-
Notifications
You must be signed in to change notification settings - Fork 7
STIX 2.0 Proposal17: Clarify semantics of different types of Exploit Targets as expressed in the Exploit Target construct (#387)
Paul Patrick edited this page Dec 23, 2015
·
5 revisions
There is currently a lack of semantic clarity with regards to Vulnerability, Weakness and Configuration within Exploit Targets. It is the current semantic intent that each of these are separate types of Exploit Targets and a single Exploit Target instance would not include more than one of them.
Propose breaking out Vulnerability, Weakness and Configuration into separate IDable types derived from a common Exploit Target type.
Example #1: simple vulnerability with a simple related weakness and a simple TTP targeting the vulnerability
{
"id": "example:et-2d470518-e91d-432f-bd2c-b87c2653a648",
"type": "vulnerability",
"timestamp": {"value": "2015-12-21T19:59:11.000000+00:00"},
"cve_id": "CVE-2014-0006",
"cvss_score": {
"overall_score": "4.3",
"base_score": "4.3",
"base_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"
},
"published_datetime": {
"value": "2014-01-22T20:55:04.000007-05:00",
"timestamp_precision": "day"
}
}
{
"id": "example:et-2221091c-ab94-4089-a91b-82e6daae8bc4",
"type": "weakness",
"timestamp": {"value": "2015-12-21T19:59:31.000000+00:00"},
"cwe_id": "CWE-200"
}
{
"id": "example:rel-d77aa1de-0787-42c7-8fbb-78569984980b",
"type": "related-weakness",
"timestamp": {"value": "2015-12-21T19:59:47.000000+00:00"},
"relationship_nature": {"value": "Instantiates Weakness"},
"from": "example:et-2d470518-e91d-432f-bd2c-b87c2653a648",
"to": "example:et-2221091c-ab94-4089-a91b-82e6daae8bc4"
}
{
"id": "example:ttp-e5d3e508-553a-4a0d-b2b2-ab578a34edfc",
"type": "exploit",
"timestamp": {"value": "2015-12-21T19:59:22.000000+00:00"},
"title": "Remote Access through TempURL",
"intended_effect": [
{
"value": {
"value": "Unauthorized Access",
"vocab": "intended-effect-vocab-1.0"
}
}
]
}
{
"id": "example:rel-99df3633-cd20-493d-acf0-b77f3923c5cf",
"type": "related-exploit-target",
"timestamp": {"value": "2015-12-21T19:59:47.000000+00:00"},
"relationship_nature": {"value": "Targets Vulnerability"},
"from": "example:ttp-e5d3e508-553a-4a0d-b2b2-ab578a34edfc",
"to": "example:et-2d470518-e91d-432f-bd2c-b87c2653a648"
}