FAST User Guide

Everything you need to know about FAST - Flash Alerts for Security Threats.

Figure 1, Fast Features

Figure 1, “Fast Features”

FAST Features

Type of Alert

The Type of Alert can be a normal flash alert, heads up, informational, Proactive, Wormable Event, all drop everything right now - we call ‘nuclear’ level event. The header may be color-coded to display this sense and have a hyphen and type of information such as Flash Alert - informational.


The Headline is the overall important message about the alert.


This is the description of the event, we will where possible roll this information up to a CVE.

CTCI Commentary

We will where possible highlight what is important, is there any action on objectives if known, if there is a specific sector/technology/geography if known. We will also where possible put some commentary on why we think this is important or other things to look out for.

Mitigations / Detection / Prevention

Where possible we will what you need to do to detect this CVE, what you need to mitigate on and what you could do for some prevention. These levels will be things like URLs, files, hashes, and such. It is up to you to convert these to things like WAF rules, log management alert rules, and such. In the future, we may have sigma rules for a number of these alerts.


With FAST and CEWL you can get better outcomes by using a combination of security engineering, detection creation, threat hunting, and mitigations from this CVE information. It should be noted that we are not the primary source of all articles on the CVEs, most of these reference links are in the Mitre org, CVE details.