Fix the post

pull/3/head
Alexandre Dulaunoy 2018-01-11 16:54:48 +01:00
parent b5a3fe910f
commit 0829e8a130
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 9 additions and 5 deletions

View File

@ -1,7 +1,7 @@
--- ---
title: Using MISP to share vulnerability information efficiently title: Using MISP to share vulnerability information efficiently
layout: post layout: post
featured: /assets/images/misp-small.png featured: /assets/images/misp/blog/vul02.png
--- ---
# Using MISP to share vulnerability information efficiently # Using MISP to share vulnerability information efficiently
@ -17,8 +17,7 @@ within a trusted group is as easy as sharing indicators.
## MISP Objects ## MISP Objects
MISP objects provide a flexible way to describe combined information using a simple templating system. There is already a vulnerability [MISP objects](objects.html) provide a flexible way to describe combined information using a simple templating system. There is already a [vulnerability object](/objects.html#_vulnerability) which covers the most common cases used by organisations such as CSIRTs, security teams or security assessment teams. If you
object which covers the most common cases used by organisations such as CSIRTs, security teams or security assessment teams. If you
have a specific use-case of vulnerability information to share, a MISP object can also be built from a custom template in a matter of minutes. have a specific use-case of vulnerability information to share, a MISP object can also be built from a custom template in a matter of minutes.
# How to share vulnerability information within MISP to a trusted group # How to share vulnerability information within MISP to a trusted group
@ -34,9 +33,14 @@ a vulnerability object can be added to describe the vulnerability.
![](/assets/images/misp/blog/vul02.png) ![](/assets/images/misp/blog/vul02.png)
The vulnerability object is composed of various attributes such as the vulnerable configuration expressed as a CPE value and The vulnerability object is composed of various attributes such as the vulnerable configuration expressed as a CPE value and can be added multiple times if you have different vulnerable configurations.
can be added multiple times if you have different vulnerable configurations.
![](/assets/images/misp/blog/vul03.png) ![](/assets/images/misp/blog/vul03.png)
![](/assets/images/misp/blog/vul04.png) ![](/assets/images/misp/blog/vul04.png)
Another effective aspect when pre-sharing vulnerability within MISP is to benefit from the Globally Unique Identifier allocation (GUID) for each attributes. This allows to share efficiently without the need to allocate unique identifier. If a CVE allocation is done after, this has no impact on the event when the vulnerability identifiers are set.
A significant benefit is also the ability to switch the sharing and distribution in one-click when the vulnerability becomes public or the status changed from embargo to publish.
Don't hesitate to contact us if you have other models of vulnerability information distribution or any improvements.