Consider including cfr-vulnerabilities-exploited meta field

MISP / misp-galaxy

Clusters and elements to attach to MISP events or attributes (like threat actors)

https://misp-galaxy.org/

Other

509 stars 254 forks source link

Consider including cfr-vulnerabilities-exploited meta field #873

Open jstnk9 opened 9 months ago

jstnk9 commented 9 months ago

Hi :)

With the goal of create relations between threat actors and vulnerabilities exploited/used, I would like to propose if it's possible include the field cfr-vulnerabilities-exploited as an official field in the meta information within clusters.

If yes, I'll contribute with information about threat actors and CVEs used during their operations.

Thank you guys, Cheers

adulau commented 4 months ago

It's a good idea.

CFR are usually related to https://www.cfr.org/cyber-operations/ but we could make an official meta field called vulnerabilities-exploited to include the information with the list of CVEs.