new: Weakness & attack-pattern objects to describe CWE & CAPEC related to a CVE

- The attack-pattern object is using a new attribute type called weakness to describe CWE id, which will link to its own information as described in https://cve.circl.lu
2019-08-01 14:34:30 +02:00 · 2019-08-01 14:34:30 +02:00 · ad83a3a56f
parent d2f955bc74
commit ad83a3a56f
2 changed files with 97 additions and 0 deletions
--- a/objects/attack-pattern/definition.json
+++ b/objects/attack-pattern/definition.json
@ -0,0 +1,45 @@
 {
    "requiredOneOf": [
        "name",
        "id"
    ],
    "attributes": {
        "id": {
            "description": "CAPEC ID.",
            "ui-priority": 0,
            "disable_correlation": true,
            "misp-attribute": "text"
        },
        "name": {
            "description": "Name of the attack pattern.",
            "ui-priority": 0,
            "misp-attribute": "text"
        },
        "summary": {
            "description": "Summary description of the attack pattern.",
            "ui-priority": 0,
            "misp-attribute": "text"
        },
        "prerequisites": {
            "description": "Prerequisites for the attack pattern to succeed.",
            "ui-priority": 0,
            "misp-attribute": "text"
        },
        "solutions": {
            "description": "Solutions for the attack pattern to be countered.",
            "ui-priority": 0,
            "misp-attribute": "text"
        },
        "related-weakness": {
            "description": "Weakness related to the attack pattern.",
            "ui-priority": 0,
            "multiple": true,
            "misp-attribute": "weakness"
        }
    },
    "version": 1,
    "description": "Attack pattern describing a common attack pattern enumeration and classification.",
    "meta-category": "vulnerability",
    "uuid": "35928348-56be-4d7f-9752-a80927936351",
    "name": "attack-pattern"
 }
--- a/objects/weakness/definition.json
+++ b/objects/weakness/definition.json
@ -0,0 +1,52 @@
 {
    "requiredOneOf": [
        "id",
        "name",
        "description"
    ],
    "attributes": {
        "id": {
            "description": "Weakness ID (generally CWE).",
            "ui-priority": 0,
            "misp-attribute": "text"
        },
        "description": {
            "description": "Description of the weakness.",
            "ui-priority": 0,
            "misp-attribute": "text"
        },
        "name": {
            "description": "Name of the weakness.",
            "ui-priority": 0,
            "misp-attribute": "text"
        },
        "status": {
            "description": "Status of the weakness.",
            "ui-priority": 0,
            "sane_default": [
                "Incomplete",
                "Deprecated",
                "Draft",
                "Usable"
            ],
            "disable_correlation": true,
            "misp-attribute": "text"
        },
        "weakness-abs": {
            "description": "Abstraction of the weakness.",
            "ui-priority": 0,
            "sane_default": [
                "Class",
                "Base",
                "Variant"
            ],
            "disable_correlation": true,
            "misp-attribute": "text"
        }
    },
    "version": 1,
    "description": "Weakness object describing a common weakness enumeration which can describe usable, incomplete, draft or deprecated weakness for software, equipment of hardware.",
    "meta-category": "vulnerability",
    "uuid": "b8713fc0-d7a2-4b27-a182-38ed47966802",
    "name": "weakness"
 }