[摘要] Cyberspace is growing at full tilt creating an amalgamation of disparate systems. This heterogeneity leadsto increased system complexity and security flaws. It is crucial to understand and identify these flaws toprevent catastrophic events. However, the current state-of-the-art solutions are threat-specific and focus oneither risk, vulnerabilities, or adversary emulation. In this work, we present a scalable Cyber-threats andVulnerability Information Analyzer (CyVIA) framework. CyVIA analyzes cyber risks and abnormalities inreal-time using multi-formatted knowledge bases derived from open-source vulnerability databases. CyVIAachieves the following goals: 1) assess the target network for risk and vulnerabilities, 2) map services andpolicies to network nodes, 3) classify nodes based on severity, and 4) provide consequences, mitigation, andrelationships for the found vulnerabilities. We use CyVIA and other tools to examine a simulated network forthreats and compare the results.