VulnCheck Canary Intelligence deploys actual vulnerable systems across the Internet, capturing real-world attacker behaviors and exploitation techniques in the wild. The data reveals which vulnerabilities are being targeted, how they’re being exploited, and by whom. Providing defenders with early and actionable intelligence.
VulnCheck Initial Access Intelligence develops vulnerable systems for customers to test exploitation and scanning against. As per our, coverage strategy, the systems are vulnerable to issues that are already being exploited in the wild, or likely to be exploited in the wild in the near future.
VulnCheck deploys intentionally vulnerable canary systems across the internet. To an attacker, the canary looks like a real vulnerable system because it is a real vulnerable system. The attacker scans and probes it to determine if it's a real system, and it is. So they attack.
VulnCheck developed Suricata and YARA rules, as part of the Initial Access Intelligence package, that automatically validate attacker exploitation, generate events for customer consumption, and trigger resets for compromised canaries.
VulnCheck Canaries data provides deep insight into vulnerability exploitation attempts, including the detection signatures used, the attackers involved, their locations, the targets location, and the specific methods and payloads used to exploit the vulnerable host.
| VulnCheck Index | Details | Product |
|---|---|---|
| vulncheck-canaries | Direct evidence of real-world exploitation attempts observed by VulnCheck’s own global network of canaries. Each event links attacks back to specific CVEs, exploit signatures, and source IPs, giving defenders high-confidence intelligence that a vulnerability is actively being targeted in the wild. | Canary Intelligence |
| vulncheck-canaries-#d (3d, 10d, 30d, 90d) | Detected Attacks by VulnCheck Canaries in the last # of days sourced from vulncheck-canaries. | Canary Intelligence |
| ipintel-#d (3d, 10d, 30d, 90d) | Addition of the source IP addresses of detected attacks | IP Intelligence |
| vulncheck-nvd2 | Addition of triggered detections as known exploited with daily references & canary markers | Exploit & Vulnerability Intelligence |
| exploits | Addition of triggered detections as known exploited with daily references & canary markers | Exploit & Vulnerability Intelligence |
| vulncheck-kev | Addition of triggered detections as known exploited with daily references & canary markers | VulnCheck Community |