new: Weakness & attack-pattern objects to describe CWE & CAPEC related to a CVE

- The attack-pattern object is using a new
  attribute type called weakness to describe CWE
  id, which will link to its own information as
  described in https://cve.circl.lu
pull/195/head
chrisr3d 2019-08-01 14:34:30 +02:00
parent d2f955bc74
commit ad83a3a56f
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
2 changed files with 97 additions and 0 deletions

View File

@ -0,0 +1,45 @@
{
"requiredOneOf": [
"name",
"id"
],
"attributes": {
"id": {
"description": "CAPEC ID.",
"ui-priority": 0,
"disable_correlation": true,
"misp-attribute": "text"
},
"name": {
"description": "Name of the attack pattern.",
"ui-priority": 0,
"misp-attribute": "text"
},
"summary": {
"description": "Summary description of the attack pattern.",
"ui-priority": 0,
"misp-attribute": "text"
},
"prerequisites": {
"description": "Prerequisites for the attack pattern to succeed.",
"ui-priority": 0,
"misp-attribute": "text"
},
"solutions": {
"description": "Solutions for the attack pattern to be countered.",
"ui-priority": 0,
"misp-attribute": "text"
},
"related-weakness": {
"description": "Weakness related to the attack pattern.",
"ui-priority": 0,
"multiple": true,
"misp-attribute": "weakness"
}
},
"version": 1,
"description": "Attack pattern describing a common attack pattern enumeration and classification.",
"meta-category": "vulnerability",
"uuid": "35928348-56be-4d7f-9752-a80927936351",
"name": "attack-pattern"
}

View File

@ -0,0 +1,52 @@
{
"requiredOneOf": [
"id",
"name",
"description"
],
"attributes": {
"id": {
"description": "Weakness ID (generally CWE).",
"ui-priority": 0,
"misp-attribute": "text"
},
"description": {
"description": "Description of the weakness.",
"ui-priority": 0,
"misp-attribute": "text"
},
"name": {
"description": "Name of the weakness.",
"ui-priority": 0,
"misp-attribute": "text"
},
"status": {
"description": "Status of the weakness.",
"ui-priority": 0,
"sane_default": [
"Incomplete",
"Deprecated",
"Draft",
"Usable"
],
"disable_correlation": true,
"misp-attribute": "text"
},
"weakness-abs": {
"description": "Abstraction of the weakness.",
"ui-priority": 0,
"sane_default": [
"Class",
"Base",
"Variant"
],
"disable_correlation": true,
"misp-attribute": "text"
}
},
"version": 1,
"description": "Weakness object describing a common weakness enumeration which can describe usable, incomplete, draft or deprecated weakness for software, equipment of hardware.",
"meta-category": "vulnerability",
"uuid": "b8713fc0-d7a2-4b27-a182-38ed47966802",
"name": "weakness"
}