Skip to content

STIX 2.0 Proposal17: Clarify semantics of different types of Exploit Targets as expressed in the Exploit Target construct (#387)

Paul Patrick edited this page Dec 23, 2015 · 5 revisions

Issue Summary

There is currently a lack of semantic clarity with regards to Vulnerability, Weakness and Configuration within Exploit Targets. It is the current semantic intent that each of these are separate types of Exploit Targets and a single Exploit Target instance would not include more than one of them.

Proposed

Propose breaking out Vulnerability, Weakness and Configuration into separate IDable types derived from a common Exploit Target type.

Proposed Model

Examples

Example #1: simple vulnerability with a simple related weakness and a simple TTP targeting the vulnerability

JSON Serialization example snippets

    {
        "id": "example:et-2d470518-e91d-432f-bd2c-b87c2653a648",
        "type": "vulnerability",
        "timestamp": {"value": "2015-12-21T19:59:11.000000+00:00"},
        "cve_id": "CVE-2014-0006",
        "cvss_score": {
            "overall_score": "4.3",
            "base_score": "4.3",
            "base_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"
        },
        "published_datetime": {
            "value": "2014-01-22T20:55:04.000007-05:00",
            "timestamp_precision": "day"
        }
    }

    {
        "id": "example:et-2221091c-ab94-4089-a91b-82e6daae8bc4",
        "type": "weakness",
        "timestamp": {"value": "2015-12-21T19:59:31.000000+00:00"},
        "cwe_id": "CWE-200"
    }

    {
        "id": "example:rel-d77aa1de-0787-42c7-8fbb-78569984980b",
        "type": "related-weakness",
        "timestamp": {"value": "2015-12-21T19:59:47.000000+00:00"},
        "relationship_nature": {"value": "Instantiates Weakness"},
        "from": "example:et-2d470518-e91d-432f-bd2c-b87c2653a648",
        "to": "example:et-2221091c-ab94-4089-a91b-82e6daae8bc4"	
    }

    {
        "id": "example:ttp-e5d3e508-553a-4a0d-b2b2-ab578a34edfc",
        "type": "exploit",
        "timestamp": {"value": "2015-12-21T19:59:22.000000+00:00"},
        "title": "Remote Access through TempURL",
        "intended_effect": [
            {
                "value": {
                    "value": "Unauthorized Access",
                    "vocab": "intended-effect-vocab-1.0"
                }
            }
        ]
    }

    {
        "id": "example:rel-99df3633-cd20-493d-acf0-b77f3923c5cf",
        "type": "related-exploit-target",
        "timestamp": {"value": "2015-12-21T19:59:47.000000+00:00"},
        "relationship_nature": {"value": "Targets Vulnerability"},
        "from": "example:ttp-e5d3e508-553a-4a0d-b2b2-ab578a34edfc",
        "to": "example:et-2d470518-e91d-432f-bd2c-b87c2653a648"	
    }

JSON Schema Serialization snippets

Open Questions

Clone this wiki locally