Update the Security Finding class with attributes from the Splunk Detection Report extension class. #490
Closed
pagbabian-splunk
started this conversation in
Proposals
Replies: 1 comment 2 replies
-
The changes look good, however before I vote for it - we don't need to add cves to the class. We already have it under vulnerabilities Apart from this, the additions look good. |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
There are two different classes for a Finding: one in the core schema, and another incompatible class in the Splunk extension. The Splunk extension has a number of attributes that should be useful to the general public. There are two sets to consider: a set of standard frameworks that are missing in Security Finding, and a set of additional other attributes. This proposal considers the first set of standard frameworks. A separate proposal will consider a second set.
All added attributes would be Optional.
The first set:
cis_csc
array of CIS Control (new object);kill_chain
array of Cyber Kill Chain (new object, LockheedMartin);nist
an array of String as new attribute NIST List for the NIST framework.Add type CIS Control
{ "caption": "CIS Control", "description": "The Center for Internet Security Critical Security Control (CIS CSC). Prioritized set of actions to protect your organization and data from cyber-attack vectors.", "extends": "object", "name": "cis_control", "attributes": { "control": { "requirement": "required" }, "version": { "description": "The CIS critical security control version.", "requirement": "recommended" } } }
Add type Kill Chain:
{ "caption": "Kill Chain", "description": "The <a target='_blank' href='https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html'>Cyber Kill Chain®</a>.", "extends": "object", "name": "kill_chain", "attributes": { "phase": { "requirement": "recommended" }, "phase_id": { "requirement": "required" } } }
5 votes ·
Beta Was this translation helpful? Give feedback.
All reactions