Skip to content

Rapid Response Activity Cards

Rapid Response activity cards are found on the Activity tab. Each vulnerability tracked by the Horizon3 Rapid Response team gets its own activity card.

img01

The cards contain a wealth of information including:

  • The vulnerability title and CVE number
  • If the vulnerability is actively being assessed by the Horizon3 Rapid Response team, an 'In Progress' status tag will follow the title.
    • During its assessment, Horizon3 determines if the vulnerability is truly exploitable by analyzing publicly available proof of concepts, or reverse engineering the vulnerability to come up with a proof of concept.
    • Based on its assessment, Horizon3 will alert any clients found to be running exploitable assets on the Internet, and it will add the vulnerability to NodeZero for testing.
    • If Horizon3 deems a vulnerability to be of low attacker value, it will not add the vulnerability to NodeZero.
    • Once Horizon3's assessment is complete, the 'In Progress' status tag will disappear.
  • Additional tags may be present
    • CISA KEV: Displayed if the vulnerability is on the CISA Known Exploited Vulnerabilities list
    • Exploited in the Wild: Displayed if there are reports that the vulnerability has been exploited in the wild, prior to potentially making it to the CISA KEV list. This tag will not be shown if the vulnerability has been added to CISA KEV list.
    • Found Among Horizon3 Clients: Displayed if any Horizon3 clients were found to have a vulnerable application or device in their network.
    • Reversed by Horizon3: Displayed when Horizon3 reverse engineered the vulnerability to create a proof of concept.
    • Discovered by Horizon3: Displayed when the vulnerability was discovered by Horizon3 as a zero-day.
    • Original Research: Displayed when Horizon3 performed and published original analysis related to the vulnerability, outside of discovering the vulnerability or reversing it.
    • Top Exploited: Displayed when many Horizon3 clients have been found to have the vulnerable application or device.
  • A description of the vulnerability
  • Mitigations: a list of fix actions to remediate the vulnerability
  • Additional references
  • A timeline detailing the flow of events from vulnerability disclosure to inclusion in NodeZero. In many cases this includes the time the vulnerability was added to the CISA KEV list.
  • A button 'Test Now' to run a Rapid Response Test for the vulnerability, if a Rapid Response Test is available. In some cases, even if a Rapid Response Test is not available, it will still be possible to test for the vulnerability within an Internal or External pentest.