diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000..7130af7 Binary files /dev/null and b/.DS_Store differ diff --git a/objects/intel471-vulnerability-intelligence/definition.json b/objects/intel471-vulnerability-intelligence/definition.json new file mode 100644 index 0000000..4b2a9f0 --- /dev/null +++ b/objects/intel471-vulnerability-intelligence/definition.json @@ -0,0 +1,193 @@ +{ + "attributes": { + "published": { + "description": "Initial publication date.", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "modified": { + "description": "Last modification date.", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "cve-id": { + "description": "The vulnerability's CVE ID.", + "disable_correlation": false, + "misp-attribute": "text", + "ui-priority": 0 + }, + "summary": { + "description": "Summary of the vulnerability.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "vulnerability-status": { + "description": "The status of vulnerability.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "vulnerability-type": { + "description": "The type of vulnerability.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "risk-level": { + "description": "Risk level of the vulnerability.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "vendor-name": { + "description": "Vendor name.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "product-name": { + "description": "Product name.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "interest-level-disclosed-publicly": { + "description": "The vulnerability has been disclosed publicly.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 0 + }, + "interest-level-researched-publicly": { + "description": "The vulnerability has been researched or documented publicly.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 0 + }, + "interest-level-exploit-sought": { + "description": "An exploit for the vulnerability is being sought.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 0 + }, + "activity-location-open-source": { + "description": "The vulnerability is being discussed in open source.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 0 + }, + "activity-location-underground": { + "description": "The vulnerability is being discussed in the underground.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 0 + }, + "activity-location-private": { + "description": "The vulnerability is being discussed in private/direct communications.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 0 + }, + "exploit-status-available": { + "description": "Exploit code for the vulnerability is available.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 0 + }, + "exploit-status-weaponized": { + "description": "The vulnerability has been used in an attack or has been included in an exploit kit.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 0 + }, + "exploit-status-productized": { + "description": "There is a module for the vulnerability in commercial exploit kits or network security tools.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 0 + }, + "exploit-status-not-observed": { + "description": "Exploit code or usage has not been observed for the vulnerability.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 0 + }, + "cvss-score-v2": { + "description": "CVSS score (version 2).", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 0 + }, + "cvss-score-v3": { + "description": "CVSS score (version 3).", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 0 + }, + "patch-status": { + "description": "Availability of a patch for the vulnerability.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "underground-activity-status": { + "description": "Indicates if underground activity has been observed for the vulnerability.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "underground-activity-summary": { + "description": "Description of underground activity related to the vulnerability.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "detection": { + "description": "Detection signatures/definitions exist for the vulnerability.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "references": { + "description": "External references.", + "disable_correlation": false, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 0 + }, + "proof-of-concept": { + "description": "Proof of concept code or demonstration exists.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "countermeasures": { + "description": "Summary of countermeasures to protect against the vulnerability.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "vulnerable-configuration": { + "description": "Vulnerable configuration in CPE format.", + "disable_correlation": false, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + } + }, + "description": "Intel 471 vulnerability intelligence object.", + "meta-category": "vulnerability", + "name": "intel471-vulnerability-intelligence", + "requiredOneOf": [ + "published", + "modified", + "references", + "vulnerable-configuration", + "summary", + "cve-id" + ], + "uuid": "8f8ee946-1383-4139-b4da-ad8c5aceac07", + "version": 4 +}