From c2bd8de0e1527ed4eff2b894bbf6cccb57174183 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 10 Jan 2018 20:22:10 +0100 Subject: [PATCH] Working document for the blog post about sharing vulnerability --- ...e-vulnerability-information-efficiently.md | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100755 _posts/2018-01-09-Using-MISP-to-share-vulnerability-information-efficiently.md diff --git a/_posts/2018-01-09-Using-MISP-to-share-vulnerability-information-efficiently.md b/_posts/2018-01-09-Using-MISP-to-share-vulnerability-information-efficiently.md new file mode 100755 index 0000000..62cced9 --- /dev/null +++ b/_posts/2018-01-09-Using-MISP-to-share-vulnerability-information-efficiently.md @@ -0,0 +1,42 @@ +--- +title: Using MISP to share vulnerability information efficiently +layout: post +featured: /assets/images/misp-small.png +--- + +# Using MISP to share vulnerability information efficiently + +Software and hardware vulnerability are often discussed, shared, prepared, analysed or reviewed before publication. This process +can be tedious as this is often a lot of exchanges between the parties involved including reporters, proxy-reporters, coordinators, +editor and even impacted parties. Some vulnerabilities might be shared and exchanged within trusted parties for months before being +officially disclosed. This can generate a significant workload on a staff dealing with security team, vulnerability assessment team or +CNA (CVE Numbering Authorities). + +As MISP provides a complete functionality software for sharing information, sharing and collaborating on security vulnerabilities +within a trusted group is as easy as sharing indicators. + +## MISP Objects + +MISP objects provide a flexible way to describe combined information using a simple templating system. There is already a vulnerability +object which covers the most common cases used by organisations such as CSIRTs, security team or security assessment team. But if you +have a specific use-case of vulnerability information to share, a MISP object can be built from a template in a matter of minutes. + +# How to share vulnerability information within MISP to a trusted group + +Sharing a set of vulnerabilities to a trusted group is straightforward. First you create an event which will contain one or more +vulnerability with the corresponding sharing group. An event is just a container with meta-data associated to it such as classification +or a generic description. + +![](/assets/images/misp/blog/vul01.png) + +Then when your event is created, the event can be used to attach attributes or objects. If you want to share vulnerability information, +a vulnerability object can be added to describe the vulnerability. + +![](/assets/images/misp/blog/vul02.png) + +The vulnerability object is composed of various attributes such as vulnerable configuration where it's expressed as a CPE value and +can be added multiple times if you have different vulnerable configurations. + +![](/assets/images/misp/blog/vul03.png) + +![](/assets/images/misp/blog/vul04.png)