Vulmatch Logo

What is Vulmatch?

Vulmatch is a vulnerability intelligence product that helps teams search CVEs, understand exploitability, map affected software, and move vulnerability data into downstream security workflows.

What is Vulmatch?

Overview

Vulmatch is a vulnerability intelligence product focused on helping security teams understand what a vulnerability is, what software it affects, how it is being exploited, and how that information can be operationalised across security workflows.

It is best understood as a searchable vulnerability intelligence layer. Vulmatch brings together CVE data and related enrichment, then makes that information available through the web application, APIs, and STIX-based exports. It is not a scanner, endpoint agent, or patch deployment tool.

Who it is for

Vulmatch is built for teams that need to work with vulnerability data as intelligence, including:

  • vulnerability management teams
  • threat intelligence teams
  • detection and engineering teams
  • security operations teams
  • security researchers and developers building vulnerability-aware workflows

What problem it solves

Most teams can find a CVE. The harder problem is understanding whether it matters, what products are affected, whether exploitation is active or likely, and how to move that context into the tools that guide response.

Vulmatch helps solve that by enriching vulnerability records with context such as CVSS, EPSS, affected software relationships, exploit and attacker tradecraft context, and STIX-ready outputs that support downstream analysis.

In the web application, that often means a team can review a vulnerability together with known exploited vulnerability context, product associations, common weaknesses, ATT&CK techniques, CAPEC mappings, and software relationships without rebuilding that picture manually.

What you can do with Vulmatch

With Vulmatch, teams can:

  • search and filter CVEs using multiple enrichment dimensions
  • investigate affected software using CPE-linked product data
  • review exploitability and prioritisation context
  • review known exploited vulnerability status and exploit-linked context
  • inspect CWE and CAPEC-related vulnerability enrichment
  • map vulnerability data into STIX bundles for sharing and graph analysis
  • support SBOM-driven monitoring for products they care about
  • push vulnerability intelligence into APIs, TAXII consumers, and connected tools such as OpenCTI

How it works

At a high level, Vulmatch stores vulnerability information in STIX 2.1 format and exposes that data through a REST API and other integration surfaces.

That structure makes it easier to query vulnerabilities as linked intelligence rather than as isolated records. Instead of stopping at a CVE identifier, analysts can follow relationships between vulnerabilities, products, scores, exploit context, and downstream security content.

For example, Vulmatch can represent a CVE together with vulnerable software associations, ATT&CK and CAPEC mappings, EPSS history, KEV-linked reporting, and other linked entities that are useful in graph-style investigation and downstream automation.

Standards and integration paths

Vulmatch supports workflows that rely on structured, portable data. Key interoperability paths include:

  • STIX 2.1 data structures and exports
  • REST API access for custom integrations
  • TAXII API access for security tooling that consumes collections
  • OpenCTI integration paths for graph-based intelligence operations

Related Links