The threats are matched up on a pcap (packet capture) basis against the same code produced by the vulnerability itself. We also ensure the attack can be sent and reported properly in Avalanche prior to publishing the threat to the knowledge base.