nino-filigran
commented
3 months ago Hey @iFrozenPhoenix we've found a workaround for the moment (assuming you want to map the CWEs to the CVEs existing in NVD https://cwe.mitre.org/data/definitions/1003.html):
- First, you can define a new Kill chain phase (in settings/Taxonomies/Kill chain phases), for each "parent" CWE (in the above example, Improper Input Validation - (20) would be a parent).
- Then, for each parent, create a attack parent and link it to the parent kill chain phase (in our example, Improper Validation of Specified Quantity in Input - (1284) would be an attack pattern linked to the parent kill chain phase Improper Input Validation - (20)).
- Then you can link a vulnerability with an attack pattern representing your CWE.
Would that work for you at the moment? If not could you maybe in more details what is not satisfactory in regards of your use case ?
iFrozenPhoenix
Use case
Analyzing the cause of a vulnerability. This would allow to prioritize and eventually allow for mitigation in cases where there is no official fix for the vulnerability (0 day).
Current Workaround
Managing Vulnerabilities and their CWEs additionally in an external database outside OpenCTI.
Proposed Solution
New Entity Type Weakness (Analog to attack pattern). This vulnerability can then be related to the weakness with a has relationship.
Additional Information
NA
If the feature request is approved, would you be willing to submit a PR?
Yes / No (Help can be provided if you need assistance submitting a PR)