CVSSv3 - Cisco XDR APIs

{"type":"model","meta":{"id":"/apps/pubhub/media/cisco-xdr-api-docs/f4e065ff5977829c89df289df08411f83205f526/0aedfab1-f4ca-36de-85d5-679dbd7db871","info":{"title":"IROH-INT Enrich","description":"IROH Integrations: configure and query Threat Response modules","contact":{"name":"Cisco Security Business Group -- Advanced Threat","email":"cisco-intel-api-support@cisco.com"},"license":{"name":"All Rights Reserved","url":"https://www.cisco.com"},"version":"1.0.107"},"security":[{"oAuth2":["integration:read","private-intel:read","profile:read","inspect:read","users:read","invite:read","enrich:read","oauth:read","response:read","global-intel:read","ao:read","playbook:read"]}],"tags":[{"name":"Health","description":"This set of routes allow to check the health of your integrations setup Verify if your modules are setup correctly and if your credentials are correct."},{"name":"Deliberate","description":"This set of routes allow to quickly get answers from your integrations You might use them at the start of any investigation to quickly get answers from your modules if something is bad."},{"name":"Observe","description":"This set of routes allow to get in depth investigation data about a threat You might use them at the start of any investigation to get the full picture and get to know if something has been seen in your environment."},{"name":"Refer","description":"This set of routes allow to get relevant Reference links and quickly pivot pursuing your investigation on a specific product interface. "}],"x-parser-conf":{"serverConfig":"select","overview":{"markdownPath":"reference/enrich/overview.md","uri":"enrich-api-guide"},"disableAuthEditing":true,"exampleAsDefault":true,"oAuth2":{"clientId":"client-546e34fc-c6bf-4951-ac69-f6d7987a7814","clientSecret":"MYw4_E_tBdFwUwrX6WFYKVD5LQrG2k7XrJ5J046wWE0s1gAKCxJ8VA","proxyEnabled":false},"meta":{"useProxy":true}},"openapi":"3.0.1","servers":[{"url":"https://visibility.amp.cisco.com"}],"securitySchemes":{"oAuth2":{"type":"oauth2","flows":{"clientCredentials":{"tokenUrl":"https://visibility.amp.cisco.com/iroh/oauth2/token","scopes":{"telemetry":"Collect application data for analytics","integration:read":"Manage your modules","private-intel:read":"Access Private Intelligence","admin":"Provide admin privileges","cognitive":"Cognitive Integration","profile:read":"Get your profile information","inspect:read":"Extract Observables and data from text","asset":"Access and modify your assets","event":"Read IROH Events","feedback":"Submit Customer Feedback","sse":"SSE Integration. Manage your Devices.","registry":"Manage registry entries","users:read":"Manage users of your organization","investigation":"Perform threat analysis investigation","invite:read":"Invite users into your organization","casebook":"Access and modify your casebooks","playbook":"Access and modify your playbooks","playbook:read":"Access and modify your playbooks","orbital":"Orbital Integration.","enrich:read":"Query your configured modules for threat intelligence","oauth:read":"Manage OAuth2 Clients","vault":"Grants access to Module Vaults","response:read":"List and execute response actions using configured modules","notification":"Receive notifications from integrations","global-intel:read":"Access AMP Global Intelligence","webhook":"Manage your Webhooks","ao:read":"AO Integration."}}}}}},"spec":{"required":["base_score","base_severity","vector_string"],"type":"object","properties":{"integrity_impact":{"type":"string","description":"measures the impact to integrity of a successfully exploited vulnerability","example":"high","enum":["low","none","high"]},"modified_user_interaction":{"type":"string","description":"modified user interaction","example":"none","enum":["none","required","not_defined"]},"modified_scope":{"type":"string","description":"modified scope","example":"not_defined","enum":["changed","unchanged","not_defined"]},"availability_requirement":{"type":"string","description":"These metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a user's organization, measured in terms of Confidentiality, Integrity, and Availability. That is, if an IT asset supports a business function for which Availability is most important, the analyst can assign a greater value to Availability relative to Confidentiality and Integrity. Each security requirement has three possible values: Low, Medium, or High. The full effect on the environmental score is determined by the corresponding Modified Base Impact metrics. That is, these metrics modify the environmental score by reweighting the Modified Confidentiality, Integrity, and Availability impact metrics. For example, the Modified Confidentialityimpact (MC) metric has increased weight if the Confidentiality Requirement (CR) is High. Likewise, the Modified Confidentiality impact metric has decreased weight if the Confidentiality Requirement is Low. The Modified Confidentiality impact metric weighting is neutral if the Confidentiality Requirement is Medium. This same process is applied to the Integrity and Availability requirements.Note that the Confidentiality Requirement will not affect the Environmental score if the (Modified Base) confidentiality impact is set to None. Also, increasing the Confidentiality Requirement from Medium to Highwill not change the Environmental score when the (Modified Base) impact metrics are set to High. This is because the modified impact sub score (part of the Modified Base score that calculates impact) is already at a maximum value of 10. The list of possible values is: `not_defined`: Assigning this value to the metric will not influence the score. It is a signal to the equation to skip this metric. `high`: Loss of [Confidentiality / Integrity / Availability] is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). `medium`: Loss of [Confidentiality / Integrity / Availability] is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers).`low`: Loss of [Confidentiality / Integrity / Availability] is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). For brevity, the same table is used for all three metrics. The greater the Security Requirement, the higher the score (recall that Medium is considered the default).","example":"high","enum":["low","none","high","not_defined"]},"user_interaction":{"type":"string","description":"captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component","example":"none","enum":["none","required"]},"modified_integrity_impact":{"type":"string","description":"modified integrity impact","example":"not_defined","enum":["low","none","high","not_defined"]},"privileges_required":{"type":"string","description":"describes the level of privileges an attacker must possess before successfully exploiting the vulnerability","example":"high","enum":["low","none","high"]},"exploitability_score":{"type":"number","description":"a Score number from 0 to 10","format":"double","example":10},"impact_score":{"type":"number","description":"a Score number from 0 to 10","format":"double","example":10},"environmental_severity":{"type":"string","example":"critical","enum":["low","none","high","medium","critical"]},"modified_availability_impact":{"type":"string","description":"modified availability impact","example":"not_defined","enum":["low","none","high","not_defined"]},"availability_impact":{"type":"string","description":"measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability","example":"high","enum":["low","none","high"]},"scope":{"type":"string","description":"the ability for a vulnerability in one software component to impact resources beyond its means, or privileges","example":"changed","enum":["changed","unchanged"]},"exploit_code_maturity":{"type":"string","description":"measures the likelihood of the vulnerability being attacked","example":"functional","enum":["high","unproven","functional","proof_of_concept","not_defined"]},"modified_attack_complexity":{"type":"string","description":"modified attack complexity","example":"not_defined","enum":["low","high","not_defined"]},"base_severity":{"type":"string","example":"critical","enum":["low","none","high","medium","critical"]},"confidentiality_impact":{"type":"string","description":"measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability","example":"high","enum":["low","none","high"]},"temporal_severity":{"type":"string","description":"temporal severity","example":"critical","enum":["low","none","high","medium","critical"]},"modified_confidentiality_impact":{"type":"string","description":"modified confidentiality impact","example":"not_defined","enum":["low","none","high","not_defined"]},"confidentiality_requirement":{"type":"string","description":"These metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a user's organization, measured in terms of Confidentiality, Integrity, and Availability. That is, if an IT asset supports a business function for which Availability is most important, the analyst can assign a greater value to Availability relative to Confidentiality and Integrity. Each security requirement has three possible values: Low, Medium, or High. The full effect on the environmental score is determined by the corresponding Modified Base Impact metrics. That is, these metrics modify the environmental score by reweighting the Modified Confidentiality, Integrity, and Availability impact metrics. For example, the Modified Confidentialityimpact (MC) metric has increased weight if the Confidentiality Requirement (CR) is High. Likewise, the Modified Confidentiality impact metric has decreased weight if the Confidentiality Requirement is Low. The Modified Confidentiality impact metric weighting is neutral if the Confidentiality Requirement is Medium. This same process is applied to the Integrity and Availability requirements.Note that the Confidentiality Requirement will not affect the Environmental score if the (Modified Base) confidentiality impact is set to None. Also, increasing the Confidentiality Requirement from Medium to Highwill not change the Environmental score when the (Modified Base) impact metrics are set to High. This is because the modified impact sub score (part of the Modified Base score that calculates impact) is already at a maximum value of 10. The list of possible values is: `not_defined`: Assigning this value to the metric will not influence the score. It is a signal to the equation to skip this metric. `high`: Loss of [Confidentiality / Integrity / Availability] is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). `medium`: Loss of [Confidentiality / Integrity / Availability] is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers).`low`: Loss of [Confidentiality / Integrity / Availability] is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). For brevity, the same table is used for all three metrics. The greater the Security Requirement, the higher the score (recall that Medium is considered the default).","example":"high","enum":["low","none","high","not_defined"]},"report_confidence":{"type":"string","description":"measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details","example":"confirmed","enum":["unknown","reasonable","confirmed"]},"temporal_score":{"type":"number","description":"Round up(CVSSv3BaseScore × CVSSv3ExploitCodeMaturity × CVSSv3RemediationLevel × CVSSv3ReportConfidence)","format":"double","example":10},"modified_privileges_required":{"type":"string","description":"modified privileges required","example":"not_defined","enum":["low","none","high","not_defined"]},"modified_attack_vector":{"type":"string","description":"modified attack vector","example":"not_defined","enum":["network","adjacent_network","local","physical","not_defined"]},"base_score":{"type":"number","description":"The base score is a key metric in CVSS, which uses a scoring system to determine the level of severity of a vulnerability. see: https://www.first.org/cvss/v3-1","format":"double","example":10},"environmental_score":{"type":"number","description":"a Score number from 0 to 10","format":"double","example":10},"remediation_level":{"type":"string","description":"Remediation Level of a vulnerability is an important factor for prioritization","example":"high","enum":["temporary_fix","offical_fix","high","workaround","unavailable","not_defined"]},"vector_string":{"type":"string","description":"a text representation of a set of CVSSv3 metrics. It is commonly used to record or transfer CVSSv3 metric information in a concise form","example":"string"},"integrity_requirement":{"type":"string","description":"These metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a user's organization, measured in terms of Confidentiality, Integrity, and Availability. That is, if an IT asset supports a business function for which Availability is most important, the analyst can assign a greater value to Availability relative to Confidentiality and Integrity. Each security requirement has three possible values: Low, Medium, or High. The full effect on the environmental score is determined by the corresponding Modified Base Impact metrics. That is, these metrics modify the environmental score by reweighting the Modified Confidentiality, Integrity, and Availability impact metrics. For example, the Modified Confidentialityimpact (MC) metric has increased weight if the Confidentiality Requirement (CR) is High. Likewise, the Modified Confidentiality impact metric has decreased weight if the Confidentiality Requirement is Low. The Modified Confidentiality impact metric weighting is neutral if the Confidentiality Requirement is Medium. This same process is applied to the Integrity and Availability requirements.Note that the Confidentiality Requirement will not affect the Environmental score if the (Modified Base) confidentiality impact is set to None. Also, increasing the Confidentiality Requirement from Medium to Highwill not change the Environmental score when the (Modified Base) impact metrics are set to High. This is because the modified impact sub score (part of the Modified Base score that calculates impact) is already at a maximum value of 10. The list of possible values is: `not_defined`: Assigning this value to the metric will not influence the score. It is a signal to the equation to skip this metric. `high`: Loss of [Confidentiality / Integrity / Availability] is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). `medium`: Loss of [Confidentiality / Integrity / Availability] is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers).`low`: Loss of [Confidentiality / Integrity / Availability] is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). For brevity, the same table is used for all three metrics. The greater the Security Requirement, the higher the score (recall that Medium is considered the default).","example":"high","enum":["low","none","high","not_defined"]},"attack_vector":{"type":"string","description":"Reflects the context by which vulnerability exploitation is possible","example":"adjacent_network","enum":["network","adjacent_network","local","physical"]},"attack_complexity":{"type":"string","description":"describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability","example":"high","enum":["low","high"]}},"additionalProperties":false,"example":{"integrity_impact":"high","modified_user_interaction":"none","modified_scope":"not_defined","availability_requirement":"high","user_interaction":"none","modified_integrity_impact":"not_defined","privileges_required":"high","exploitability_score":10,"impact_score":10,"environmental_severity":"critical","modified_availability_impact":"not_defined","availability_impact":"high","scope":"changed","exploit_code_maturity":"functional","modified_attack_complexity":"not_defined","base_severity":"critical","confidentiality_impact":"high","temporal_severity":"critical","modified_confidentiality_impact":"not_defined","confidentiality_requirement":"high","report_confidence":"confirmed","temporal_score":10,"modified_privileges_required":"not_defined","modified_attack_vector":"not_defined","base_score":10,"environmental_score":10,"remediation_level":"high","vector_string":"string","integrity_requirement":"high","attack_vector":"adjacent_network","attack_complexity":"high"},"$$ref":"#/components/schemas/CVSSv3","title":"CVSSv3"}}