Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

create IEs for Vulnerability Assessment Scenario information needs #43

Closed
djhaynes opened this issue May 31, 2016 · 2 comments

Comments

Projects
None yet
2 participants
@djhaynes
Copy link
Contributor

commented May 31, 2016

Endpoint

o Collection date/time - the date and time of data collection

o Endpoint type - the device type of the endpoint (e.g., standard
computer, printer, router, mobile device, tablet, etc.)

o Hardware version/firmware - the hardware or firmware version if
applicable (e.g., BIOS version, firmware revision, etc.)

o Operating system - Operating system name

o Operating system attributes - Operating system high-level
attributes (e.g., version, service pack level, edition, etc.).
Would not include configuration details.

o Installed software name - List of all installed software packages
(i.e., software inventory). May or may not include software
installed by the operating system.

o Installed software attributes - Software high-level attributes
(e.g., version, patch level, install path, etc.). Would not
include configuration details.

o Open ports/enabled services - Listening network ports (e.g., TCP,
UDP, etc.) as well as services that are starting, running,
suspended, or enabled to run pending some event.

o Operating system optional component inventory - Operating system
specific components and software (when NOT already included in the
general software inventory)

o Location - The physical location of an enterprise endpoint (e.g.,
department, room, etc.)

o Purpose - describes how the endpoint is used within the enterprise
(e.g., end user system, database server, public web server, etc.)

o Criticality - An enterprise-defined rating (possibly a score) that
helps determine the criticality of the endpoint. If this endpoint
is attacked or lost, what is the impact to the overall enterprise?

o File system attributes - Attributes that describe the file or
directory (e.g., versions, size, write date, modified date,
checksum, etc.)

o Shared libraries - libraries that can be used by and installed
with many different software applications. A shared library
vulnerability could affect multiple software applications in the
same way.

o Other software configuration information - operating system or
software application configuration attributes that go beyond that
basic information already captured (e.g., Microsoft Windows
registry, Apple configuration profiles, GConf, Proc filesystem,
text configuration files and their parameters, and the
installation paths.)

External Vulnerability Description Information

o Ingest Date - the date that the vulnerability description
information was received by the enterprise.

o Date of Release - publication or disclosure date of the
vulnerability description information.

o Version - the version or iteration of the vulnerability
description information according to the author, if applicable.

o External vuln ID - external or third-party IDs assigned to the
vulnerability description information. Could be multiple IDs in
some cases (e.g., vendor bug id, global ID, discoverer's local ID,
third-party vulnerability database ID, etc.).

o Severity Score - the severity of the vulnerability description
information according to the vulnerability description information
author, if applicable.

Assessment Results

o Date of assessment - The date that the assessment was performed
against an endpoint.

o Date of data collection - The age of the data used in the
assessment to make the endpoint status determination.

o Endpoint identification and/or locally assigned ID - The ID
assigned to the enterprise endpoint. Must be assigned for
tracking results over time.

o Vulnerable software product(s) - The vulnerable software products
identified as being installed on the endpoint.

o Endpoint vulnerability status - Overall vulnerability status of
the enterprise endpoint (i.e., Pass or Fail)

o Vulnerability description - A human-consumable description of a
vulnerability. Supports the human user understanding of the
vulnerability assessment results within an application front-end
or user interface.

o Vulnerability remediation - The fix, workaround, or patch
information for a vulnerability. This information may be a part
of the vulnerability description information described previously.
Note that this information can change over time due to vendor
patch supersession.

@djhaynes

This comment has been minimized.

Copy link
Contributor Author

commented Apr 27, 2017

o Collection date/time - see collectionTimestamp.
o Endpoint type - see endpointType.
o Hardware version/firmware - see softwareInstance.
o Operating system - see softwareInstance.
o Operating system attributes - see softwareInstance.
o Installed software name - see softwareInstance.
o Installed software attributes - see softwareInstance. Install path should be covered by (#76).
o Open ports/enabled services - see portInfo, inetd, internetService, etc.
o Operating system optional component inventory - see softwareInstance class other and applicationComponent.
o Location - see locationName, networkZoneLocation, layer2NetworkLocation, layer3NetworkLocation, WGS84Longitude, WGS84Latitude.
o Purpose - see endpointPurpose.
o Criticality - see endpointCriticality.
o File system attributes - see file.
o Shared libraries - see applicationComponent. Should also be addressed by Install path should be covered by (#76).
o Other software configuration information - see registryKey and other OVAL-based IEs.
o Ingest Date - see ingestTimestamp.
o Date of Release - see publicationTimestamp.
o Version - see vulnerabilityVersion.
o External vuln ID - see vulnerabilityExternalId.
o Severity Score - see vulnerabilitySeverity.
o Date of assessment - see assessmentTimestamp.
o Date of data collection - see collectionTimestamp.
o Endpoint identification and/or locally assigned ID - see targetEndpointIdentifier and targetEndpointLabel.
o Vulnerable software product(s) - see vulnerableSoftware.
o Endpoint vulnerability status - see endpointVulnerabilityStatus.
o Vulnerability description - see vulnerabilityDescription.
o Vulnerability remediation - may be part of vulnerabilityDescription. Also, see patchId and patchName.

@athiasjerome

This comment has been minimized.

Copy link

commented Apr 28, 2017

Note for the future
Warning regarding "Date of assessment - see assessmentTimestamp.", we would have to support/record information related to the assessment, in particular the - Profile - (important in compliance context)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.