The Security Knowledge Base (SKB) is a single repository that stores, correlates, and provides structured security information from external references in IT security. The SKB creates a knowledge graph that can map given assets to rapidly extract potential vulnerabilities and indicate solutions for mitigation. The SKB embeds all necessary knowledge in one place and keeps it updated from sources like MITRE, NVD, NIST, and CIRCL. It provides a web-based search engine and REST API for advanced use and integration into other software.

1. Security Knowledge Base (SKB)
Inria
01.02.2020
This project has received funding from the European Union’s
Horizon 2020 research and innovation programme under
grant agreement No 779899

2. Description
• SKB is a single repository to store, correlate and provided structured security
information from “standardized” external reference in IT security.
• SKB creates a knowledge graph which can be mapped to given assets in order to rapidly
extract potential vulnerabilities exposed in a system and potentially indicate solutions
for mitigation (depends on source of data)
2
https://scm.atosresearch.eu/SecureIoT/SecIoT-KnowledgeBase

3. No need to interface with multiple public databases, the SKB
embeds all necessary knowledge in one place and keep it updated!
3
External data sources
MITRE
NVD NIST
CIRCL
Knowledge graph
Automated ingestion
Admin
Dashboard
User dashboard:
web-based search
engine
REST API for
advanced use /
integration in
other software
and services

4. Run you own queries from mapping your assets to identify possible
mitigations
4
Get all vulnerabilities associated to a software or device using universal naming (CPE)
Get all vulnerabilities associated to a particular attack pattern
Get all infos from a weakness: from its consequences to potential mitigation solutions
Get all weaknesses associated to an attack patterns
Get all vulnerabilities of a product