Alpha VIP Blueprint v2.1

The Intelligence Operating System for Modern SOCs

MyVuln gives security teams a single operational view of a noisy threat environment. Instead of simply aggregating feeds, the platform validates, deduplicates, and enriches vulnerability signals in real time so analysts can move from raw input to action without losing context.

Public V1 Endpoints Changelog Help Pricing

"Our Mission: To democratize access to elite-grade threat intelligence and drastically reduce Mean Time To Remediation (MTTR) worldwide."

Quick Start

1. Account Creation

2. Trigger First Sync

Enable global feeds under Settings > Data Sources to start ingestion.

3. Start Monitoring

Watch the real-time vulnerability stream on your dashboard.

Changelog

FeaturePublic product, docs, and discovery surfaces were reorganized around clearer multilingual positioning and stronger enterprise presentation.
FeatureReporting workflows were unified so AI analyses, exports, and delivery artifacts can be managed from a single in-app reports experience.
ImprovementApp and landing surfaces received a broader visual polish pass with cleaner navigation, stronger readability, and more disciplined motion.
ImprovementIntelligence workspaces now present signals, source coverage, and operator actions with clearer prioritization for daily analyst flow.
InfrastructureRelease readiness, maintenance controls, and runtime diagnostics were consolidated into a cleaner operator-ready enterprise baseline.
FixFeed ingestion, local translation fallback, and runtime noise handling were stabilized to improve day-to-day operator trust.

Core Features

Intelligence Dashboard

The Intelligence Dashboard brings live threat activity, exposure trends, and source health into a single operational surface. It updates automatically through Supabase Realtime so SOC teams can stay oriented without manual refresh cycles.

Intelligence Stat Cards

Four key metrics displayed at the top of the dashboard—Total Vulnerabilities, Critical Alerts, Active Sources, and Last Sync Time. Each card updates in real-time and reflects the current state of your threat data pipeline.

World Threat Map

An interactive SVG map that visualizes vulnerability origins by country. Countries are color-coded by aggregate severity, with pulsing animations for active threat hotspots. Click any country to filter the dashboard by geographic origin.

Vulnerability Trend Chart

A time-series visualization showing vulnerability discovery rates over the past 30 days. Tracks Critical, High, Medium, and Low severity distributions to identify emerging threat patterns and spikes in activity.

Live Threat Feed

A streaming table of the most recent CVE entries with sub-second latency. Each row shows CVE ID, severity badge, affected product, source feed, and publication timestamp. Supports infinite scroll and real-time insertion of new entries.

Audio Alert System

Configurable browser notifications with audio cues for newly discovered Critical and High severity vulnerabilities. Alerts trigger automatically when the sync engine ingests a new high-priority CVE from any active feed.

Auto-Sync Status

A persistent status indicator showing the health of the background sync engine—last successful sync, next scheduled batch, active feed count, and any error states. Visible at all times in the dashboard header.

CVE Database

The CVE Database is a comprehensive, searchable repository of all indexed vulnerabilities aggregated from 34+ intelligence sources. It provides SOC analysts with powerful filtering, sorting, and export capabilities designed for rapid triage and investigation workflows.

CVSS 3.1 Severity Filtering

Filter vulnerabilities by severity level—Critical (9.0-10.0), High (7.0-8.9), Medium (4.0-6.9), Low (0.1-3.9), or None. Visual severity badges use color-coded indicators for instant recognition.

Full-Text Search

Search across CVE IDs, titles, descriptions, and affected product names. The search engine supports partial matching and highlights relevant terms in results for rapid scanning.

Vendor & Product Filter

Filter the database by specific software vendors (Microsoft, Apache, Linux, etc.) or affected product names to focus on your organization's technology stack.

USOM TR-ID Cross-Reference

Turkish national alerts from USOM are automatically linked to their global CVE counterparts. Each vulnerability displays both the international CVE ID and the local TR-ID when available.

Bilingual Display

All vulnerability descriptions are available in both English and Turkish. The AI translation pipeline ensures technical accuracy while maintaining readability for local SOC teams.

One-Click PDF Export

Generate a detailed, branded PDF report for any CVE directly from the database view. Reports include CVSS scoring, affected products, remediation guidance, and reference URLs.

Pro Tip: Our USOM TR-ID mapping automatically links national alerts to their global CVE counterparts.

USOM Intelligence Center

The USOM workspace combines malicious threat-link records and USOM security advisories in one analyst surface. The firewall-export flow for URL indicators stays intact, while TR-tagged local advisories are surfaced alongside it for faster operational review.

01

Dual-surface workflow: threat links and USOM security advisories appear as separate but coordinated blocks in the same workspace.

02

Workflow fit: indicator copy, tenant-aware export, and rapid review remain on the URL side, while advisory records add direct CVE-detail and source-advisory access.

03

Risk signals: effective risk score, phishing flags, severity, and local advisory context are shown together.

IoC Database

The IoC Database view no longer relies on regex extraction from CVE/NVD/KEV prose. It is fed by dedicated no-auth indicator providers: OpenPhish, PhishTank, Feodo Tracker, and SSLBL. The default actionable surface shows only high-confidence IP, domain, and hash indicators, while the review queue keeps evidence-backed candidates that still need analyst confirmation. Domain and IP records age out with TTL; hash records remain tied to provider-backed evidence.

01

Dedicated providers only: the IOC workspace is sourced from OpenPhish, PhishTank, Feodo Tracker, and SSLBL, while NVD/KEV/CVE content stays on the vulnerability side of the product.

02

Signal quality and aging: URL-derived host projections, shared-hosting review rules, and TTL-based aging keep domain/IP indicators fresh; hash records stay only when backed by provider evidence.

03

Coverage visibility: provider-level coverage, active-source counts, page-level provider visibility, and TTL-managed row visibility stay visible in the workspace.

04

Analyst workflow: actionable mode, review queue, provider/feed evidence, source-reference links, CSV export, VirusTotal search, and source-CVE drill-down stay in one workspace.

Intelligence Terminal

The Intelligence Terminal is a glassmorphic, high-performance news feed that delivers breaking cybersecurity news from elite research laboratories and security vendors. Unlike traditional news readers, the terminal strips all heavy images, tracking scripts, and advertisements to deliver pure, actionable intelligence with minimal latency.

Zero-Latency Delivery

News articles are fetched and parsed server-side with a 5-minute caching strategy. The terminal renders only text-based intelligence, eliminating image loading delays and third-party script overhead.

Category Filtering

Filter articles by threat category—malware analysis, vulnerability disclosures, APT campaigns, ransomware, zero-days, and more. Categories are automatically extracted from source feed metadata.

Source Attribution

Every article displays its origin source with a color-coded badge (e.g., BleepingComputer, WeLiveSecurity, Mandiant). Click any source badge to filter the feed to that specific provider.

Full-Text Search

Search across article titles and summaries to find specific threat intelligence. The search operates across all cached articles with instant results and keyword highlighting.

Automatic Translation

Articles from international sources are automatically translated to Turkish using the background translation pipeline. Toggle between original and translated text with a single click.

Deduplication Engine

The MD5-based deduplication system ensures that the same story reported by multiple sources appears only once in your feed, with links to all original sources preserved.

API Reference

Authentication

API Key Generation

Navigate to Settings > API Keys. Click 'Generate New Key'. Your Client Secret is only shown once—store it in a secure vault.

Authentication Headers

X-MyVuln-Client-Idyour_id

X-MyVuln-Client-Secretyour_secret

Key Revocation

Revoking a key instantly terminates all active polling sessions associated with that key across our edge network.

Base URLs & Scope

Local development

http://localhost:3000/api/v1

Production

https://myvuln.io/api/v1

The external integration contract is limited to /api/v1/* only.

Routes under /api/* outside /api/v1 remain internal or browser-facing flows and are not part of the public integration surface.

Feed/search responses use private, max-age=60, stale-while-revalidate=30; dispatch responses use no-store.

Authentication Flow

Every request must include the X-MyVuln-Client-Id, X-MyVuln-Client-Secret headers.

Public API keys and SIEM dispatch require a Pro plan entitlement.

Generate, rotate, or revoke keys from Dashboard > API Settings.

Public REST API

Public V1 Endpoints

GET

/api/v1/feed/cves

CVE feed

Returns a normalized CVE feed with incremental polling, filtering, and pagination.

Operational Limits

Rate limit: 60 requests / 60 sec / key+IP

Pagination: default 50, max 100

Behavior Notes

severity values: Critical, High, Medium, Low, None

The CVE dataset returns only real CVE records; URL intelligence identifiers are excluded.

since must be a valid ISO 8601 timestamp.

Request Example

curl -sS \
  -H "X-MyVuln-Client-Id: mv_live_xxx" \
  -H "X-MyVuln-Client-Secret: <secret>" \
  "http://localhost:3000/api/v1/feed/cves?limit=50&severity=Critical&since=2026-03-01T00:00:00.000Z"

GET

/api/v1/search/cves

CVE search

Runs analyst-oriented CVE search and returns relevance-scored results.

Operational Limits

Rate limit: 60 requests / 60 sec / key+IP

Pagination: default 25, max 100

Behavior Notes

q is required and must be at least 2 characters.

sort=relevance orders the final payload by match.score.

vendor and severity reuse the same filtering logic as the feed endpoint.

Request Example

curl -sS \
  -H "X-MyVuln-Client-Id: mv_live_xxx" \
  -H "X-MyVuln-Client-Secret: <secret>" \
  "http://localhost:3000/api/v1/search/cves?q=openssl&limit=25&sort=relevance"

GET

/api/v1/feed/urls

URL / domain feed

Builds URL and domain indicators from references and descriptions, then deduplicates and paginates the result.

Operational Limits

Rate limit: 60 requests / 60 sec / key+IP

Pagination: default 50, max 200

Source scan cap: 20000 vulnerability records

Behavior Notes

kind defaults to domain; url and all are also supported.

distinct defaults to true and collapses repeated indicators.

include_advisory=false filters advisory hosts such as github.com and cisa.gov.

Request Example

curl -sS \
  -H "X-MyVuln-Client-Id: mv_live_xxx" \
  -H "X-MyVuln-Client-Secret: <secret>" \
  "http://localhost:3000/api/v1/feed/urls?kind=domain&limit=50&distinct=true"

GET

/api/v1/search/urls

URL / domain search

Searches indicator data and returns relevance-scored URL/domain results.

Operational Limits

Rate limit: 60 requests / 60 sec / key+IP

Pagination: default 50, max 200

Source scan cap: 20000 vulnerability records

Behavior Notes

q is required and must be at least 2 characters.

kind defaults to all; domain results receive a slight relevance preference.

If q becomes empty after sanitization, the endpoint returns an empty list instead of dumping the full indicator set.

Request Example

curl -sS \
  -H "X-MyVuln-Client-Id: mv_live_xxx" \
  -H "X-MyVuln-Client-Secret: <secret>" \
  "http://localhost:3000/api/v1/search/urls?q=github.com&kind=all&limit=50"

POST

/api/v1/integrations/siem/dispatch

SIEM / webhook dispatch

Builds a normalized CVE or URL dataset and sends it to Splunk, Sentinel, or a generic webhook target.

Operational Limits

Rate limit: 20 requests / 60 sec / key+IP

record_limit: default 250, max 1000

timeout_ms: 2000-20000, default 8000

Behavior Notes

dry_run defaults to true and returns a preview without sending data to the target.

target_url must be HTTPS in production; localhost HTTP is only allowed for local testing.

Resolved internal/private targets, unsafe redirects, and sensitive header overrides are blocked.

Request Example

curl -sS -X POST \
  -H "Content-Type: application/json" \
  -H "X-MyVuln-Client-Id: mv_live_xxx" \
  -H "X-MyVuln-Client-Secret: <secret>" \
  "http://localhost:3000/api/v1/integrations/siem/dispatch" \
  -d '{
    "provider": "generic_webhook",
    "target_url": "https://siem.example.com/myvuln",
    "dataset": "cves",
    "dry_run": true,
    "record_limit": 250,
    "severity": "Critical"
  }'

Query Parameters

GET

/api/v1/feed/cves

Field	Type	Required	Default	Description
`page`	number	Optional	1	1-based page index.
`limit`	number	Optional	50	Page size. Maximum 100.
`severity`	enum	Optional	-	Severity filter. Values: Critical, High, Medium, Low, None.
`vendor`	string	Optional	-	Matches vendor or product names inside affected_products.
`search`	string	Optional	-	Searches cve_id and description fields.
`sort`	enum	Optional	published_at	Sort field: published_at or cvss_score.
`order`	enum	Optional	desc	Sort direction: asc or desc.
`since`	ISO 8601 string	Optional	-	Returns records published after the supplied timestamp.

GET

/api/v1/search/cves

Field	Type	Required	Default	Description
`q`	string	Required	-	Search term. Minimum 2, maximum 200 characters.
`page`	number	Optional	1	1-based page index.
`limit`	number	Optional	25	Page size. Maximum 100.
`severity`	enum	Optional	-	Severity filter. Values: Critical, High, Medium, Low, None.
`vendor`	string	Optional	-	Matches vendor or product names inside affected_products.
`sort`	enum	Optional	relevance	relevance, published_at, or cvss_score.
`order`	enum	Optional	desc	Sort direction: asc or desc.
`since`	ISO 8601 string	Optional	-	Returns records published after the supplied timestamp.

GET

/api/v1/feed/urls

Field	Type	Required	Default	Description
`page`	number	Optional	1	1-based page index.
`limit`	number	Optional	50	Page size. Maximum 200.
`search`	string	Optional	-	Filters by CVE, title, description, or indicator text.
`kind`	enum	Optional	domain	domain, url, or all.
`sort`	enum	Optional	published_at	published_at or indicator.
`order`	enum	Optional	desc	Sort direction: asc or desc.
`since`	ISO 8601 string	Optional	-	Uses only source records published after the supplied timestamp.
`distinct`	boolean	Optional	true	Removes duplicate indicators.
`include_advisory`	boolean	Optional	false	Includes advisory hosts in the result set.

GET

/api/v1/search/urls

Field	Type	Required	Default	Description
`q`	string	Required	-	Search term. Minimum 2, maximum 200 characters.
`page`	number	Optional	1	1-based page index.
`limit`	number	Optional	50	Page size. Maximum 200.
`kind`	enum	Optional	all	domain, url, or all.
`sort`	enum	Optional	relevance	relevance, published_at, or indicator.
`order`	enum	Optional	desc	Sort direction: asc or desc.
`since`	ISO 8601 string	Optional	-	Uses only source records published after the supplied timestamp.
`distinct`	boolean	Optional	true	Removes duplicate indicators.
`include_advisory`	boolean	Optional	false	Includes advisory hosts in the result set.

POST

/api/v1/integrations/siem/dispatch

Field	Type	Required	Default	Description
`provider`	enum	Optional	generic_webhook	splunk_hec, sentinel_webhook, or generic_webhook.
`target_url`	string	Required	-	Absolute webhook target URL.
`dataset`	enum	Optional	cves	cves or urls.
`dry_run`	boolean	Optional	true	Builds a preview and skips the outbound dispatch.
`record_limit`	number	Optional	250	Maximum number of records to include. Maximum 1000.
`timeout_ms`	number	Optional	8000	Outbound request timeout. Range 2000-20000.
`since`	ISO 8601 string	Optional	-	Narrows the payload to records newer than the supplied timestamp.
`search`	string	Optional	-	Applies a search filter while building CVE or URL payloads.
`severity`	enum	Optional	-	CVE dataset only. Values: Critical, High, Medium, Low, None.
`vendor`	string	Optional	-	CVE dataset only. Filters affected_products.
`kind`	enum	Optional	domain	URL dataset only. domain, url, or all.
`distinct`	boolean	Optional	true	URL dataset only. Removes duplicate indicators.
`include_advisory`	boolean	Optional	false	URL dataset only. Includes advisory hosts.
`splunk_token`	string	Optional	-	Required when provider=splunk_hec.
`custom_headers`	Record<string,string>	Optional	-	Additional outbound headers. Sensitive names such as Authorization/Host cannot be overridden.

Response Schema

Response Headers

X-RateLimit-Limit

Configured limit for the current route.

X-RateLimit-Remaining

Remaining calls inside the current 60-second window.

X-RateLimit-Policy

Returned as limit;w=60.

Cache-Control

feed/search use private, max-age=60, stale-while-revalidate=30; dispatch uses no-store.

Vary

Separates cached responses by the API key header pair.

Error Codes

AUTH_MISSING

One or both API key headers are missing.

AUTH_INVALID

The key format is wrong, inactive, or the secret does not verify.

PLAN_REQUIRED

The key is not entitled for Pro-only public API access.

VALIDATION_ERROR

Query parameters or dispatch body fields failed validation.

INTERNAL_ERROR

The server failed while building the feed or payload.

DISPATCH_FAILED

The target rejected the payload or the outbound request failed.

Response Examples

CVE feed / search response

{
  "success": true,
  "error": null,
  "data": [
    {
      "cve_id": "CVE-2026-26133",
      "severity": "Critical",
      "cvss": {
        "score": 9.8,
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
      },
      "description": "Example vulnerability summary",
      "affected_products": ["Example Server"],
      "published_at": "2026-03-11T10:15:00.000Z",
      "updated_at": "2026-03-11T10:45:00.000Z",
      "references": ["https://vendor.example/advisory"]
    }
  ],
  "meta": {
    "page": 1,
    "limit": 50,
    "total": 1,
    "total_pages": 1,
    "has_next": false,
    "has_prev": false,
    "timestamp": "2026-03-12T12:00:00.000Z"
  }
}

URL search response

{
  "success": true,
  "error": null,
  "data": [
    {
      "indicator": "https://pkg.go.dev/github.com/ulikunitz/xz/lzma#NewReader",
      "kind": "url",
      "source_cve_id": "CVE-2026-2987",
      "severity": "High",
      "published_at": "2026-03-10T09:00:00.000Z",
      "updated_at": "2026-03-10T09:15:00.000Z",
      "references": ["https://pkg.go.dev/github.com/ulikunitz/xz/lzma#NewReader"],
      "match": {
        "query": "github.com",
        "score": 125
      }
    }
  ],
  "meta": {
    "page": 1,
    "limit": 50,
    "total": 1,
    "total_pages": 1,
    "has_next": false,
    "has_prev": false,
    "query": "github.com",
    "source_records": 1250,
    "source_record_cap": 20000,
    "source_records_truncated": false,
    "kind": "all",
    "distinct": true,
    "include_advisory": false
  }
}

Dispatch dry_run response

{
  "success": true,
  "error": null,
  "data": {
    "dispatch_id": "5ad4a4d2-b1ef-4c8c-b4d8-8dd3629a10fd",
    "provider": "generic_webhook",
    "dataset": "cves",
    "dry_run": true,
    "target_url": "https://siem.example.com/myvuln",
    "records_selected": 250,
    "records_dispatched": 0,
    "preview": [
      {
        "cve_id": "CVE-2026-26133",
        "title": "Example issue"
      }
    ]
  },
  "meta": {
    "timestamp": "2026-03-12T12:00:00.000Z"
  }
}

AI Analysis & Automation

Public documentation scope is limited to the external /api/v1 API surface.

Local AI Analysis Engine: Generates CVE context, impact narrative, exploitability signals, and remediation guidance.

Evidence Enrichment: Automatically tags PoC, patch, and advisory links.

Free Plan Quota: 30 AI analysis requests per month.

Pro Plan Quota: Unlimited AI analysis.

Integration Guides

SIEM Integration

Generate V1 keys from Settings.

Use /api/v1/feed/cves and /api/v1/feed/urls for baseline ingestion and incremental polling.

Use /api/v1/search/cves and /api/v1/search/urls for analyst-driven IOC/CVE hunts.

Use POST /api/v1/integrations/siem/dispatch for Splunk/Sentinel/Generic webhook delivery.

Map normalized fields (severity, cvss, indicator, source_cve_id) into your SIEM schema.

SIEM/SOAR dispatch endpoint works with Pro-plan API keys.

Dispatch Notes

Supported provider values: splunk_hec, sentinel_webhook, generic_webhook.

splunk_token is required for splunk_hec and the Authorization header is generated server-side.

The dispatch route does not follow redirects and rejects targets that resolve to internal/private addresses.

dry_run returns the selected record count and preview without sending data to the target.

Reports

The Reports view brings together AI analyses, intel exports, USOM/firewall outputs, and email delivery records for the current user. Operators can search the list, inspect details, and download eligible artifacts again from one place.

01

Unified list: AI analyses, intel exports, USOM/firewall exports, and delivery records appear in one workspace.

02

Monthly window: The screen only shows records from the active month and resets automatically when a new month starts.

03

Re-download flow: Eligible report artifacts can be downloaded again directly from the workspace.

Analytics Workspace

The Analytics view is broader than PDF export. Help links should land on the active analytics module, not on generic reporting docs.

Analytics Overview

The fixed 30-day window, PDF export flow, and the overall analytics workspace.

MITRE ATT&CK

Tactic/technique distribution, heatmap logic, and CVE drill-down behavior.

Risk Score

Risk posture derived from severity, exploitation, and enrichment signals.

Threat Actors

Actor clusters, attribution signals, and campaign-oriented context.

Charts

Trend, distribution, and comparison charts for the analytics workspace.

PDF Reporting

MyVuln's PDF Reporting engine generates professional, SOC-ready vulnerability reports directly from the platform. Each report is designed for both internal remediation workflows and external compliance documentation.

One-Click Generation

Export any CVE as a formatted PDF directly from the vulnerability detail page. No configuration required—click the export button and the report downloads immediately.

Comprehensive Content

Each report includes CVSS 3.1 scoring breakdown, severity classification, full technical description, affected products and versions, remediation guidance, and all reference URLs from source advisories.

Remediation Guidance

Reports automatically include recommended remediation steps based on the vulnerability type and affected software, giving SOC analysts actionable next steps.

Branded Layout

Reports feature a professional layout with MyVuln branding, generation timestamp, analyst attribution, and page numbering suitable for formal documentation and compliance audits.

Bilingual Support

Reports can be generated in English or Turkish. When the Turkish translation is available, the report includes both language versions for multi-team environments.

Unlimited Exports

There are no limits on the number of PDF reports you can generate during the Alpha phase. Export individual CVEs or batch-export filtered result sets.

Architecture

Intelligence Tiers

MyVuln organizes intelligence sources into a 4-tier hierarchical architecture to ensure that the most authoritative and time-critical threat data is processed first. This tiered approach guarantees that global authority advisories (NIST NVD, CISA KEV) are ingested before vendor-specific or research-level feeds, maintaining data integrity and prioritization accuracy.

T1: Global CERTs (NVD, CISA)

T2: National CERTs (USOM)

T3: Vendor Advisories (Microsoft, AWS)

T4: OSINT & Research (Mandiant)

MD5 Deduplication

The MD5 Deduplication Engine is MyVuln's core data integrity layer. It ensures that the same vulnerability reported by multiple sources (e.g., NVD and CISA both reporting CVE-2026-0892) appears only once in your database while preserving source attribution and enrichment data from all reporters.

Stable MD5 Fingerprinting: Each vulnerability is hashed from a consistent mix of CVE ID, title, and core description fields so matching advisories from different sources collapse into the same record despite formatting differences.

Smart Merge Strategy: When a duplicate is detected, the engine merges enrichment data (affected products, reference URLs, tags) from all sources into a single consolidated record rather than discarding secondary reports.

Multi-CVE Extraction: The parser intelligently handles advisories that reference multiple CVEs in a single report, extracting and creating individual records for each CVE while maintaining links to the parent advisory.

Cross-Feed Detection: Deduplication operates across all active feeds simultaneously. A vulnerability first reported by CISA and later by NVD is automatically merged, with both sources credited in the reference URLs.

Malformed Data Recovery: The ultra-robust parser automatically repairs common XML/JSON formatting issues found in legacy government feeds (broken tags, invalid encodings, truncated content) before applying the deduplication hash.

Translation Pipeline

Our background translation service handles massive amounts of data in parallel. Using a batch size of 50 and 25 concurrent connections, it can localize thousands of technical reports into Turkish within minutes.

Batch Processing: Translations are processed in configurable batches of 50 entries, optimizing API throughput while respecting rate limits. Each batch is processed atomically with rollback support on failure.

25 Concurrent Connections: The pipeline maintains up to 25 parallel translation connections, enabling thousands of vulnerability descriptions to be localized within minutes rather than hours.

Non-Blocking Architecture: Translation runs as a background service that never blocks the main sync pipeline. New vulnerabilities appear immediately in English, with Turkish translations populated asynchronously.

Automatic Language Detection: The engine detects the source language of each entry and only translates content that is not already in the target locale, avoiding redundant API calls for pre-translated content.

Catch-Up Processing: When new feeds are activated or historical data is imported, the translation pipeline automatically identifies untranslated entries and queues them for batch processing without manual intervention.

Table-Aware Parsing: The translation engine preserves technical formatting, code blocks, version numbers, CVE identifiers, and CVSS scores during translation—ensuring that critical technical data remains unaltered.

Billing & Plans

Launch Phase Benefits

During our initial public launch, MyVuln is completely free. Get immediate access to all 34+ threat intelligence sources and automated national threat monitoring.

Feature Comparison

Free and Pro capabilities are separated by operational responsibilities.

Public API keys: Pro plan only.

SIEM/SOAR dispatch: Pro plan only.

AI analysis: Free has 30/month, Pro is unlimited.

Firewall TXT export and PDF reporting: Pro plan.

During launch, Pro access is activated on request. Use the contact form and select "Pro Request".

Limits

Plan-based limits keep platform quality stable while preserving clear Free/Pro boundaries.

Public API Feed/Search: 60 requests per minute per key+IP fingerprint (Pro only).

SIEM/SOAR Dispatch: 20 requests per minute per key+IP fingerprint (Pro only).

AI Analysis: Free plan includes 30 analyses per month; Pro is unlimited.

Firewall TXT export and PDF/analytics exports: Pro only.

Tenant/team operations: Pro capability (owner/member tenant context).

Launch policy: Pro access is request-only via Contact > Pro Request.

Enterprise Support

MyVuln offers dedicated enterprise support options for large-scale SOC deployments, managed security service providers (MSSPs), and organizations requiring custom threat intelligence integrations. Enterprise support ensures your security operations team has direct access to our engineering staff for rapid issue resolution.

Priority Technical Assistance

Enterprise customers receive dedicated engineering support, defined response targets, and direct communication paths for critical issues.

SIEM Integration Support

Hands-on assistance with Splunk, Microsoft Sentinel, QRadar, and other SIEM platform integrations. Our engineers help configure data mappings, alert rules, and polling schedules.

Custom Feed Ingestion

Enterprise customers can request custom feed parsers for proprietary or industry-specific threat sources not included in the standard feed library.

High-Throughput API Access

Pro integrations support sustained external ingestion and near real-time synchronization workflows.

Priority Incident Response

Enterprise-reported bugs and feature requests receive priority triage and accelerated resolution timelines compared to standard support channels.

Quarterly Security Consultation

Scheduled review sessions with our security engineering team to optimize your threat intelligence workflow, review new platform features, and align roadmap priorities.

Resources

Security & Trust

Security is foundational to MyVuln's architecture. We implement defense-in-depth with multiple layers of protection to ensure your threat intelligence data remains confidential and tamper-proof.

Per-Tenant Isolation

Each organization operates in a completely isolated database schema. Supabase Row Level Security (RLS) policies are enforced at the PostgreSQL level, making cross-tenant data leakage architecturally impossible.

End-to-End Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. API keys are stored using bcrypt hashing—even our administrators cannot view your credentials.

JWT Authentication

Session management uses short-lived JSON Web Tokens with automatic refresh. Public V1 API requests are authenticated with Client ID + Client Secret headers and validated against tenant-scoped keys.

API Key Security

Public API keys use a Client ID + Client Secret pattern. Secrets are bcrypt-hashed at creation and never stored in plaintext. Key revocation takes effect immediately across all edge nodes.

KVKK & GDPR Compliance

MyVuln is designed to comply with both Turkey's KVKK (Law No. 6698) and the EU's GDPR. We collect only operational data—no private infrastructure scanning or PII beyond account registration.

Audit Trail

Every user action, API call, and system event is logged with atomic precision for complete forensic traceability.

Feed Manager

The Feed Manager gives you granular control over your intelligence sources. Enable or disable specific feeds based on your organization's threat profile, monitor feed health in real-time, and add custom RSS/Atom sources.

34+ Pre-configured Sources: Ready-to-use feeds from NVD, CISA KEV, USOM, Microsoft MSRC, GitHub Advisories, Mandiant, and more.

4-Tier Source Hierarchy: Sources are organized into Global Authorities (T1), National CERTs (T2), Vendor Advisories (T3), and OSINT Research (T4) for prioritized processing.

Toggle On/Off: Enable or disable individual feeds per organization without affecting other tenants.

Health Monitoring: Track last sync time, error status, and content freshness for every configured feed.

Content Type Filtering: Separate news intelligence feeds from CVE vulnerability feeds for targeted dashboard views.

Country-Based Grouping: Sources are tagged by country of origin (US, TR, EU, etc.) for regional threat filtering.

Custom Feed Support: Register your own RSS, Atom, or JSON feeds with automatic format detection and robust error handling.

API Access and Key Management

The API Settings view is the in-app workspace for generating client credentials, revoking keys, and reviewing the public API contract.

01

Key lifecycle: Generate, reveal-once, and revoke behavior in one place.

02

Surface clarity: Base URL, auth headers, and the public endpoint list are displayed together.

03

Plan gating: Community vs Pro behavior is visible directly in the workspace.

SMTP and Webhook Settings

The SMTP Settings view controls alert delivery behavior. Email recipients, category toggles, and Slack/webhook test flows live in the same panel.

01

Alert routing: Critical, suspicious, and informational delivery can be tuned separately.

02

Verification: Test email and test webhook requests validate runtime delivery.

03

Tenant-aware config: Save and test behavior remains scoped to the selected tenant.

World Threat Map

The World Threat Map offers an interactive live view of global threat activity. It helps analysts understand where disclosures originate, which regions are being targeted, and how severity shifts over time.

Interactive SVG Map

Fully interactive world map with zoom, pan, and click-to-filter capabilities.

Real-time Severity Heatmap

Countries are color-coded by aggregate severity—red for Critical, orange for High, yellow for Medium.

Live Pulse Animations

Active threat sources display pulsing indicators to highlight emerging hotspots.

Country-Level Aggregation

Hover over any country to see total vulnerabilities, severity breakdown, and top CVEs.

USOM Integration

Turkey-specific threat data from USOM TR-CERT is overlaid with TR-ID cross-referencing.

Auto-Refresh

Map data updates automatically via Supabase Realtime subscriptions—no manual refresh needed.

System Logs

MyVuln's logging system provides complete operational transparency. Every synchronization cycle, API request, authentication event, and background process is recorded with structured metadata for easy filtering and analysis.

All Logs

Historical application logs stored by the platform.

Live Stream

Real-time log stream for fast triage and active monitoring.

Sync Operations

Dedicated view for feed synchronization and ingestion operations.

Real-time Streaming: Logs are streamed live to the dashboard using WebSocket connections with sub-second latency.

Structured Log Levels: Five severity levels—DEBUG, INFO, WARN, ERROR, and AUDIT—allow precise filtering of operational events.

Source Filtering: Filter logs by source module—Sync Engine, API Layer, Auth Service, Translation Pipeline, or Background Jobs.

Time-based Queries: Search and filter logs by custom time ranges for incident investigation.

Background Process Monitoring: Track feed synchronization progress, translation batch status, and severity repair operations in real-time.

Exportable Data: Download filtered log sets for external analysis or compliance reporting.

Administration

Super Admin Console

The Super Admin view is a platform-wide control plane. Help links should follow the active tab instead of landing on generic administration docs.

Overview

Global health, summary metrics, and quick navigation.

Tenants & Teams

Tenant inventory, membership capacity, and organization-level control.

Global Users

Platform-wide user search, role visibility, and license review.

Outbox & Ops

Operational queues, outbound delivery, and retry visibility.

System Maintenance

DB preflight, maintenance tools, and critical platform operations.

Team Management

The Settings > Team tab manages tenant members, role assignments, and invite lifecycle.

01

Member visibility: Active members and seat usage are shown together.

02

Invite flow: Invite, revoke, and pending states stay in one panel.

03

Role isolation: Owner/admin/member permissions are managed at tenant scope.

My Account

The Profile view is the self-service account workspace. Email updates, password rotation, and membership visibility are grouped here.

01

Identity data: Email address and last sign-in are visible to the user.

02

Security: Password update flow with strength feedback.

03

Membership clarity: Role and license state are surfaced directly in the profile.

Roles & Permissions

MyVuln implements enterprise-grade Role-Based Access Control using Supabase Row Level Security (RLS) at the database level. This ensures that access permissions are enforced server-side and cannot be bypassed through client manipulation.

SOC Admin

Full platform access including feed management, sync triggers, user administration, API key management, and system settings.

Analyst

Read access to dashboard and intelligence views. In Free plan, API key and SIEM dispatch capabilities are locked.

Enterprise

Extended role with Pro capabilities, operational exports, SIEM workflows, and higher automation coverage.

Capability	SOC Admin	Analyst
Global Map & Real-time Stats	Full Access	Full Access
Full Vulnerability Search	Full Access	Full Access
Remediation PDF Reporting	Full Access	Full Access
Source Control (Tier Tuning)	Full Access	Restricted
Manual Batch Trigger	Full Access	Restricted
Team RBAC Management	Full Access	Restricted

Note: The Super User flag (reserved for platform administrators) grants cross-tenant visibility and system-wide configuration access beyond standard SOC Admin permissions.

User Management

Manage your entire security team from a centralized administration panel. Invite new members, assign roles, monitor activity, and control license tiers—all with full audit trail visibility.

Team Invitations

Invite team members via email with automatic role assignment and onboarding.

Role Assignment

Assign SOC Admin, Analyst, or Enterprise roles to control access levels.

Profile Management

View and manage user profiles including display names, email addresses, and contact information.

License Tier Control

Manage user license tiers (Free, Early Bird, Lifetime) from the admin panel.

Activity Monitoring

Track individual user activity including logins, searches, exports, and API usage.

Password Reset

Administrators can trigger password reset flows for team members securely via email.

Audit Logs

Complete forensic traceability for every action taken within your organization. The audit system automatically captures user actions, API access, and configuration changes with timestamp precision.

Authentication Events: Login, logout, failed attempts, and session refresh events.

Configuration Changes: Feed toggles, settings modifications, theme and language preferences.

Data Operations: CVE searches, PDF exports, feed sync triggers, and translation requests.

API Key Lifecycle: Key creation, usage patterns, rate limit hits, and revocation events.

User Administration: Role changes, team member additions, license modifications.

System Events: Scheduled sync operations, background translation batches, error recovery actions.

License

MyVuln applies strict capability boundaries between Free and Pro plans, aligned with tenant-aware access control.

Free Plan

Live feed visibility, dashboard usage, and AI analysis up to 30/month.

Pro Plan

Public API keys, SIEM/SOAR dispatch, firewall TXT export, PDF/analytics exports, and unlimited AI analysis.

Tenant Alignment

Users with active tenant owner/member context are treated as Pro.

Launch Access

Pro capability activation is handled by request (Contact > Pro Request).

Data Usage

MyVuln processes public intelligence and tenant settings only.

Compliance

Usage remains subject to Terms of Service, Privacy Policy, KVKK, and GDPR controls.

SOC Support Priority

Need Enterprise Support?

Our engineering team helps with SIEM integrations, onboarding, and production rollout planning.

Contact Support