gdbassett
commented
7 years ago Affected objects within the schema: attribute.confidentiality.data.amount attribute.confidentiality.data.variety
(impact has previously filtered out by veriscols(), but was added back in a few versions back)
impact.loss.rating
impact.loss.amount
impact.loss.variety
impact.loss.min_amount
impact.loss.max_amount
asset.assets.amount asset.assets.variety
(IOC would be affected if it wasn't removed during import in veriscols()
ioc.comment
ioc.indicator
plus.event_chain.action plus.event_chain.attribute plus.event_chain.asset plus.event_chain.actor plus.event_chain.summary
Note: event_chain and ioc are rarely if ever filled in.
WARNING: The json2veris script doesn't have the concept of item numbers in lists. Normally things in a list might be imported as asset.assets.1.variety and asset.assets.1.amount. Because it doesn't have that, it'd be asset.assets.variety.enumeration and asset.assets.amount (with no enumeration as it doesn't have any 'enums' the way variety does) and the explicit connection between the variety's enum and the amount would be lost.
To handle this, for the asset.assets.variety/amount and attribute.confidentiality.data.variety/amount, the script manually creates asset.assets.amount.[variety enums] and attribute.confidentiality.data.amount.[variety enums] columns in
veriscol().That said, it is unclear where else this might be an issues (and certainly with new objects coming in.
The solution is probably to generalize the solution with something like maintaining the variety-amount pairing in something like
list(variety=x, amount=y)so that the relationship is maintained. The down side to this is that nowgetenum()and other verisr tools need to handle list-columns. That said, it's something that is coming up fairly quickly as veris 2.0 will require it to deal with the list of steps.