Does anyone have recommendations about methodologies (e.g. use of FAIR framework), plug-ins (ETL schemas, FOSS add-ons) or commercial/free solutions (like Kenna) that can help us during "integration, transformation and consolidation" of vulnerability into risks (from Tenable.IO to Archer)?
Yes, take a look at DeepSurface. It’s designed to automate the process.
@James Dirksen thanks, i'll check it.
Clear use with the NIST compliance framework, Archer IRM 6.9.sp3.p2, use of pre-processing out of Archer and now integration with agnostic tools.
FOSS or premium brands - all depends on your supply chain risk.
Support for qualitative nice to get a bow-tie on when quantitative data works for you. Add your methods, AWARE, FAIR, COBIT, ATT&CK; all visuals.