Data Sources & Multi-Source Intelligence¶

SentriKat aggregates vulnerability data from 6+ authoritative sources across the US and Europe. This multi-source architecture eliminates single points of failure and ensures continuous vulnerability intelligence even when individual sources are unavailable.

Architecture Overview¶

                    ┌─────────────────────────────────────┐
                    │         SentriKat Service            │
                    │                                     │
  CVSS Enrichment:  │  NVD API 2.0                       │
                    │       │                             │
                    │       ├──miss?──► CVE.org +         │
                    │       │          Vulnrichment (ADP) │
                    │       │                             │
                    │       └──miss?──► ENISA EUVD (EU)   │
                    │                                     │
  Exploited Vulns:  │  CISA KEV ──────────────────────── │
                    │  ENISA EUVD Exploited ──────────── │
                    │                                     │
  Exploit Scores:   │  FIRST EPSS ────────────────────── │
                    │                                     │
  Vendor Patches:   │  OSV.dev ───────────────────────── │
                    │  Red Hat Security API ──────────── │
                    │  Microsoft MSRC ────────────────── │
                    │  Debian Security Tracker ────────  │
                    └─────────────────────────────────────┘

CVSS Fallback Chain¶

SentriKat fetches CVSS severity scores from three independent sources in priority order:

Priority	Source	What It Provides
Primary	NIST NVD API 2.0	Most complete CVSS enrichment source
Secondary	CVE.org + CISA Vulnrichment	CVSS scores embedded by CISA in ADP containers
Tertiary	ENISA EUVD	EU vulnerability database (NIS2-mandated)

Every CVSS score carries a cvss_source provenance tag (nvd, cve_org, or euvd) so you always know where the data came from.

Why Multi-Source Matters¶

NVD backlog crisis: As of 2025-2026, approximately 44% of CVEs added to NVD had no enrichment data (no CVSS, no CPE, no CWE)
NVD outages: The NVD API experiences regular downtime and rate limiting
Coverage gaps: Some CVEs receive CVSS scores from CISA Vulnrichment weeks before NVD processes them

Complete Data Source List¶

Source	What It Provides	License	Cost
CISA KEV	Exploited vulnerability catalog with remediation deadlines	CC0 (Public Domain)	Free
NIST NVD	CVSS scores, CPE product/version data	CVE Terms of Use	Free
CVE.org + Vulnrichment	CVE records with CISA-provided CVSS enrichment	CVE-TOU + CC0	Free
ENISA EUVD	European vulnerability database, exploited vulns	CC-BY-4.0	Free
FIRST EPSS	Exploit probability prediction scores	Free (attribution)	Free
OSV.dev	Open-source vulnerability advisories	CC-BY-4.0 / CC0	Free
Red Hat Security	RHEL/CentOS/Rocky fix status	Free API	Free
Microsoft MSRC	Windows/Office patch data (KB articles)	Free API	Free
Debian Tracker	Debian package fix status	Free	Free

All sources are free, legally cleared for commercial use, and require only attribution (provided in the application footer).

ENISA EUVD Integration¶

The ENISA European Vulnerability Database (EUVD) is the official NIS2-mandated vulnerability database for the EU, launched in 2025.

SentriKat integrates EUVD in two ways:

CVSS fallback: EUVD serves as the tertiary CVSS source when both NVD and CVE.org lack scores
Exploited vulnerabilities: EUVD maintains its own "exploited vulnerabilities" list (the European equivalent of CISA KEV), which SentriKat cross-references during every sync cycle

NIS2 Compliance¶

For organizations subject to NIS2, DORA, or the Cyber Resilience Act:

Vulnerability data sourced from European infrastructure, not just US government APIs
Cross-referencing of EUVD exploited vulnerabilities alongside CISA KEV
Data provenance tracking for audit trails
Self-hosted deployment keeps all data within your infrastructure

Data Source Health Monitoring¶

SentriKat monitors the health of all upstream data sources every 6 hours. The monitoring system detects:

Outages: When a source becomes unreachable or times out
API changes: When a source changes its response format (schema fingerprinting)
Version changes: When a source updates its API version
Rate limiting: When probes are being throttled
Deprecation notices: When a source announces upcoming changes via HTTP headers

Admin Alerts¶

When a data source change is detected, administrators are notified via email with details about:

Which source changed
What type of change occurred
The old and new values (status, version, schema fingerprint)
Recommended actions

Configure the alert recipient in your .env:

[email protected]

API Endpoints¶

Check data source health via the admin API:

# Get current status of all sources
GET /api/v1/admin/datasources/status
Authorization: Bearer <admin-api-key>

# Get health check history
GET /api/v1/admin/datasources/history?source=nvd&limit=50
Authorization: Bearer <admin-api-key>

# Trigger a manual probe
POST /api/v1/admin/datasources/probe?source=nvd
Authorization: Bearer <admin-api-key>

Background Sync Schedule¶

Task	Frequency	Description
CISA KEV Sync	Daily	Downloads full KEV catalog, matches against inventory
ENISA EUVD Sync	Daily	EU exploited vulnerabilities + CVSS fallback
Vendor Advisories	Daily	OSV.dev, Red Hat, Microsoft MSRC, Debian feeds
EPSS Scores	Daily	Exploit probability predictions from FIRST
NVD CPE Dictionary	Weekly	~50K vendor:product pairs for matching
Data Source Health	Every 6h	Probes all upstream APIs for changes
License Heartbeat	Every 6h	Validates license and receives config updates