mirror of https://github.com/MISP/misp-website
43 lines
2.2 KiB
Markdown
43 lines
2.2 KiB
Markdown
|
---
|
||
|
title: Using MISP to share vulnerability information efficiently
|
||
|
layout: post
|
||
|
featured: /assets/images/misp-small.png
|
||
|
---
|
||
|
|
||
|
# Using MISP to share vulnerability information efficiently
|
||
|
|
||
|
Software and hardware vulnerability are often discussed, shared, prepared, analysed or reviewed before publication. This process
|
||
|
can be tedious as this is often a lot of exchanges between the parties involved including reporters, proxy-reporters, coordinators,
|
||
|
editor and even impacted parties. Some vulnerabilities might be shared and exchanged within trusted parties for months before being
|
||
|
officially disclosed. This can generate a significant workload on a staff dealing with security team, vulnerability assessment team or
|
||
|
CNA (CVE Numbering Authorities).
|
||
|
|
||
|
As MISP provides a complete functionality software for sharing information, sharing and collaborating on security vulnerabilities
|
||
|
within a trusted group is as easy as sharing indicators.
|
||
|
|
||
|
## MISP Objects
|
||
|
|
||
|
MISP objects provide a flexible way to describe combined information using a simple templating system. There is already a vulnerability
|
||
|
object which covers the most common cases used by organisations such as CSIRTs, security team or security assessment team. But if you
|
||
|
have a specific use-case of vulnerability information to share, a MISP object can be built from a template in a matter of minutes.
|
||
|
|
||
|
# How to share vulnerability information within MISP to a trusted group
|
||
|
|
||
|
Sharing a set of vulnerabilities to a trusted group is straightforward. First you create an event which will contain one or more
|
||
|
vulnerability with the corresponding sharing group. An event is just a container with meta-data associated to it such as classification
|
||
|
or a generic description.
|
||
|
|
||
|
![](/assets/images/misp/blog/vul01.png)
|
||
|
|
||
|
Then when your event is created, the event can be used to attach attributes or objects. If you want to share vulnerability information,
|
||
|
a vulnerability object can be added to describe the vulnerability.
|
||
|
|
||
|
![](/assets/images/misp/blog/vul02.png)
|
||
|
|
||
|
The vulnerability object is composed of various attributes such as vulnerable configuration where it's expressed as a CPE value and
|
||
|
can be added multiple times if you have different vulnerable configurations.
|
||
|
|
||
|
![](/assets/images/misp/blog/vul03.png)
|
||
|
|
||
|
![](/assets/images/misp/blog/vul04.png)
|