance with continuous monitoring pipelines now. 


My organization already has legacy compliance software, but I want to automate many of the manual processes that feed it.