misp-objects/objects/vulnerability/definition.json

{
  "attributes": {
    "created": {
      "description": "First time when the vulnerability was discovered",
      "disable_correlation": true,
      "misp-attribute": "datetime",
      "ui-priority": 0
    },
    "credit": {
      "description": "Who reported/found the vulnerability such as an organisation, person or nickname.",
      "disable_correlation": true,
      "misp-attribute": "text",
      "multiple": true,
      "ui-priority": 0
    },
    "cvss-score": {
      "description": "Score of the Common Vulnerability Scoring System (version 3).",
      "disable_correlation": true,
      "misp-attribute": "float",
      "ui-priority": 1
    },
    "cvss-string": {
      "description": "String of the Common Vulnerability Scoring System (version 3).",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 1
    },
    "description": {
      "description": "Description of the vulnerability",
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "id": {
      "description": "Vulnerability ID (generally CVE, but not necessarely). The id is not required as the object itself has an UUID and the CVE id can be update or assigned later.",
      "misp-attribute": "vulnerability",
      "multiple": true,
      "ui-priority": 0
    },
    "modified": {
      "description": "Last modification date",
      "disable_correlation": true,
      "misp-attribute": "datetime",
      "ui-priority": 0
    },
    "published": {
      "description": "Initial publication date",
      "disable_correlation": true,
      "misp-attribute": "datetime",
      "ui-priority": 0
    },
    "references": {
      "description": "External references",
      "misp-attribute": "link",
      "multiple": true,
      "ui-priority": 0
    },
    "state": {
      "description": "State of the vulnerability. A vulnerability can have multiple states depending of the current actions performed.",
      "disable_correlation": true,
      "misp-attribute": "text",
      "multiple": true,
      "sane_default": [
        "Published",
        "Embargo",
        "Reviewed",
        "Vulnerability ID Assigned",
        "Reported",
        "Fixed"
      ],
      "ui-priority": 0
    },
    "summary": {
      "description": "Summary of the vulnerability",
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "vulnerable-configuration": {
      "description": "The vulnerable configuration is described in CPE format",
      "misp-attribute": "cpe",
      "multiple": true,
      "ui-priority": 0
    }
  },
  "description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.",
  "meta-category": "vulnerability",
  "name": "vulnerability",
  "requiredOneOf": [
    "published",
    "modified",
    "references",
    "vulnerable-configuration",
    "summary",
    "description",
    "id"
  ],
  "uuid": "81650945-f186-437b-8945-9f31715d32da",
  "version": 8
}
First version of the vulnerability object (basic CVE support) 2016-05-27 22:36:18 +02:00			`{`
JQ all the things 2017-02-13 11:18:42 +01:00			`"attributes": {`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"created": {`
			`"description": "First time when the vulnerability was discovered",`
			`"disable_correlation": true,`
			`"misp-attribute": "datetime",`
			`"ui-priority": 0`
			`},`
			`"credit": {`
			`"description": "Who reported/found the vulnerability such as an organisation, person or nickname.",`
			`"disable_correlation": true,`
			`"misp-attribute": "text",`
			`"multiple": true,`
			`"ui-priority": 0`
			`},`
			`"cvss-score": {`
			`"description": "Score of the Common Vulnerability Scoring System (version 3).",`
			`"disable_correlation": true,`
			`"misp-attribute": "float",`
			`"ui-priority": 1`
			`},`
			`"cvss-string": {`
			`"description": "String of the Common Vulnerability Scoring System (version 3).",`
			`"disable_correlation": true,`
chg: [vulnerability] updated following NATO and CIRCL feedback - CVSS score added - CVSS string added - credit attribute added - text -> description - vulnerability attribute can now be any format (not only the CVE format) 2018-07-10 07:21:36 +02:00			`"misp-attribute": "text",`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"ui-priority": 1`
JQ all the things 2017-02-13 11:18:42 +01:00			`},`
chg: [vulnerability] updated following NATO and CIRCL feedback - CVSS score added - CVSS string added - credit attribute added - text -> description - vulnerability attribute can now be any format (not only the CVE format) 2018-07-10 07:21:36 +02:00			`"description": {`
Add descriptions in all the objects 2017-08-29 18:36:46 +02:00			`"description": "Description of the vulnerability",`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"misp-attribute": "text",`
			`"ui-priority": 0`
JQ all the things 2017-02-13 11:18:42 +01:00			`},`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"id": {`
			`"description": "Vulnerability ID (generally CVE, but not necessarely). The id is not required as the object itself has an UUID and the CVE id can be update or assigned later.",`
chg: [vulnerability] vulnerability is is now a vulnerability type The vulnerability type is an official CVE number. We might need to add in the future a new attribute in the object for non-CVE id of a vulnerability or adding other id type in the object. This commit fixes #234 2020-08-28 11:23:10 +02:00			`"misp-attribute": "vulnerability",`
JQ all the things 2017-02-13 11:18:42 +01:00			`"multiple": true,`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"ui-priority": 0`
JQ all the things 2017-02-13 11:18:42 +01:00			`},`
ui-priority is now the King! 2017-07-03 12:25:06 +02:00			`"modified": {`
Add descriptions in all the objects 2017-08-29 18:36:46 +02:00			`"description": "Last modification date",`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"disable_correlation": true,`
fix: Vulnerability object improved to include the case of unpublished security vulnerability 2018-01-08 07:48:32 +01:00			`"misp-attribute": "datetime",`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"ui-priority": 0`
JQ all the things 2017-02-13 11:18:42 +01:00			`},`
ui-priority is now the King! 2017-07-03 12:25:06 +02:00			`"published": {`
Add descriptions in all the objects 2017-08-29 18:36:46 +02:00			`"description": "Initial publication date",`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"disable_correlation": true,`
fix: Vulnerability object improved to include the case of unpublished security vulnerability 2018-01-08 07:48:32 +01:00			`"misp-attribute": "datetime",`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"ui-priority": 0`
JQ all the things 2017-02-13 11:18:42 +01:00			`},`
ui-priority is now the King! 2017-07-03 12:25:06 +02:00			`"references": {`
Add descriptions in all the objects 2017-08-29 18:36:46 +02:00			`"description": "External references",`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"misp-attribute": "link",`
ui-priority is now the King! 2017-07-03 12:25:06 +02:00			`"multiple": true,`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"ui-priority": 0`
fix: Vulnerability object improved to include the case of unpublished security vulnerability 2018-01-08 07:48:32 +01:00			`},`
			`"state": {`
			`"description": "State of the vulnerability. A vulnerability can have multiple states depending of the current actions performed.",`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"disable_correlation": true,`
			`"misp-attribute": "text",`
fix: Vulnerability object improved to include the case of unpublished security vulnerability 2018-01-08 07:48:32 +01:00			`"multiple": true,`
			`"sane_default": [`
			`"Published",`
			`"Embargo",`
			`"Reviewed",`
			`"Vulnerability ID Assigned",`
			`"Reported",`
			`"Fixed"`
			`],`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"ui-priority": 0`
chg: [vulnerability] updated following NATO and CIRCL feedback - CVSS score added - CVSS string added - credit attribute added - text -> description - vulnerability attribute can now be any format (not only the CVE format) 2018-07-10 07:21:36 +02:00			`},`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"summary": {`
			`"description": "Summary of the vulnerability",`
			`"misp-attribute": "text",`
			`"ui-priority": 0`
chg: [vulnerability] updated following NATO and CIRCL feedback - CVSS score added - CVSS string added - credit attribute added - text -> description - vulnerability attribute can now be any format (not only the CVE format) 2018-07-10 07:21:36 +02:00			`},`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"vulnerable-configuration": {`
			`"description": "The vulnerable configuration is described in CPE format",`
chg: [vulnerability] vulnerable_configuration are now cpe type 2020-10-15 22:40:50 +02:00			`"misp-attribute": "cpe",`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"multiple": true,`
			`"ui-priority": 0`
JQ all the things 2017-02-13 11:18:42 +01:00			`}`
			`},`
chg: [vulnerability] updated following NATO and CIRCL feedback - CVSS score added - CVSS string added - credit attribute added - text -> description - vulnerability attribute can now be any format (not only the CVE format) 2018-07-10 07:21:36 +02:00			`"description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.",`
chg: [vulnerability] is now in its own vulnerability meta-category 2018-07-10 07:38:28 +02:00			`"meta-category": "vulnerability",`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"name": "vulnerability",`
			`"requiredOneOf": [`
			`"published",`
			`"modified",`
			`"references",`
			`"vulnerable-configuration",`
			`"summary",`
			`"description",`
			`"id"`
			`],`
ui-priority is now the King! 2017-07-03 12:25:06 +02:00			`"uuid": "81650945-f186-437b-8945-9f31715d32da",`
chg: [vulnerability] vulnerable_configuration are now cpe type 2020-10-15 22:40:50 +02:00			`"version": 8`
chg: [vulnerability] fixed 2020-10-15 22:49:29 +02:00			`}`