Vulmatch OpenCTI Integration

Use Vulmatch with OpenCTI to bring enriched vulnerability intelligence into a wider graph-based cyber threat intelligence workflow.

Overview

Vulmatch can support OpenCTI-centric workflows by providing vulnerability intelligence in a form that aligns with graph-based CTI operations. This is useful for teams that want vulnerability context to sit alongside other intelligence in OpenCTI rather than in a separate silo.

In practice, this is typically done with the dogesec-vulmatch external-import connector, which pulls vulnerability intelligence from Vulmatch Web into OpenCTI.

Why teams use it

Teams use this path when they want to:

• ingest vulnerability intelligence into a wider CTI graph
• connect CVEs to other intelligence entities and workflows
• give analysts a richer environment for relationship-driven investigation
• bring in enrichment beyond the standard NVD, KEV, and EPSS connectors alone

Example workflow

A team uses Vulmatch as an external source of vulnerability intelligence, then brings that data into OpenCTI for correlation, graph analysis, and broader intelligence operations. The connector imports vulnerability records together with CVSS, EPSS, CWE, ATT&CK, CAPEC, KEV, and vulnerable software associations exposed by Vulmatch.

The connector also supports two useful operating modes:

• ingest vulnerabilities related to products in the team’s Vulmatch SBOM
• ingest all matching vulnerabilities using filter thresholds such as EPSS or CVSS minimums

That makes the OpenCTI path useful both for broad vulnerability intelligence ingest and for product-focused monitoring driven by a team’s own software inventory.