From f116494ac99a638e13504cf3bdd1f49d191029f3 Mon Sep 17 00:00:00 2001
From: Richard Hallick <rhallick@intel471.com>
Date: Wed, 23 Sep 2020 13:02:02 +0100
Subject: [PATCH] Addition of intel471-vulnerability-intelligence object

Intel 471 object to contain structured vulnerability related data.
---
 .DS_Store                                     | Bin 0 -> 6148 bytes
 .../definition.json                           | 193 ++++++++++++++++++
 2 files changed, 193 insertions(+)
 create mode 100644 .DS_Store
 create mode 100644 objects/intel471-vulnerability-intelligence/definition.json

diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..7130af76b1907bed4cbd825f6ba20b0793037ae8
GIT binary patch
literal 6148
zcmeHK&ubGw6n>LzZMM=jV4*E|*o)vHDM^b)kwQ$<LqJ7b(Su65o21Q_&2CIK4KYS?
z5&sIki+_uF^bZlw`ppl;OjCOk(Rs_vH$UEcv+tXkogE@#l|i#elqI4J5=UzZ*&N~h
zJe`u1YFPm??xPmQ4L^*1)VV_=h5^IC-^~EuyB0MmrUv!3{d)_2SHB4nL9Ed+J*PT(
z6ym8<LTzd(3@D-_>eCidTl4c?^Rq#Bs78CVPxr`0o`+3LhwwLq?;d>SQI9aj2>v?M
zob|`nHGfN*zj-#VHJe3@;3J+E;!gC)*_YpI`@?=$edj*<-7x4Ug~Df+N?QvT7BjY;
zv6t;<ZaW^jiI)ue6|eV%*Y0~s+gIg>aUA|Ed;X)KHLPdX_Tnh<f~eIK#zC_Mm8Xw`
zs2L9{@gQpUg&$XTh=J<a%j0o=d;8|KoKxH>?M!mcxOlx#$~iZRrOCw3tY0ba)($$O
z7vq<cS8ov(gyCZ?WL4o0c!z>U%!%8J!Z<oY54W=E0VeD=Rp~Bp4$&zOTE8xuWig>4
zCN`l!Oe+=$N?o1w)F;jI5|%|nEU^x(>$4Mvv5&>FiDnl^dROzZsd?ecYwp{e>G6Z+
zaRHIUctSk_Yg5x)p#he0fK4+H8)X0tu-Uc{{b=^Rtv8zODxHXp#`QUOe51*YH)o4k
zUo~q~&lj}}G8fNRH5!Hi!@z&W0RKKXNF2)wrxL}d1DUu204+2NL0SCz10CJ~EGwK!
zL<@vTQ=l|u>WabC&4EdC^p}<XRH8H|CPs!IH8N8-6s9g7%n|Cu$`Va(7%&XXGLV+l
zEI<GE&%Xc98kw45z%cMnF~F><Tdg1@b+(=gj-Ry-(g6||t~Zq^OpvMLSQPkCyn!SH
aeGV@G%L=Cw(E>3)0)hsU83z6+1K$BUGYVP&

literal 0
HcmV?d00001

diff --git a/objects/intel471-vulnerability-intelligence/definition.json b/objects/intel471-vulnerability-intelligence/definition.json
new file mode 100644
index 0000000..4b2a9f0
--- /dev/null
+++ b/objects/intel471-vulnerability-intelligence/definition.json
@@ -0,0 +1,193 @@
+{
+  "attributes": {
+    "published": {
+      "description": "Initial publication date.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "modified": {
+      "description": "Last modification date.",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "cve-id": {
+      "description": "The vulnerability's CVE ID.",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "summary": {
+      "description": "Summary of the vulnerability.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "vulnerability-status": {
+      "description": "The status of vulnerability.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "vulnerability-type": {
+      "description": "The type of vulnerability.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "risk-level": {
+      "description": "Risk level of the vulnerability.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "vendor-name": {
+      "description": "Vendor name.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "product-name": {
+      "description": "Product name.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "interest-level-disclosed-publicly": {
+      "description": "The vulnerability has been disclosed publicly.",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "interest-level-researched-publicly": {
+      "description": "The vulnerability has been researched or documented publicly.",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "interest-level-exploit-sought": {
+      "description": "An exploit for the vulnerability is being sought.",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "activity-location-open-source": {
+      "description": "The vulnerability is being discussed in open source.",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "activity-location-underground": {
+      "description": "The vulnerability is being discussed in the underground.",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "activity-location-private": {
+      "description": "The vulnerability is being discussed in private/direct communications.",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "exploit-status-available": {
+      "description": "Exploit code for the vulnerability is available.",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "exploit-status-weaponized": {
+      "description": "The vulnerability has been used in an attack or has been included in an exploit kit.",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "exploit-status-productized": {
+      "description": "There is a module for the vulnerability in commercial exploit kits or network security tools.",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "exploit-status-not-observed": {
+      "description": "Exploit code or usage has not been observed for the vulnerability.",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "cvss-score-v2": {
+      "description": "CVSS score (version 2).",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "ui-priority": 0
+    },
+    "cvss-score-v3": {
+      "description": "CVSS score (version 3).",
+      "disable_correlation": true,
+      "misp-attribute": "float",
+      "ui-priority": 0
+    },
+    "patch-status": {
+      "description": "Availability of a patch for the vulnerability.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "underground-activity-status": {
+      "description": "Indicates if underground activity has been observed for the vulnerability.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "underground-activity-summary": {
+      "description": "Description of underground activity related to the vulnerability.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "detection": {
+      "description": "Detection signatures/definitions exist for the vulnerability.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "references": {
+      "description": "External references.",
+      "disable_correlation": false,
+      "misp-attribute": "link",
+      "multiple": true,
+      "ui-priority": 0
+    },
+    "proof-of-concept": {
+      "description": "Proof of concept code or demonstration exists.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "countermeasures": {
+      "description": "Summary of countermeasures to protect against the vulnerability.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "vulnerable-configuration": {
+      "description": "Vulnerable configuration in CPE format.",
+      "disable_correlation": false,
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "Intel 471 vulnerability intelligence object.",
+  "meta-category": "vulnerability",
+  "name": "intel471-vulnerability-intelligence",
+  "requiredOneOf": [
+    "published",
+    "modified",
+    "references",
+    "vulnerable-configuration",
+    "summary",
+    "cve-id"
+  ],
+  "uuid": "8f8ee946-1383-4139-b4da-ad8c5aceac07",
+  "version": 4
+}