Skip to main content
CENEDRIL MANUAL
Open Cenedril
Security Operations & Threat Intel · Threat Register

Add threat intel and treat it as vulnerabilities

Updated on 3 min Pro plan Open in Cenedril

Goal Log a threat in the threat register, assess its relevance to the organization, link it to concrete vulnerabilities, and create a vulnerability instance from the vulnerability feed.

In Cenedril you handle threat intelligence in two places on the Security Operations page of the ISMS Assistant. On the Threat Register tab you log a threat manually, assess its relevance, and link it to the matching vulnerabilities. On the Vulnerability Feed tab you turn a current advisory into a vulnerability instance with one click. A threat report thus becomes a trackable vulnerability connected to your assets and risks.

Log a threat in the register

Open Security Operations

In the ISMS Assistant open the Security Operations page. Several tabs appear at the top, including Vulnerability Feed, Threat News, and Threat Register.

The Security Operations page with the “Vulnerability Feed”, “Threat News”, and “Threat Register” tabs.

Open the Threat Register

Switch to the Threat Register tab. The page shows a search bar, the option to show archived entries, and the table of logged threats with category, relevance, and the number of ATT&CK techniques.

Start a new threat

Click Add entry. The Log threat dialog opens with the sections Threat, Relevance & assessment, Link to risk assessment, ATT&CK mapping, and Review.

The “Log threat” dialog with title, elementary threat, intelligence layer, source, and discovery date.

Describe the threat

Enter a descriptive name under Title, for example an ongoing ransomware campaign. Pick the matching Elementary threat (category) using the search field. Optionally set the Intelligence layer, Source, a source link, and the discovery date.

Assess relevance

In the Relevance & assessment section, use Relevance to our organization to rate how important the threat is to you (High, Medium, Low, or Not relevant). Under Affected asset classes select the affected value classes, and use the Description & analysis field to capture how the threat concretely affects you.

Link to vulnerabilities

Once an elementary threat is selected, the Link to risk assessment section shows the matching vulnerabilities. Select the vulnerabilities exploitable by this threat. Vulnerabilities with an existing risk link appear at the top, so you can see which risks are already affected.

The vulnerabilities matching the selected threat, with those carrying an existing risk link listed first.

Set a review date and save

Under Review set the Next review and click Save. The entry then appears in the threat register table.

Result: the threat sits in the register with its relevance, is connected to the affected vulnerabilities and assets, and serves as input for response planning and the management review.

Turn a feed advisory into a vulnerability

Open the Vulnerability Feed

Switch to the Vulnerability Feed tab. The page shows current advisories from CERT-Bund (BSI), CISA KEV, and EPSS, with severity, affected assets, and filters for severity, KEV, and high EPSS scores.

Pick a relevant advisory

Search or filter for an advisory that affects your systems. Advisories that match your assets are highlighted. Use the eye icon to hide an advisory that is not relevant, or the pause icon to mark it as unclear.

Report it as a vulnerability

Click Report on the chosen advisory. Cenedril creates a vulnerability instance from the advisory and carries over the severity, CVSS score, the advisory as the source reference, and the affected assets.

Each advisory offers “Report” to create a vulnerability instance, plus the “Not relevant” and “Unclear” markers.

Result: the advisory becomes a vulnerability instance with a reference to its source. The advisory then shows a link to the created instance, which takes you straight to the vulnerability and its further handling.

Frequently asked questions

Where do I log my own threat?

In the ISMS Assistant open the Security Operations page and switch to the “Threat Register” tab. “Add entry” opens the “Log threat” form with the sections Threat, Relevance & assessment, Link to risk assessment, ATT&CK mapping, and Review.

What does the link to vulnerabilities do?

Once you pick an elementary threat, Cenedril shows the matching vulnerabilities. Select the vulnerabilities affected by the concrete threat. This connects the operational threat intelligence to the assistant's strategic risk assessment.

How does a feed advisory become a vulnerability?

On the “Vulnerability Feed” tab each advisory has a “Report” button. It creates a vulnerability instance from the advisory, carries over severity, CVSS score, and affected assets, and links back to the CERT-Bund advisory.

What happens to an advisory that does not affect us?

Use the eye icon to mark an advisory as not relevant and the pause icon to mark it as unclear. Items marked not relevant are hidden and can be shown again at any time via the hidden-items toggle.

Does a threat stay in the register forever?

A threat that has lost relevance can be archived in the edit dialog via “Archive”. It stays searchable but no longer appears in the default active view, and you can reactivate it later via “Restore”.

Security Operations & Threat Intel

Bedrohungen MITRE-ATT&CK-Techniken zuordnen

So ordnen Sie einer erfassten Bedrohung im Bedrohungsregister die passenden MITRE-ATT&CK-Techniken zu und verknüpfen so operative Threat Intelligence mit Ihrem ISMS.

Security Operations & Threat Intel

Schwachstellen aus einem Scanner importieren

So laden Sie in Cenedril den CSV-Export eines Schwachstellen-Scanners hoch, ordnen die Spalten zu und legen alle Funde in einem Schritt als Schwachstellen-Instanzen an.

Security Operations & Threat Intel

Sicherheitsvorfall behandeln

So melden Sie in Cenedril einen Informationssicherheitsvorfall, führen ihn durch die Incident-Response-Phasen und schließen ihn mit einer vollständigen Dokumentation ab.