misp-website/_posts/2018-01-09-Using-MISP-to-sh...

---
title: Using MISP to share vulnerability information efficiently
layout: post
featured: /assets/images/misp-small.png
---

# Using MISP to share vulnerability information efficiently

Software and hardware vulnerability are often discussed, shared, prepared, analysed or reviewed before publication. This process
can be tedious as this is often a lot of exchanges between the parties involved including reporters, proxy-reporters, coordinators,
editor and even impacted parties. Some vulnerabilities might be shared and exchanged within trusted parties for months before being
officially disclosed. This can generate a significant workload on a staff dealing with security team, vulnerability assessment team or
CNA (CVE Numbering Authorities).

As MISP provides a complete functionality software for sharing information, sharing and collaborating on security vulnerabilities
within a trusted group is as easy as sharing indicators.

## MISP Objects

MISP objects provide a flexible way to describe combined information using a simple templating system. There is already a vulnerability
object which covers the most common cases used by organisations such as CSIRTs, security team or security assessment team. But if you
have a specific use-case of vulnerability information to share, a MISP object can be built from a template in a matter of minutes.

# How to share vulnerability information within MISP to a trusted group

Sharing a set of vulnerabilities to a trusted group is straightforward. First you create an event which will contain one or more
vulnerability with the corresponding sharing group. An event is just a container with meta-data associated to it such as classification
or a generic description.

![](/assets/images/misp/blog/vul01.png)

Then when your event is created, the event can be used to attach attributes or objects. If you want to share vulnerability information,
a vulnerability object can be added to describe the vulnerability.

![](/assets/images/misp/blog/vul02.png)

The vulnerability object is composed of various attributes such as vulnerable configuration where it's expressed as a CPE value and
can be added multiple times if you have different vulnerable configurations.

![](/assets/images/misp/blog/vul03.png)

![](/assets/images/misp/blog/vul04.png)
Working document for the blog post about sharing vulnerability 2018-01-10 20:22:10 +01:00			`---`
			`title: Using MISP to share vulnerability information efficiently`
			`layout: post`
			`featured: /assets/images/misp-small.png`
			`---`

			`# Using MISP to share vulnerability information efficiently`

			`Software and hardware vulnerability are often discussed, shared, prepared, analysed or reviewed before publication. This process`
			`can be tedious as this is often a lot of exchanges between the parties involved including reporters, proxy-reporters, coordinators,`
			`editor and even impacted parties. Some vulnerabilities might be shared and exchanged within trusted parties for months before being`
			`officially disclosed. This can generate a significant workload on a staff dealing with security team, vulnerability assessment team or`
			`CNA (CVE Numbering Authorities).`

			`As MISP provides a complete functionality software for sharing information, sharing and collaborating on security vulnerabilities`
			`within a trusted group is as easy as sharing indicators.`

			`## MISP Objects`

			`MISP objects provide a flexible way to describe combined information using a simple templating system. There is already a vulnerability`
			`object which covers the most common cases used by organisations such as CSIRTs, security team or security assessment team. But if you`
			`have a specific use-case of vulnerability information to share, a MISP object can be built from a template in a matter of minutes.`

			`# How to share vulnerability information within MISP to a trusted group`

			`Sharing a set of vulnerabilities to a trusted group is straightforward. First you create an event which will contain one or more`
			`vulnerability with the corresponding sharing group. An event is just a container with meta-data associated to it such as classification`
			`or a generic description.`

			`![](/assets/images/misp/blog/vul01.png)`

			`Then when your event is created, the event can be used to attach attributes or objects. If you want to share vulnerability information,`
			`a vulnerability object can be added to describe the vulnerability.`

			`![](/assets/images/misp/blog/vul02.png)`

			`The vulnerability object is composed of various attributes such as vulnerable configuration where it's expressed as a CPE value and`
			`can be added multiple times if you have different vulnerable configurations.`

			`![](/assets/images/misp/blog/vul03.png)`

			`![](/assets/images/misp/blog/vul04.png)`