Your feed, inside your stack.
CS::Chronicles curates CVEs, KEV, ransomware activity, and regulatory enforcement into clean, tagged streams. Pipe them into your SIEM, TIP, SOAR, or Slack — no signup, no token, no dashboard to babysit.
RSS / Atom / JSON Feed
Drop the URL into any RSS reader, Slack RSS app, feedly, Zapier, n8n, Tines.
STIX 2.1 over TAXII 2.1
Consumed natively by MISP, OpenCTI, Anomali, ThreatQuotient, EclecticIQ.
MISP Feed
Add as a MISP feed in one URL. Auto-pulled on your MISP instance schedule.
Public feeds
CISA KEV Mirror
/kevKnown Exploited Vulnerabilities, enriched with sector/region tags.
Critical CVEs
/critical-cvesCVSS ≥ 8.0 published in the last 7 days.
Curated Threat Signals
/signalsEditor-curated cyber news, deduplicated and severity-tagged.
Ransomware Leak Activity
/ransomware-leaksRansomware group leak-site posts and extortion incidents.
Regulatory Enforcement
/enforcementGRC fines, enforcement actions, and regulatory announcements.
Firehose
/allEverything, one stream.
Quickstart recipes
Add to MISP (60 seconds)
- MISP → Sync Actions → List Feeds → Add Feed.
- Source Format: MISP Feed
- URL:
- Enable, then Fetch and store all feed data.
Add to OpenCTI / Anomali via TAXII 2.1
- Add a TAXII 2.1 collector.
- Discovery URL:
- No authentication required for public collections.
Send new KEV entries to Slack
- Slack → Add Apps → RSS.
- /feed subscribe https://www.cschronicles.com/api/public/feeds/kev.rss
Pull into a script (curl / jq)
# Get today's critical CVEs as JSON, extract IDs curl -s https://www.cschronicles.com/api/public/feeds/critical-cves.json \ | jq -r '.items[] | ._csc.metadata.vendor + " " + ._csc.metadata.product + " " + .title'
Splunk (RSS modular input)
- Install the RSS/Atom modular input add-on from Splunkbase.
- Feed URL:
- Interval: 300 (5 min).
Coming soon: REST API + Webhooks
Per-user API keys for filtered /api/v1/* endpoints (query by vendor, product, sector, region, severity), plus HMAC-signed webhooks for new KEV, critical CVE, ransomware leak, and risk-threshold-crossed events. Paid tier — see pricing .
Terms
Public feeds are provided as-is with a shared 5-minute edge cache. Please cache responsibly and attribute CS::Chronicles when redistributing. High-volume, branded, or SLA-backed usage requires a paid plan.