mirror of https://github.com/MISP/misp-website
Fix the post
parent
b5a3fe910f
commit
0829e8a130
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
title: Using MISP to share vulnerability information efficiently
|
title: Using MISP to share vulnerability information efficiently
|
||||||
layout: post
|
layout: post
|
||||||
featured: /assets/images/misp-small.png
|
featured: /assets/images/misp/blog/vul02.png
|
||||||
---
|
---
|
||||||
|
|
||||||
# Using MISP to share vulnerability information efficiently
|
# Using MISP to share vulnerability information efficiently
|
||||||
|
@ -17,8 +17,7 @@ within a trusted group is as easy as sharing indicators.
|
||||||
|
|
||||||
## MISP Objects
|
## MISP Objects
|
||||||
|
|
||||||
MISP objects provide a flexible way to describe combined information using a simple templating system. There is already a vulnerability
|
[MISP objects](objects.html) provide a flexible way to describe combined information using a simple templating system. There is already a [vulnerability object](/objects.html#_vulnerability) which covers the most common cases used by organisations such as CSIRTs, security teams or security assessment teams. If you
|
||||||
object which covers the most common cases used by organisations such as CSIRTs, security teams or security assessment teams. If you
|
|
||||||
have a specific use-case of vulnerability information to share, a MISP object can also be built from a custom template in a matter of minutes.
|
have a specific use-case of vulnerability information to share, a MISP object can also be built from a custom template in a matter of minutes.
|
||||||
|
|
||||||
# How to share vulnerability information within MISP to a trusted group
|
# How to share vulnerability information within MISP to a trusted group
|
||||||
|
@ -34,9 +33,14 @@ a vulnerability object can be added to describe the vulnerability.
|
||||||
|
|
||||||
![](/assets/images/misp/blog/vul02.png)
|
![](/assets/images/misp/blog/vul02.png)
|
||||||
|
|
||||||
The vulnerability object is composed of various attributes such as the vulnerable configuration expressed as a CPE value and
|
The vulnerability object is composed of various attributes such as the vulnerable configuration expressed as a CPE value and can be added multiple times if you have different vulnerable configurations.
|
||||||
can be added multiple times if you have different vulnerable configurations.
|
|
||||||
|
|
||||||
![](/assets/images/misp/blog/vul03.png)
|
![](/assets/images/misp/blog/vul03.png)
|
||||||
|
|
||||||
![](/assets/images/misp/blog/vul04.png)
|
![](/assets/images/misp/blog/vul04.png)
|
||||||
|
|
||||||
|
Another effective aspect when pre-sharing vulnerability within MISP is to benefit from the Globally Unique Identifier allocation (GUID) for each attributes. This allows to share efficiently without the need to allocate unique identifier. If a CVE allocation is done after, this has no impact on the event when the vulnerability identifiers are set.
|
||||||
|
|
||||||
|
A significant benefit is also the ability to switch the sharing and distribution in one-click when the vulnerability becomes public or the status changed from embargo to publish.
|
||||||
|
|
||||||
|
Don't hesitate to contact us if you have other models of vulnerability information distribution or any improvements.
|
||||||
|
|
Loading…
Reference in New Issue