Skip to content

Commit 9eb578d

Browse files
adulauadulau
committed
chg: [vulnerability] updated following NATO and CIRCL feedback
- CVSS score added - CVSS string added - credit attribute added - text -> description - vulnerability attribute can now be any format (not only the CVE format)
1 parent 2b5592c commit 9eb578d

File tree

1 file changed

+25
-6
lines changed

1 file changed

+25
-6
lines changed

objects/vulnerability/definition.json

Lines changed: 25 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -5,17 +5,17 @@
55
"references",
66
"vulnerable_configuration",
77
"summary",
8-
"text",
8+
"description",
99
"id"
1010
],
1111
"attributes": {
1212
"id": {
13-
"description": "Vulnerability ID (generally CVE, but not necessarely). The id is not required as the object itself has an UUID and the CVE id can updated later.",
13+
"description": "Vulnerability ID (generally CVE, but not necessarely). The id is not required as the object itself has an UUID and the CVE id can be update or assigned later.",
1414
"ui-priority": 0,
15-
"misp-attribute": "vulnerability",
15+
"misp-attribute": "text",
1616
"multiple": true
1717
},
18-
"text": {
18+
"description": {
1919
"description": "Description of the vulnerability",
2020
"ui-priority": 0,
2121
"misp-attribute": "text"
@@ -69,10 +69,29 @@
6969
],
7070
"disable_correlation": true,
7171
"misp-attribute": "text"
72+
},
73+
"cvss-score": {
74+
"description": "Score of the Common Vulnerability Scoring System (version 3).",
75+
"ui-priority": 1,
76+
"disable_correlation": true,
77+
"misp-attribute": "float"
78+
},
79+
"cvss-string": {
80+
"description": "String of the Common Vulnerability Scoring System (version 3).",
81+
"ui-priority": 1,
82+
"disable_correlation": true,
83+
"misp-attribute": "text"
84+
},
85+
"credit": {
86+
"description": "Who reported/found the vulnerability such as an organisation, person or nickname.",
87+
"ui-priority": 0,
88+
"disable_correlation": true,
89+
"misp-attribute": "text",
90+
"multiple": true
7291
}
7392
},
74-
"version": 4,
75-
"description": "Vulnerability object describing a common vulnerability enumeration which can describe unpublished, under review or embargo vulnerability for software, equipments or hardware.",
93+
"version": 5,
94+
"description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.",
7695
"meta-category": "network",
7796
"uuid": "81650945-f186-437b-8945-9f31715d32da",
7897
"name": "vulnerability"

0 commit comments

Comments
 (0)