From 3c17729f0ec5d8d03f53d7588ad487428c91fa5e Mon Sep 17 00:00:00 2001 From: Christian Studer Date: Thu, 22 Jun 2023 15:16:48 +0200 Subject: [PATCH] wip: [impacts] New template for different types of impacts as described in STIX 2.1 Incident object extensions --- objects/availability-impact/definition.json | 96 +++++++++++++ .../confidentiality-impact/definition.json | 125 ++++++++++++++++ objects/external-impact/definition.json | 97 +++++++++++++ objects/integrity-impact/definition.json | 127 ++++++++++++++++ objects/monetary-impact/definition.json | 135 ++++++++++++++++++ objects/physical-impact/definition.json | 124 ++++++++++++++++ objects/traceability-impact/definition.json | 93 ++++++++++++ 7 files changed, 797 insertions(+) create mode 100644 objects/availability-impact/definition.json create mode 100644 objects/confidentiality-impact/definition.json create mode 100644 objects/external-impact/definition.json create mode 100644 objects/integrity-impact/definition.json create mode 100644 objects/monetary-impact/definition.json create mode 100644 objects/physical-impact/definition.json create mode 100644 objects/traceability-impact/definition.json diff --git a/objects/availability-impact/definition.json b/objects/availability-impact/definition.json new file mode 100644 index 0000000..ff6daa1 --- /dev/null +++ b/objects/availability-impact/definition.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "availability_impact": { + "description": "The availability impact.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "Not Specified", + "None", + "Minimal", + "Significant", + "Denial", + "Loss of Control" + ], + "ui-priority": 0 + }, + "criticality": { + "description": "Criticality of the impact", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "Not Specified", + "False Positive", + "Low", + "Moderate", + "High", + "Extreme" + ], + "ui-priority": 0 + }, + "description": { + "description": "Additional details about the impact.", + "misp-attribute": "text", + "ui-priority": 0 + }, + "end_time": { + "description": "The date and time the impact was last recorded.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "end_time_fidelity": { + "description": "Level of fidelity that the `end_time` is recorded in.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "day", + "hour", + "minute", + "month", + "second", + "year" + ], + "ui-priority": 0 + }, + "recoverability": { + "description": "Recoverability of this particular impact with respect to feasibility and required time and resources.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "extended", + "not-applicable", + "not-recoverable", + "regular", + "supplemented" + ], + "ui-priority": 0 + }, + "start_time": { + "description": "The date and time the impact was first recorded.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "start_time_fidelity": { + "description": "Level of fidelity that the `start_time` is recorded in.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "day", + "hour", + "minute", + "month", + "second", + "year" + ], + "ui-priority": 0 + } + }, + "description": "Availability Impact object as described in STIX 2.1 Incident object extension.", + "meta-category": "misc", + "name": "availability-impact", + "required": [ + "availability_impact" + ], + "uuid": "19b4394a-46a9-4196-a30c-080eaed06273", + "version": 1 +} \ No newline at end of file diff --git a/objects/confidentiality-impact/definition.json b/objects/confidentiality-impact/definition.json new file mode 100644 index 0000000..022dad0 --- /dev/null +++ b/objects/confidentiality-impact/definition.json @@ -0,0 +1,125 @@ +{ + "attributes": { + "criticality": { + "description": "Criticality of the impact", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "Not Specified", + "False Positive", + "Low", + "Moderate", + "High", + "Extreme" + ], + "ui-priority": 0 + }, + "description": { + "description": "Additional details about the impact.", + "misp-attribute": "text", + "ui-priority": 0 + }, + "end_time": { + "description": "The date and time the impact was last recorded.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "end_time_fidelity": { + "description": "Level of fidelity that the `end_time` is recorded in.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "day", + "hour", + "minute", + "month", + "second", + "year" + ], + "ui-priority": 0 + }, + "information_type": { + "description": "Type of information that had its confidentiality compromised.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "classified-material", + "communication", + "credentials-admin", + "credentials-user", + "financial", + "leval", + "payment", + "phi", + "pii", + "proprietary" + ], + "ui-priority": 0 + }, + "loss_type": { + "description": "The type of loss that occurred to the relevant information.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "confirmed-loss", + "contained", + "exploited-loss", + "none", + "suspected-loss" + ], + "ui-priority": 0 + }, + "record_count":{ + "description": "The number of records of this type that were compromised.", + "disable_correlation": true, + "misp_attribute": "counter", + "ui-priority": 0 + }, + "record_size":{ + "description": "The amount of data that was compromised in bytes.", + "disable_correlation": true, + "misp_attribute": "size-in-bytes", + "ui-priority": 0 + }, + "recoverability": { + "description": "Recoverability of this particular impact with respect to feasibility and required time and resources.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "extended", + "not-applicable", + "not-recoverable", + "regular", + "supplemented" + ], + "ui-priority": 0 + }, + "start_time": { + "description": "The date and time the impact was first recorded.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "start_time_fidelity": { + "description": "Level of fidelity that the `start_time` is recorded in.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "day", + "hour", + "minute", + "month", + "second", + "year" + ], + "ui-priority": 0 + } + }, + "description": "Confidentiality Impact object as described in STIX 2.1 Incident object extension.", + "meta-category": "misc", + "name": "confidentiality-impact", + "required": [ + "loss_type" + ], + "uuid": "b0027f13-56e4-4c85-9632-3cf81208429b", + "version": 1 +} \ No newline at end of file diff --git a/objects/external-impact/definition.json b/objects/external-impact/definition.json new file mode 100644 index 0000000..045cb20 --- /dev/null +++ b/objects/external-impact/definition.json @@ -0,0 +1,97 @@ +{ + "attributes": { + "criticality": { + "description": "Criticality of the impact", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "Not Specified", + "False Positive", + "Low", + "Moderate", + "High", + "Extreme" + ], + "ui-priority": 0 + }, + "description": { + "description": "Additional details about the impact.", + "misp-attribute": "text", + "ui-priority": 0 + }, + "end_time": { + "description": "The date and time the impact was last recorded.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "end_time_fidelity": { + "description": "Level of fidelity that the `end_time` is recorded in.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "day", + "hour", + "minute", + "month", + "second", + "year" + ], + "ui-priority": 0 + }, + "impact_type": { + "description": "Type of impact.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "economic", + "emergency-services", + "foreign-relations", + "national-secuirty", + "public-confidence", + "public-health", + "public-safety" + ], + "ui-priority": 0 + }, + "recoverability": { + "description": "Recoverability of this particular impact with respect to feasibility and required time and resources.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "extended", + "not-applicable", + "not-recoverable", + "regular", + "supplemented" + ], + "ui-priority": 0 + }, + "start_time": { + "description": "The date and time the impact was first recorded.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "start_time_fidelity": { + "description": "Level of fidelity that the `start_time` is recorded in.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "day", + "hour", + "minute", + "month", + "second", + "year" + ], + "ui-priority": 0 + } + }, + "description": "External Impact object as described in STIX 2.1 Incident object extension.", + "meta-category": "misc", + "name": "external-impact", + "required": [ + "impact_type" + ], + "uuid": "4ac36991-9333-4ada-8e17-bcbeb988160a", + "version": 1 +} \ No newline at end of file diff --git a/objects/integrity-impact/definition.json b/objects/integrity-impact/definition.json new file mode 100644 index 0000000..b53dca1 --- /dev/null +++ b/objects/integrity-impact/definition.json @@ -0,0 +1,127 @@ +{ + "attributes": { + "alteration": { + "description": "", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "potential-destruction", + "potential-modification", + "partial-destruction", + "partial-modification", + "full-destruction", + "full-modification", + "none" + ], + "ui-priority": 0 + }, + "criticality": { + "description": "Criticality of the impact", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "Not Specified", + "False Positive", + "Low", + "Moderate", + "High", + "Extreme" + ], + "ui-priority": 0 + }, + "description": { + "description": "Additional details about the impact.", + "misp-attribute": "text", + "ui-priority": 0 + }, + "end_time": { + "description": "The date and time the impact was last recorded.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "end_time_fidelity": { + "description": "Level of fidelity that the `end_time` is recorded in.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "day", + "hour", + "minute", + "month", + "second", + "year" + ], + "ui-priority": 0 + }, + "information_type": { + "description": "Type of information that had its confidentiality compromised.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "classified-material", + "communication", + "credentials-admin", + "credentials-user", + "financial", + "leval", + "payment", + "phi", + "pii", + "proprietary" + ], + "ui-priority": 0 + }, + "record_count": { + "description": "The number of records of this type that were compromised.", + "disable_correlation": true, + "misp_attribute": "counter", + "ui-priority": 0 + }, + "record_size": { + "description": "The amount of data that was compromised in bytes.", + "disable_correlation": true, + "misp_attribute": "size-in-bytes", + "ui-priority": 0 + }, + "recoverability": { + "description": "Recoverability of this particular impact with respect to feasibility and required time and resources.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "extended", + "not-applicable", + "not-recoverable", + "regular", + "supplemented" + ], + "ui-priority": 0 + }, + "start_time": { + "description": "The date and time the impact was first recorded.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "start_time_fidelity": { + "description": "Level of fidelity that the `start_time` is recorded in.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "day", + "hour", + "minute", + "month", + "second", + "year" + ], + "ui-priority": 0 + } + }, + "description": "Integrity Impact object as described in STIX 2.1 Incident object extension.", + "meta-category": "misc", + "name": "integrity-impact", + "required": [ + "alteration" + ], + "uuid": "604830f2-8035-4454-aa32-7f6eee1f04c6", + "version": 1 +} \ No newline at end of file diff --git a/objects/monetary-impact/definition.json b/objects/monetary-impact/definition.json new file mode 100644 index 0000000..0fe7c37 --- /dev/null +++ b/objects/monetary-impact/definition.json @@ -0,0 +1,135 @@ +{ + "attributes": { + "conversion_rate": { + "description": "Conversion rate between currency and currency_actual (if needed).", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 0 + }, + "conversion_time": { + "description": "Timestamp when the conversion rate was queried.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "criticality": { + "description": "Criticality of the impact", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "Not Specified", + "False Positive", + "Low", + "Moderate", + "High", + "Extreme" + ], + "ui-priority": 0 + }, + "currency": { + "description": "Currency used to describe the max and min amount of the impact.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "currency_actual": { + "description": "Currency that the impact actually used.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "description": { + "description": "Additional details about the impact.", + "misp-attribute": "text", + "ui-priority": 0 + }, + "end_time": { + "description": "The date and time the impact was last recorded.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "end_time_fidelity": { + "description": "Level of fidelity that the `end_time` is recorded in.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "day", + "hour", + "minute", + "month", + "second", + "year" + ], + "ui-priority": 0 + }, + "max_amount": { + "description": "Maximum damage estimate.", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 0 + }, + "min_amount": { + "description": "Minimum damage estimate.", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 0 + }, + "recoverability": { + "description": "Recoverability of this particular impact with respect to feasibility and required time and resources.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "extended", + "not-applicable", + "not-recoverable", + "regular", + "supplemented" + ], + "ui-priority": 0 + }, + "start_time": { + "description": "The date and time the impact was first recorded.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "start_time_fidelity": { + "description": "Level of fidelity that the `start_time` is recorded in.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "day", + "hour", + "minute", + "month", + "second", + "year" + ], + "ui-priority": 0 + }, + "variety": { + "description": "Variety of the moneraty impact.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "asset-and-fraud", + "brand-damage", + "business-disruption", + "competitive-advantage", + "legal-and-regulatory", + "operating-costs", + "ransom-demand", + "ransom-payment", + "response-and-recovery", + "uncategorized" + ], + "ui-priority": 0 + } + }, + "description": "Monetary Impact object as described in STIX 2.1 Incident object extension.", + "meta-category": "misc", + "name": "monetary-impact", + "required": [ + "variety" + ], + "uuid": "3376296c-c1ef-4847-979f-2bfc49aa983e", + "version": 1 +} \ No newline at end of file diff --git a/objects/physical-impact/definition.json b/objects/physical-impact/definition.json new file mode 100644 index 0000000..54cd04a --- /dev/null +++ b/objects/physical-impact/definition.json @@ -0,0 +1,124 @@ +{ + "attributes": { + "asset_type": { + "description": "The type or property or system that was affected by this impact.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "building-doors", + "building-windows", + "buildings", + "computers-mobile", + "computers-personal", + "computers-server", + "environment", + "ics-actuator", + "ics-engineering-workstation", + "ics-historian", + "ics-hmi", + "ics-other", + "ics-plc", + "ics-safety-system", + "ics-sensor", + "inventory", + "network-device", + "private-infrastructure", + "public-infrastructure", + "security-containers", + "vehicles" + ], + "ui-priority": 0 + }, + "criticality": { + "description": "Criticality of the impact", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "Not Specified", + "False Positive", + "Low", + "Moderate", + "High", + "Extreme" + ], + "ui-priority": 0 + }, + "description": { + "description": "Additional details about the impact.", + "misp-attribute": "text", + "ui-priority": 0 + }, + "end_time": { + "description": "The date and time the impact was last recorded.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "end_time_fidelity": { + "description": "Level of fidelity that the `end_time` is recorded in.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "day", + "hour", + "minute", + "month", + "second", + "year" + ], + "ui-priority": 0 + }, + "impact_type": { + "description": "Type of physical impact.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "damaged-functional", + "damaged-nonfunctional", + "destruction", + "none", + "unknown" + ], + "ui-priority": 0 + }, + "recoverability": { + "description": "Recoverability of this particular impact with respect to feasibility and required time and resources.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "extended", + "not-applicable", + "not-recoverable", + "regular", + "supplemented" + ], + "ui-priority": 0 + }, + "start_time": { + "description": "The date and time the impact was first recorded.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "start_time_fidelity": { + "description": "Level of fidelity that the `start_time` is recorded in.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "day", + "hour", + "minute", + "month", + "second", + "year" + ], + "ui-priority": 0 + } + }, + "description": "Physical Impact object as described in STIX 2.1 Incident object extension.", + "meta-category": "misc", + "name": "physical-impact", + "required": [ + "impact_type" + ], + "uuid": "ae979b91-5896-46f7-ad70-4f3036d79251", + "version": 1 +} \ No newline at end of file diff --git a/objects/traceability-impact/definition.json b/objects/traceability-impact/definition.json new file mode 100644 index 0000000..5aa5f55 --- /dev/null +++ b/objects/traceability-impact/definition.json @@ -0,0 +1,93 @@ +{ + "attributes": { + "criticality": { + "description": "Criticality of the impact", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "Not Specified", + "False Positive", + "Low", + "Moderate", + "High", + "Extreme" + ], + "ui-priority": 0 + }, + "description": { + "description": "Additional details about the impact.", + "misp-attribute": "text", + "ui-priority": 0 + }, + "end_time": { + "description": "The date and time the impact was last recorded.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "end_time_fidelity": { + "description": "Level of fidelity that the `end_time` is recorded in.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "day", + "hour", + "minute", + "month", + "second", + "year" + ], + "ui-priority": 0 + }, + "recoverability": { + "description": "Recoverability of this particular impact with respect to feasibility and required time and resources.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "extended", + "not-applicable", + "not-recoverable", + "regular", + "supplemented" + ], + "ui-priority": 0 + }, + "start_time": { + "description": "The date and time the impact was first recorded.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "start_time_fidelity": { + "description": "Level of fidelity that the `start_time` is recorded in.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "day", + "hour", + "minute", + "month", + "second", + "year" + ], + "ui-priority": 0 + }, + "traceability_impact": { + "description": "Impact on a system or organization's ability to perform audits or provvide non-repudiation.", + "disable_correlation": true, + "misp-attribute": "text", + "sane_default": [ + "accountability-lost", + "partial-accountability", + "provable-accountability" + ], + "ui-priority": 0 + } + }, + "description": "Traceability Impact object as described in STIX 2.1 Incident object extension.", + "meta-category": "misc", + "name": "traceability-impact", + "required": [ + "traceability_impact" + ], + "uuid": "1dd26500-6246-4750-ad47-94ae4e200d8f", + "version": 1 +} \ No newline at end of file