Zero-day vulnerability tracking

  • Release version: Zurich
  • Updated July 31, 2025
  • 1 minute to read

    • Learn how to analyze RSS Feeds coming into the system.

    Before you begin

    Role required:
    • System Administrator (view, create or edit)
    • sn_sec_tisc.admin (view)

    About this task

    Whenever a new RSS Feed is created into the system, and it has a mention of ‘Zero Day’ in either title or description.

    Procedure

    1. Navigate to All > Threat Intelligence Security Center > Administration.
    2. Select Automated Flows.
    3. Select Zero-day vulnerability tracking link to view the respective rule details in the flow designer.
    4. View the flow designer action for the following trigger: 
      RSS Feed Created where (Title contains zero day, or Description contains zero day, or Title contains zero_day, or Description contains zero_day, or Title contains zero-day, or Description contains zero-day)
    5. If the observable is an IPv4 or IPv6 address and it falls within an allowed CIDR range, then:
      1. Create a case for TISC Team, along with a remediation task for VR Team.
      2. Notify the concerned TISC Teams and VR Teams.