DAILY BRIEF · PODCAST
Today's brief is being prepared — episodes publish daily around 04:10 UTC.
CH_INT · Integrations

Your feed, inside your stack.

CS::Chronicles curates CVEs, KEV, ransomware activity, and regulatory enforcement into clean, tagged streams. Pipe them into your SIEM, TIP, SOAR, or Slack — no signup, no token, no dashboard to babysit.

RSS / Atom / JSON Feed

Drop the URL into any RSS reader, Slack RSS app, feedly, Zapier, n8n, Tines.

STIX 2.1 over TAXII 2.1

Consumed natively by MISP, OpenCTI, Anomali, ThreatQuotient, EclecticIQ.

MISP Feed

Add as a MISP feed in one URL. Auto-pulled on your MISP instance schedule.

Public feeds

CISA KEV Mirror

/kev

Known Exploited Vulnerabilities, enriched with sector/region tags.

Critical CVEs

/critical-cves

CVSS ≥ 8.0 published in the last 7 days.

Curated Threat Signals

/signals

Editor-curated cyber news, deduplicated and severity-tagged.

Ransomware Leak Activity

/ransomware-leaks

Ransomware group leak-site posts and extortion incidents.

Regulatory Enforcement

/enforcement

GRC fines, enforcement actions, and regulatory announcements.

Firehose

/all

Everything, one stream.

Quickstart recipes

Add to MISP (60 seconds)

  1. MISP → Sync Actions → List Feeds → Add Feed.
  2. Source Format: MISP Feed
  3. URL:
  4. Enable, then Fetch and store all feed data.

Add to OpenCTI / Anomali via TAXII 2.1

  1. Add a TAXII 2.1 collector.
  2. Discovery URL:
  3. No authentication required for public collections.

Send new KEV entries to Slack

  1. Slack → Add Apps → RSS.
  2. /feed subscribe https://www.cschronicles.com/api/public/feeds/kev.rss

Pull into a script (curl / jq)

# Get today's critical CVEs as JSON, extract IDs
curl -s https://www.cschronicles.com/api/public/feeds/critical-cves.json \
  | jq -r '.items[] | ._csc.metadata.vendor + " " + ._csc.metadata.product + " " + .title'

Splunk (RSS modular input)

  1. Install the RSS/Atom modular input add-on from Splunkbase.
  2. Feed URL:
  3. Interval: 300 (5 min).

Coming soon: REST API + Webhooks

Per-user API keys for filtered /api/v1/* endpoints (query by vendor, product, sector, region, severity), plus HMAC-signed webhooks for new KEV, critical CVE, ransomware leak, and risk-threshold-crossed events. Paid tier — see pricing .

Terms

Public feeds are provided as-is with a shared 5-minute edge cache. Please cache responsibly and attribute CS::Chronicles when redistributing. High-volume, branded, or SLA-backed usage requires a paid plan.