-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
create IEs for Vulnerability Assessment Scenario information needs #43
Comments
o Collection date/time - see collectionTimestamp. |
Note for the future |
Endpoint
o Collection date/time - the date and time of data collection
o Endpoint type - the device type of the endpoint (e.g., standard
computer, printer, router, mobile device, tablet, etc.)
o Hardware version/firmware - the hardware or firmware version if
applicable (e.g., BIOS version, firmware revision, etc.)
o Operating system - Operating system name
o Operating system attributes - Operating system high-level
attributes (e.g., version, service pack level, edition, etc.).
Would not include configuration details.
o Installed software name - List of all installed software packages
(i.e., software inventory). May or may not include software
installed by the operating system.
o Installed software attributes - Software high-level attributes
(e.g., version, patch level, install path, etc.). Would not
include configuration details.
o Open ports/enabled services - Listening network ports (e.g., TCP,
UDP, etc.) as well as services that are starting, running,
suspended, or enabled to run pending some event.
o Operating system optional component inventory - Operating system
specific components and software (when NOT already included in the
general software inventory)
o Location - The physical location of an enterprise endpoint (e.g.,
department, room, etc.)
o Purpose - describes how the endpoint is used within the enterprise
(e.g., end user system, database server, public web server, etc.)
o Criticality - An enterprise-defined rating (possibly a score) that
helps determine the criticality of the endpoint. If this endpoint
is attacked or lost, what is the impact to the overall enterprise?
o File system attributes - Attributes that describe the file or
directory (e.g., versions, size, write date, modified date,
checksum, etc.)
o Shared libraries - libraries that can be used by and installed
with many different software applications. A shared library
vulnerability could affect multiple software applications in the
same way.
o Other software configuration information - operating system or
software application configuration attributes that go beyond that
basic information already captured (e.g., Microsoft Windows
registry, Apple configuration profiles, GConf, Proc filesystem,
text configuration files and their parameters, and the
installation paths.)
External Vulnerability Description Information
o Ingest Date - the date that the vulnerability description
information was received by the enterprise.
o Date of Release - publication or disclosure date of the
vulnerability description information.
o Version - the version or iteration of the vulnerability
description information according to the author, if applicable.
o External vuln ID - external or third-party IDs assigned to the
vulnerability description information. Could be multiple IDs in
some cases (e.g., vendor bug id, global ID, discoverer's local ID,
third-party vulnerability database ID, etc.).
o Severity Score - the severity of the vulnerability description
information according to the vulnerability description information
author, if applicable.
Assessment Results
o Date of assessment - The date that the assessment was performed
against an endpoint.
o Date of data collection - The age of the data used in the
assessment to make the endpoint status determination.
o Endpoint identification and/or locally assigned ID - The ID
assigned to the enterprise endpoint. Must be assigned for
tracking results over time.
o Vulnerable software product(s) - The vulnerable software products
identified as being installed on the endpoint.
o Endpoint vulnerability status - Overall vulnerability status of
the enterprise endpoint (i.e., Pass or Fail)
o Vulnerability description - A human-consumable description of a
vulnerability. Supports the human user understanding of the
vulnerability assessment results within an application front-end
or user interface.
o Vulnerability remediation - The fix, workaround, or patch
information for a vulnerability. This information may be a part
of the vulnerability description information described previously.
Note that this information can change over time due to vendor
patch supersession.
The text was updated successfully, but these errors were encountered: