ENISA Known Exploited Vulnerabilities (KEV) Data Now Extracted into Normalized Format

A new extractor has been implemented to systematically pull data from the ENISA Known Exploited Vulnerabilities (KEV) catalog. This development moves critical European cybersecurity threat intelligence into a structured, machine-readable format, enabling more efficient analysis and integration into security tools. The extractor normalizes the advisory and vulnerability data, creating a dedicated pipeline for ENISA's EU-specific KEV entries.

The implementation specifically creates two content types: 'Advisory Content' to hold the EUVD ID and ENISA-specific KEV fields, and 'Vulnerability Content' to standardize the associated CVE ID, title, description, and CWE. A new 'KEV' field has been added to the advisory schema, and the extractor is registered under the command `enisa-kev`, following an established pattern used by other threat intelligence providers like VulnCheck. This structure places ENISA data under a dedicated `kev/enisa/` sub-type within the data pipeline.

This technical integration signifies a formalization of ENISA's role in the global vulnerability landscape, providing a consistent method for security teams to access and operationalize EU-focused exploit intelligence. By creating a normalized extractor, the data becomes directly comparable and combinable with KEV feeds from other agencies like CISA, enhancing cross-jurisdictional threat visibility and potentially speeding up patch deployment and defensive measures across European networks.