Update the Security Finding class with attributes from the Splunk Detection Report extension class.

[pagbabian-splunk]

There are two different classes for a Finding: one in the core schema, and another incompatible class in the Splunk extension. The Splunk extension has a number of attributes that should be useful to the general public. There are two sets to consider: a set of standard frameworks that are missing in Security Finding, and a set of additional other attributes. This proposal considers the first set of standard frameworks. A separate proposal will consider a second set.

All added attributes would be Optional.

The first set:
cis_csc array of CIS Control (new object); kill_chain array of Cyber Kill Chain (new object, LockheedMartin); nist an array of String as new attribute NIST List for the NIST framework.

Add type CIS Control
{ "caption": "CIS Control", "description": "The Center for Internet Security Critical Security Control (CIS CSC). Prioritized set of actions to protect your organization and data from cyber-attack vectors.", "extends": "object", "name": "cis_control", "attributes": { "control": { "requirement": "required" }, "version": { "description": "The CIS critical security control version.", "requirement": "recommended" } } }

Add type Kill Chain:
{ "caption": "Kill Chain", "description": "The <a target='_blank' href='https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html'>Cyber Kill Chain®</a>.", "extends": "object", "name": "kill_chain", "attributes": { "phase": { "requirement": "recommended" }, "phase_id": { "requirement": "required" } } }

[floydtree]

The changes look good, however before I vote for it - we don't need to add cves to the class. We already have it under vulnerabilities

Apart from this, the additions look good.

[pagbabian-splunk]

Thanks - I edited the proposal to remove the cves array.

[floydtree]

Thank you, would be good to update the voting option as well, good for posteriority.