MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Working document for the blog post about sharing vulnerability

pull/3/head
Alexandre Dulaunoy 2018-01-10 20:22:10 +01:00
parent ac3b447689
commit c2bd8de0e1
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
_posts/2018-01-09-Using-MISP-to-share-vulnerability-information-efficiently.md Executable file
View File

@ -0,0 +1,42 @@
---
title: Using MISP to share vulnerability information efficiently
layout: post
featured: /assets/images/misp-small.png
---
# Using MISP to share vulnerability information efficiently
Software and hardware vulnerability are often discussed, shared, prepared, analysed or reviewed before publication. This process
can be tedious as this is often a lot of exchanges between the parties involved including reporters, proxy-reporters, coordinators,
editor and even impacted parties. Some vulnerabilities might be shared and exchanged within trusted parties for months before being
officially disclosed. This can generate a significant workload on a staff dealing with security team, vulnerability assessment team or
CNA (CVE Numbering Authorities).
As MISP provides a complete functionality software for sharing information, sharing and collaborating on security vulnerabilities
within a trusted group is as easy as sharing indicators.
## MISP Objects
MISP objects provide a flexible way to describe combined information using a simple templating system. There is already a vulnerability
object which covers the most common cases used by organisations such as CSIRTs, security team or security assessment team. But if you
have a specific use-case of vulnerability information to share, a MISP object can be built from a template in a matter of minutes.
# How to share vulnerability information within MISP to a trusted group
Sharing a set of vulnerabilities to a trusted group is straightforward. First you create an event which will contain one or more
vulnerability with the corresponding sharing group. An event is just a container with meta-data associated to it such as classification
or a generic description.
![](/assets/images/misp/blog/vul01.png)
Then when your event is created, the event can be used to attach attributes or objects. If you want to share vulnerability information,
a vulnerability object can be added to describe the vulnerability.
![](/assets/images/misp/blog/vul02.png)
The vulnerability object is composed of various attributes such as vulnerable configuration where it's expressed as a CPE value and
can be added multiple times if you have different vulnerable configurations.
![](/assets/images/misp/blog/vul03.png)
![](/assets/images/misp/blog/vul04.png)