Analyzing Threat Models and Observables
This topic provides step-by-step process to investigate vulnerabilities and associated threat models through advanced filtering and select capabilities.
To search and analyze vulnerabilities using the Threat Model feature:
| 1. | Login to ThreatStream using valid credentials. |
| 2. | On the home page, on top right click Analyze > Threat Model. The Threat Model page appears. |
| 3. | In the left navigation, under Filter Options, check the box for Vulnerabilities. Details of the selected Vulnerabilities will be appeared on the right pane. |
| 4. | In the Search Threat Model search bar, search the query by: |
| • | Search by CVSS score between a value. |
| • | Search by CVSS score greater than a value. |
| • | Search by CVSS score less than a value. |
| • | Similar to above TI score - between, less, greater. |
| • | Search by CVE. |
| • | Search by KB Article. |
| • | Search by any string. |
Threat Model Search Queries Table:
|
Search Type |
Query Format |
|||||||||
|
Search by CVSS score between a value |
(model_type=vulnerability) and cvss3_score >= 5 and cvss3_score <= 8 |
|||||||||
|
Search by CVSS score greater than a value |
(model_type=vulnerability) and cvss3_score >= 8 |
|||||||||
|
Search by CVSS score less than a value |
(model_type=vulnerability) and cvss3_score <= 2 |
|||||||||
|
Similar to above TI score - between, less, greater |
(body = threat) AND ( body = score) AND (body = >50) AND (model_type = "vulnerability")
(body = threat) AND ( body = score) AND (body = <20) AND (model_type = "vulnerability")
(body = threat) AND ( body = score) AND (body = >50 ) AND (body = <70 ) AND (model_type = "vulnerability") |
|||||||||
|
Search by CVE |
CVE-2025-4948 |
|||||||||
|
Search by KB Article |
KB5006670 |
|||||||||
|
Search by any string |
SA119144 GNU C Library Multiple Vulnerabilities |
| 5. | Click on the desired listed vulnerability to open its detailed view. This provides information related to the selected vulnerability and associated Flexera Advisory. |
| 6. | To access more Details via SVR Application, Click the hyperlinked title within the detail view to open the SVR (Software Vulnerability Research) application for comprehensive data. |
| 7. | To see all associated observables (CVEs) linked to the selected Secunia advisory, click Association > Observables. |
