From f950f6d09a5772e40e89ac8db684dbfe2022fcb4 Mon Sep 17 00:00:00 2001 From: "jason.reimer" Date: Thu, 27 Jul 2023 14:13:10 -0700 Subject: [PATCH 01/14] new attributes for kbarticle and product objects --- dictionary.json | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/dictionary.json b/dictionary.json index 2e0436fb2..5ca4a15b9 100644 --- a/dictionary.json +++ b/dictionary.json @@ -319,6 +319,11 @@ "description": "The operating system build number.", "type": "string_t" }, + "bulletin": { + "caption": "Patch Bulletin", + "description": "The vendor bulletin identfier.", + "type": "string_t" + }, "bytes": { "caption": "Total Bytes", "default": 0, @@ -923,6 +928,11 @@ "description": "The ISO 3166-1 Alpha-2 country code. For the complete list of country codes see ISO 3166-1 alpha-2 codes.

Note: The two letter country code should be capitalized. For example: US or CA.

", "type": "string_t" }, + "cpe": { + "caption": "The product CPE identifier", + "description": "The Common Platform Enumeration (CPE) name.", + "type": "string_t" + }, "cpu_bits": { "caption": "CPU Bits", "description": "The cpu architecture, the number of bits used for addressing in memory. For example: 32 or 64.", @@ -2477,6 +2487,12 @@ "is_array": true, "type": "analytic" }, + "related_cves": { + "caption": "Related CVE's", + "description": "A list of related Common Vulnerabilty Exporsure (CVE) id's.", + "is_array": true, + "type": "related_event" + }, "related_events": { "caption": "Related Events", "description": "Describes events related to a finding or detection as identified by the security product.", @@ -2977,6 +2993,11 @@ "description": "The unique identifier of a virtual subnet.", "type": "string_t" }, + "superseded": { + "caption": "The patch is superseded.", + "description": "The vendor patch has been replaced by another.", + "type": "boolean_t" + }, "supporting_data": { "caption": "Supporting Data", "description": "Additional data supporting a finding as provided by security tool", From 0e0c647dbffbc8ae83b465d57ca6b0173a5c0fdb Mon Sep 17 00:00:00 2001 From: "jason.reimer" Date: Thu, 27 Jul 2023 14:50:27 -0700 Subject: [PATCH 02/14] new general classification attribute --- dictionary.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dictionary.json b/dictionary.json index 5ca4a15b9..f20121c05 100644 --- a/dictionary.json +++ b/dictionary.json @@ -716,6 +716,11 @@ "sibling": "classifications", "type": "integer_t" }, + "classification": { + "caption": "Classification", + "description": "The classification as defined by the vendor.", + "type": "string_t" + }, "classifications": { "caption": "Classifications", "description": "The list of malware classifications, normalized to the captions of the classification_id values. In the case of 'Other', they are defined by the event source.", From c6836b37397f0fc163f7a791ed0e252b9ea469ce Mon Sep 17 00:00:00 2001 From: "jason.reimer" Date: Thu, 27 Jul 2023 15:06:05 -0700 Subject: [PATCH 03/14] new kbarticle object --- objects/kbarticle.json | 56 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 objects/kbarticle.json diff --git a/objects/kbarticle.json b/objects/kbarticle.json new file mode 100644 index 000000000..94f746bbc --- /dev/null +++ b/objects/kbarticle.json @@ -0,0 +1,56 @@ +{ + "caption": "KB Article", + "description": "The kb article details for the patch or update.", + "extends": "object", + "name": "kbarticle", + "attributes": { + "title": { + "description": "The title of the kb article.", + "requirement": "recommended" + }, + "uid": { + "description": "The unique identfier for the kb article.", + "requirement": "required" + }, + "os": { + "description": "The operating system the kb article applies.", + "requirement": "recommended" + }, + "severity": { + "description": "The severity of the kb article.", + "requirement": "recommended" + }, + "bulletin": { + "description": "The kb article bulletin identfier.", + "requirement": "optional" + }, + "product": { + "description": "The product details the kb article applies.", + "requirement": "optional" + }, + "superseded": { + "description": "The kb article has been replaced by another.", + "requirement": "optional" + }, + "created_time": { + "description": "The date the kb article was released by the Operating System vendor.", + "requirement": "optional" + }, + "size": { + "description": "The size in bytes for the kb article.", + "requirement": "optional" + }, + "related_cves": { + "description": "A list of related CVE's to the kb article.", + "requirement": "optional" + }, + "src_url": { + "description": "The kb article link from the source vendor.", + "requirement": "optional" + }, + "classification": { + "description": "The vendors classification of the kb article.", + "requirement": "optional" + } + } +} \ No newline at end of file From 9a7a0063a388dc4caadcc70a5fb84754119b6363 Mon Sep 17 00:00:00 2001 From: "jason.reimer" Date: Thu, 27 Jul 2023 15:11:21 -0700 Subject: [PATCH 04/14] kbarticle spelling fix --- objects/kbarticle.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/objects/kbarticle.json b/objects/kbarticle.json index 94f746bbc..1a0a9fc85 100644 --- a/objects/kbarticle.json +++ b/objects/kbarticle.json @@ -9,7 +9,7 @@ "requirement": "recommended" }, "uid": { - "description": "The unique identfier for the kb article.", + "description": "The unique identifier for the kb article.", "requirement": "required" }, "os": { @@ -21,7 +21,7 @@ "requirement": "recommended" }, "bulletin": { - "description": "The kb article bulletin identfier.", + "description": "The kb article bulletin identifier.", "requirement": "optional" }, "product": { From abfeb8ad04b5515f30ce7b1d3397a399aaa2e5ca Mon Sep 17 00:00:00 2001 From: "jason.reimer" Date: Thu, 27 Jul 2023 15:13:43 -0700 Subject: [PATCH 05/14] change kbarticles attribute to kbarticle object --- objects/vulnerability.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/objects/vulnerability.json b/objects/vulnerability.json index 49b9899ec..15ff82933 100644 --- a/objects/vulnerability.json +++ b/objects/vulnerability.json @@ -17,7 +17,7 @@ "fix_available": { "requirement": "optional" }, - "kb_articles": { + "kbarticle": { "requirement": "optional" }, "packages": { From a78222e6022e368e24c22bd799fc62f62a331edd Mon Sep 17 00:00:00 2001 From: "jason.reimer" Date: Thu, 27 Jul 2023 15:47:56 -0700 Subject: [PATCH 06/14] attribute description change --- objects/kbarticle.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/objects/kbarticle.json b/objects/kbarticle.json index 1a0a9fc85..bfe3f9a23 100644 --- a/objects/kbarticle.json +++ b/objects/kbarticle.json @@ -33,7 +33,7 @@ "requirement": "optional" }, "created_time": { - "description": "The date the kb article was released by the Operating System vendor.", + "description": "The date the kb article was released by the vendor.", "requirement": "optional" }, "size": { From f258590958beee19c993bed106bd8d99ad843e5c Mon Sep 17 00:00:00 2001 From: "jason.reimer" Date: Fri, 28 Jul 2023 12:40:13 -0700 Subject: [PATCH 07/14] Revert "change kbarticles attribute to kbarticle object" This reverts commit abfeb8ad04b5515f30ce7b1d3397a399aaa2e5ca. Remove kbarticle object change --- objects/vulnerability.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/objects/vulnerability.json b/objects/vulnerability.json index 15ff82933..49b9899ec 100644 --- a/objects/vulnerability.json +++ b/objects/vulnerability.json @@ -17,7 +17,7 @@ "fix_available": { "requirement": "optional" }, - "kbarticle": { + "kb_articles": { "requirement": "optional" }, "packages": { From b7d83b7d67328269c99bcc9cb06af557c187b54a Mon Sep 17 00:00:00 2001 From: "jason.reimer" Date: Fri, 28 Jul 2023 13:25:56 -0700 Subject: [PATCH 08/14] rename kbarticle.json to kb_article.json --- objects/{kbarticle.json => kb_article.json} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename objects/{kbarticle.json => kb_article.json} (100%) diff --git a/objects/kbarticle.json b/objects/kb_article.json similarity index 100% rename from objects/kbarticle.json rename to objects/kb_article.json From 046604b42b1a0cddcc3eb67d75f3dab06ef586e4 Mon Sep 17 00:00:00 2001 From: "jason.reimer" Date: Mon, 31 Jul 2023 09:24:47 -0700 Subject: [PATCH 09/14] edit object text name kb_article --- objects/kb_article.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/objects/kb_article.json b/objects/kb_article.json index bfe3f9a23..67d96c3b5 100644 --- a/objects/kb_article.json +++ b/objects/kb_article.json @@ -2,7 +2,7 @@ "caption": "KB Article", "description": "The kb article details for the patch or update.", "extends": "object", - "name": "kbarticle", + "name": "kb_article", "attributes": { "title": { "description": "The title of the kb article.", From c051dcd8582785eaceb86435fa6c84fa3d3bc7d3 Mon Sep 17 00:00:00 2001 From: Jason Reimer Date: Tue, 1 Aug 2023 09:23:06 -0700 Subject: [PATCH 10/14] update CPE attribute with link Add NIST link from feedback. Signed-off-by: Jason Reimer --- dictionary.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dictionary.json b/dictionary.json index f20121c05..f45783cc3 100644 --- a/dictionary.json +++ b/dictionary.json @@ -935,7 +935,7 @@ }, "cpe": { "caption": "The product CPE identifier", - "description": "The Common Platform Enumeration (CPE) name.", + "description": "The Common Platform Enumeration (CPE) name as described by (NIST).", "type": "string_t" }, "cpu_bits": { From 16e8155f159fbce5594ace5ec54aa1c66eb03952 Mon Sep 17 00:00:00 2001 From: Jason Reimer Date: Tue, 1 Aug 2023 09:30:51 -0700 Subject: [PATCH 11/14] remove related_cves remove this attribute from branch dictionary. related_vulnerabilities will be used in kb_article. Signed-off-by: Jason Reimer --- dictionary.json | 6 ------ 1 file changed, 6 deletions(-) diff --git a/dictionary.json b/dictionary.json index f45783cc3..53c303f57 100644 --- a/dictionary.json +++ b/dictionary.json @@ -2492,12 +2492,6 @@ "is_array": true, "type": "analytic" }, - "related_cves": { - "caption": "Related CVE's", - "description": "A list of related Common Vulnerabilty Exporsure (CVE) id's.", - "is_array": true, - "type": "related_event" - }, "related_events": { "caption": "Related Events", "description": "Describes events related to a finding or detection as identified by the security product.", From 9a1f71653c75f814dfa9ba2ddd4767fdd6b9ceff Mon Sep 17 00:00:00 2001 From: Jason Reimer Date: Tue, 1 Aug 2023 09:44:08 -0700 Subject: [PATCH 12/14] description and attribute change Based on feedback change the description and edit attribute related_cves to related_vulnerabilities. Signed-off-by: Jason Reimer --- objects/kb_article.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/objects/kb_article.json b/objects/kb_article.json index 67d96c3b5..7c903b244 100644 --- a/objects/kb_article.json +++ b/objects/kb_article.json @@ -1,6 +1,6 @@ { "caption": "KB Article", - "description": "The kb article details for the patch or update.", + "description": "The KB Article object contains metadata that describes the patch or update.", "extends": "object", "name": "kb_article", "attributes": { @@ -40,8 +40,8 @@ "description": "The size in bytes for the kb article.", "requirement": "optional" }, - "related_cves": { - "description": "A list of related CVE's to the kb article.", + "related_vulnerabilities": { + "description": "A list of related vulnerabilities to the kb article.", "requirement": "optional" }, "src_url": { @@ -53,4 +53,4 @@ "requirement": "optional" } } -} \ No newline at end of file +} From c12ba1d100e833436f09d8aea52afaf1d38056e1 Mon Sep 17 00:00:00 2001 From: Jason Reimer Date: Wed, 2 Aug 2023 08:24:41 -0700 Subject: [PATCH 13/14] fix spacing issue Signed-off-by: Jason Reimer --- dictionary.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dictionary.json b/dictionary.json index 53c303f57..3898dbc8a 100644 --- a/dictionary.json +++ b/dictionary.json @@ -2996,7 +2996,7 @@ "caption": "The patch is superseded.", "description": "The vendor patch has been replaced by another.", "type": "boolean_t" - }, + }, "supporting_data": { "caption": "Supporting Data", "description": "Additional data supporting a finding as provided by security tool", From 141948c40b176f2e700130771ef400c8d1b7441d Mon Sep 17 00:00:00 2001 From: Jason Reimer Date: Wed, 2 Aug 2023 09:05:16 -0700 Subject: [PATCH 14/14] kb_article object Signed-off-by: Jason Reimer --- dictionary.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dictionary.json b/dictionary.json index 3898dbc8a..7f276cd05 100644 --- a/dictionary.json +++ b/dictionary.json @@ -1769,6 +1769,11 @@ "description": "The user's job title.", "type": "string_t" }, + "kb_article": { + "caption": "Knowledgebase Article describes the patch or update", + "description": "The KB article/s related to the entity", + "type": "kb_article" + }, "kb_articles": { "caption": "Knowledgebase Articles", "description": "The KB article/s related to the entity",