Cassandra is a tool made to manage profiles of services and applications on servers and networks. With these profiles, it searches a local copy of NIST’s ICAT database for vulnerabilities. Searches can be automated to run every night, and to email the results.

Because users may not want a list of vulnerabilities, relevant to their systems, to be sent in clear text email, there is the option of only getting a notification that new vulnerabilities have been found. With an SSL connection, a list can be retrieved from the Cassandra web site.

Cassandra can also do searches by time intervals, keywords, and for products that are not yet in the ICAT database. This provides you with a reasonable assurance that you will get notified if a new vulnerability is found in a product that is not yet listed by ICAT.

The Center for Education and Research in Information Assurance and Security (CERIAS) gratefully acknowledges the contributions of its sponsors, and NIST for classifying CVE and CAN entries into ICAT and making the full ICAT database available to CERIAS.

Cassandra is available from https://cassandra.cerias.purdue.edu/