Open jamiehynds opened 2 years ago
FYI @clement-fouque
Thanks @jamiehynds. Here are some comments on the properties you were mentioning:
Mitigations and Solutions
CWE
name
, id
& description
id
status
patch
dates
vulnerability.score.environmental
I would also add
title
, name
or short description
as it's easier to use in dashboardsvulnerability.temporal
as we need to describe if exploit exists, maturity, last time it was found, ...threat
fieldThe following are ideas that might not be interesting to add in ECS:
It might be interesting to align with the Open Source Vulnerability format.
The addition of event.category vulnerability is definitely a critical add for easily creating dashboards from multiple vulnerability scanners.
a vulnerability.(hash || fingerprint || uid) would be really useful as well (tenable includes one) to identify the same vulnerability over multiple scans
status (open, patched, mitigated, accepted, etc.) is another one that would be extremely useful
for the vulnerability.id, maybe vulnerability.vendor
on the asset front - is there consideration of moving asset type records into an "asset" field set &&|| using existing fieldsets to populate that data? (e.g. host, container, etc.). would also be relevant in terms of e.g. network info for remote assessments (e.g. populating destination.port for a vulnerability, or potentially adding e.g. network.port as a more general descriptor or keeping it under vulnerability w/ vulnerability.port / vulnerability.network port...)
Including CVSS 4.0 would also be a good add if Elastic ever wants to get into the vulnerability management game.
Linking this RFC here: https://github.com/elastic/ecs/pull/2331
It looks like it will complete a fair number of the requests on this issue.
Tenable Nessus (10.8.0) is now (as of this month) including CVSS 4.0 and EPSS scoring into their datasets. This increases the need for these additional ECS fields for sure!
Based on user feedback, we're missing some fields in our ECS vulnerability fields and suggest the following additions.
vulnerability.mitigation
?**vulnerability.category**