misp-website/_posts/2018-01-09-Using-MISP-to-sh...

---
title: Using MISP to share vulnerability information efficiently
layout: post
featured: /assets/images/misp/blog/vul02.png
---

# Using MISP to share vulnerability information efficiently

Software and hardware vulnerabilities are often discussed, shared, prepared, analysed and reviewed before publication. This process
can be tedious as it often includes multiple exchanges between the parties involved, including reporters, proxy-reporters, coordinators,
editors and even impacted parties. Some vulnerabilities might be shared and exchanged among trusted parties for months before being
officially disclosed. This can generate a significant workload on the staff dealing with a security team, vulnerability assessment team or
CNA (CVE Numbering Authorities).

As MISP provides the complete list of functionalities facilitating the sharing of information, sharing and collaborating on security vulnerabilities
within a trusted group is as easy as sharing indicators.

## MISP Objects

[MISP objects](/objects.html) provide a flexible way to describe combined information using a simple templating system. There is already a [vulnerability object](/objects.html#_vulnerability) which covers the most common cases used by organisations such as CSIRTs, security teams or security assessment teams. If you
have a specific use-case of vulnerability information to share, a MISP object can also be built from a custom template in a matter of minutes.

# How to share vulnerability information within MISP to a trusted group

Sharing a set of vulnerabilities to a trusted group is straightforward. First you create an event which will contain one or more
vulnerabilities and assign the corresponding sharing group. An event is just a container with meta-data associated with it such as a classification
or a generic description.

![](/assets/images/misp/blog/vul01.png)

Then when your event is created, the event can be used to attach attributes or objects. If you want to share vulnerability information,
a vulnerability object can be added to describe the vulnerability.

![](/assets/images/misp/blog/vul02.png)

The vulnerability object is composed of various attributes such as the vulnerable configuration expressed as a CPE value and can be added multiple times if you have different vulnerable configurations.

![](/assets/images/misp/blog/vul03.png)

![](/assets/images/misp/blog/vul04.png)

Another effective aspect when pre-sharing vulnerability within MISP is to benefit from the Globally Unique Identifier allocation (GUID) for each attributes. This allows to share efficiently without the need to allocate unique identifier. If a CVE allocation is done after, this has no impact on the event when the vulnerability identifiers are set.

A significant benefit is also the ability to switch the sharing and distribution in one-click when the vulnerability becomes public or the status changed from embargo to publish.

Don't hesitate to contact us if you have other models of vulnerability information distribution or any improvements.
Working document for the blog post about sharing vulnerability 2018-01-10 20:22:10 +01:00			`---`
			`title: Using MISP to share vulnerability information efficiently`
			`layout: post`
Fix the post 2018-01-11 16:54:48 +01:00			`featured: /assets/images/misp/blog/vul02.png`
Working document for the blog post about sharing vulnerability 2018-01-10 20:22:10 +01:00			`---`

			`# Using MISP to share vulnerability information efficiently`

Update 2018-01-09-Using-MISP-to-share-vulnerability-information-efficiently.md 2018-01-11 07:00:01 +01:00			`Software and hardware vulnerabilities are often discussed, shared, prepared, analysed and reviewed before publication. This process`
grammar check 2018-01-11 08:44:18 +01:00			`can be tedious as it often includes multiple exchanges between the parties involved, including reporters, proxy-reporters, coordinators,`
Update 2018-01-09-Using-MISP-to-share-vulnerability-information-efficiently.md 2018-01-11 07:00:01 +01:00			`editors and even impacted parties. Some vulnerabilities might be shared and exchanged among trusted parties for months before being`
			`officially disclosed. This can generate a significant workload on the staff dealing with a security team, vulnerability assessment team or`
Working document for the blog post about sharing vulnerability 2018-01-10 20:22:10 +01:00			`CNA (CVE Numbering Authorities).`

grammar check 2018-01-11 08:44:18 +01:00			`As MISP provides the complete list of functionalities facilitating the sharing of information, sharing and collaborating on security vulnerabilities`
Working document for the blog post about sharing vulnerability 2018-01-10 20:22:10 +01:00			`within a trusted group is as easy as sharing indicators.`

			`## MISP Objects`

Link fixed 2018-01-11 19:35:47 +01:00			`[MISP objects](/objects.html) provide a flexible way to describe combined information using a simple templating system. There is already a [vulnerability object](/objects.html#_vulnerability) which covers the most common cases used by organisations such as CSIRTs, security teams or security assessment teams. If you`
grammar check 2018-01-11 08:44:18 +01:00			`have a specific use-case of vulnerability information to share, a MISP object can also be built from a custom template in a matter of minutes.`
Working document for the blog post about sharing vulnerability 2018-01-10 20:22:10 +01:00
			`# How to share vulnerability information within MISP to a trusted group`

			`Sharing a set of vulnerabilities to a trusted group is straightforward. First you create an event which will contain one or more`
grammar check 2018-01-11 08:44:18 +01:00			`vulnerabilities and assign the corresponding sharing group. An event is just a container with meta-data associated with it such as a classification`
Working document for the blog post about sharing vulnerability 2018-01-10 20:22:10 +01:00			`or a generic description.`

			`![](/assets/images/misp/blog/vul01.png)`

			`Then when your event is created, the event can be used to attach attributes or objects. If you want to share vulnerability information,`
			`a vulnerability object can be added to describe the vulnerability.`

			`![](/assets/images/misp/blog/vul02.png)`

Fix the post 2018-01-11 16:54:48 +01:00			`The vulnerability object is composed of various attributes such as the vulnerable configuration expressed as a CPE value and can be added multiple times if you have different vulnerable configurations.`
Working document for the blog post about sharing vulnerability 2018-01-10 20:22:10 +01:00
			`![](/assets/images/misp/blog/vul03.png)`

			`![](/assets/images/misp/blog/vul04.png)`
Fix the post 2018-01-11 16:54:48 +01:00
			`Another effective aspect when pre-sharing vulnerability within MISP is to benefit from the Globally Unique Identifier allocation (GUID) for each attributes. This allows to share efficiently without the need to allocate unique identifier. If a CVE allocation is done after, this has no impact on the event when the vulnerability identifiers are set.`

			`A significant benefit is also the ability to switch the sharing and distribution in one-click when the vulnerability becomes public or the status changed from embargo to publish.`

			`Don't hesitate to contact us if you have other models of vulnerability information distribution or any improvements.`