CVSSv3 - Cisco XDR APIs

{"type":"model","meta":{"id":"/apps/pubhub/media/cisco-xdr-api-docs/f4e065ff5977829c89df289df08411f83205f526/2c61df32-bc97-34af-969d-a2ce06b8e459","info":{"title":"CTIA","description":"A Threat Intelligence API service\n\n This API provides a mechanism for making Judgements on the Disposition\n of Observables, which are then distilled into a final Verdict. A\n Disposition is a statement regarding the malicious, or otherwise,\n nature of an Observable.\n\n The Judgements can be grouped into Indicators, which can be associated\n with Campaigns, Actors and TTPs. Feedback can be given on specific\n Judgements, indicating agreement or disagreement, or clarification.\n\n When an Observable with a malicious Verdict is seen, it can be recorded as\n a Sighting, and the Relations that Observable had with other Observables can\n be recorded as well.\n\n We support a pre-defined set of Observable Types. Each Observable Type has a\n specific form of natural identifier, its ID, which is almost always\n the default way it is represented when observed in the wild.\n\n * Ipv4/IPv6 -- 192.168.1.1\n * Domain/Hostname -- foo.com, www.bar.com\n * SHA256 -- the sha256 checksum of a file, or other data blob\n * MD5 -- the md5 checksum of a file, or other data blob\n * SHA1 -- the sha1 checksum of a file, or other data blob\n * URL -- A minimal form of the URL\n\n The Verdict is derived from all of the Judgements on that Observable which\n have not yet expired. The highest priority Judgement becomes the\n active verdict. If there is more than one Judgement with that\n priority, than Clean disposition has priority over all others, then\n Malicious disposition, and so on down to Unknown.\n\n \u003ca href='/doc/README.md'\u003eCTIA Documentation\u003c/a\u003e","contact":{"name":"Cisco Security Business Group -- Advanced Threat ","url":"http://github.com/threatgrid/ctia","email":"cisco-intel-api-support@cisco.com"},"license":{"name":"All Rights Reserved","url":""},"version":"2.24.0"},"security":[{"oAuth2":["integration:read","private-intel:read","profile:read","inspect:read","users:read","invite:read","enrich:read","oauth:read","response:read","global-intel:read","ao:read","playbook:read"]}],"tags":[{"name":"Actor","description":"Actor operations"},{"name":"Asset","description":"Asset operations"},{"name":"Asset Mapping","description":"Asset Mapping operations"},{"name":"Asset Properties","description":"Asset Properties operations"},{"name":"Attack Pattern","description":"Attack Pattern operations"},{"name":"Campaign","description":"Campaign operations"},{"name":"Casebook","description":"Casebook operations"},{"name":"COA","description":"COA operations"},{"name":"Event","description":"Events operations"},{"name":"Feed","description":"Feed operations"},{"name":"Incident","description":"Incident operations"},{"name":"Indicator","description":"Indicator operations"},{"name":"Judgement","description":"Judgement operations"},{"name":"Malware","description":"Malware operations"},{"name":"Relationship","description":"Relationship operations"},{"name":"Sighting","description":"Sighting operations"},{"name":"Target Record","description":"Target Record operations"},{"name":"Tool","description":"Tool operations"}],"x-parser-conf":{"serverConfig":"select","overview":{"markdownPath":"reference/private-intel/overview.md","uri":"private-intel-ctia-api-guide"},"disableAuthEditing":true,"exampleAsDefault":true,"oAuth2":{"clientId":"client-546e34fc-c6bf-4951-ac69-f6d7987a7814","clientSecret":"MYw4_E_tBdFwUwrX6WFYKVD5LQrG2k7XrJ5J046wWE0s1gAKCxJ8VA","proxyEnabled":false},"meta":{"useProxy":true}},"openapi":"3.0.1","servers":[{"url":"https://private.intel.amp.cisco.com"}],"securitySchemes":{"oAuth2":{"type":"oauth2","flows":{"clientCredentials":{"tokenUrl":"https://visibility.amp.cisco.com/iroh/oauth2/token","scopes":{"telemetry":"Collect application data for analytics","integration:read":"Manage your modules","private-intel:read":"Access Private Intelligence","admin":"Provide admin privileges","cognitive":"Cognitive Integration","profile:read":"Get your profile information","inspect:read":"Extract Observables and data from text","asset":"Access and modify your assets","event":"Read IROH Events","feedback":"Submit Customer Feedback","sse":"SSE Integration. Manage your Devices.","registry":"Manage registry entries","users:read":"Manage users of your organization","investigation":"Perform threat analysis investigation","invite:read":"Invite users into your organization","casebook":"Access and modify your casebooks","playbook:read":"Access and modify your playbooks","orbital":"Orbital Integration.","enrich:read":"Query your configured modules for threat intelligence","oauth:read":"Manage OAuth2 Clients","vault":"Grants access to Module Vaults","response:read":"List and execute response actions using configured modules","notification":"Receive notifications from integrations","global-intel:read":"Access AMP Global Intelligence","webhook":"Manage your Webhooks","ao:read":"AO Integration."}}}}}},"spec":{"required":["base_score","base_severity","vector_string"],"type":"object","properties":{"integrity_impact":{"type":"string","description":"measures the impact to integrity of a successfully exploited vulnerability","example":"high","enum":["low","none","high"]},"modified_user_interaction":{"type":"string","description":"modified user interaction","example":"none","enum":["none","required","not_defined"]},"modified_scope":{"type":"string","description":"modified scope","example":"not_defined","enum":["changed","unchanged","not_defined"]},"availability_requirement":{"type":"string","description":"These metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a user's organization, measured in terms of Confidentiality, Integrity, and Availability. That is, if an IT asset supports a business function for which Availability is most important, the analyst can assign a greater value to Availability relative to Confidentiality and Integrity. Each security requirement has three possible values: Low, Medium, or High. The full effect on the environmental score is determined by the corresponding Modified Base Impact metrics. That is, these metrics modify the environmental score by reweighting the Modified Confidentiality, Integrity, and Availability impact metrics. For example, the Modified Confidentialityimpact (MC) metric has increased weight if the Confidentiality Requirement (CR) is High. Likewise, the Modified Confidentiality impact metric has decreased weight if the Confidentiality Requirement is Low. The Modified Confidentiality impact metric weighting is neutral if the Confidentiality Requirement is Medium. This same process is applied to the Integrity and Availability requirements.Note that the Confidentiality Requirement will not affect the Environmental score if the (Modified Base) confidentiality impact is set to None. Also, increasing the Confidentiality Requirement from Medium to Highwill not change the Environmental score when the (Modified Base) impact metrics are set to High. This is because the modified impact sub score (part of the Modified Base score that calculates impact) is already at a maximum value of 10. The list of possible values is: `not_defined`: Assigning this value to the metric will not influence the score. It is a signal to the equation to skip this metric. `high`: Loss of [Confidentiality / Integrity / Availability] is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). `medium`: Loss of [Confidentiality / Integrity / Availability] is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers).`low`: Loss of [Confidentiality / Integrity / Availability] is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). For brevity, the same table is used for all three metrics. The greater the Security Requirement, the higher the score (recall that Medium is considered the default).","example":"high","enum":["low","none","high","not_defined"]},"user_interaction":{"type":"string","description":"captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component","example":"none","enum":["none","required"]},"modified_integrity_impact":{"type":"string","description":"modified integrity impact","example":"not_defined","enum":["low","none","high","not_defined"]},"privileges_required":{"type":"string","description":"describes the level of privileges an attacker must possess before successfully exploiting the vulnerability","example":"high","enum":["low","none","high"]},"exploitability_score":{"type":"number","description":"a Score number from 0 to 10","format":"double","example":10},"impact_score":{"type":"number","description":"a Score number from 0 to 10","format":"double","example":10},"environmental_severity":{"type":"string","example":"critical","enum":["low","none","high","medium","critical"]},"modified_availability_impact":{"type":"string","description":"modified availability impact","example":"not_defined","enum":["low","none","high","not_defined"]},"availability_impact":{"type":"string","description":"measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability","example":"high","enum":["low","none","high"]},"scope":{"type":"string","description":"the ability for a vulnerability in one software component to impact resources beyond its means, or privileges","example":"changed","enum":["changed","unchanged"]},"exploit_code_maturity":{"type":"string","description":"measures the likelihood of the vulnerability being attacked","example":"functional","enum":["high","unproven","functional","proof_of_concept","not_defined"]},"modified_attack_complexity":{"type":"string","description":"modified attack complexity","example":"not_defined","enum":["low","high","not_defined"]},"base_severity":{"type":"string","example":"critical","enum":["low","none","high","medium","critical"]},"confidentiality_impact":{"type":"string","description":"measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability","example":"high","enum":["low","none","high"]},"temporal_severity":{"type":"string","description":"temporal severity","example":"critical","enum":["low","none","high","medium","critical"]},"modified_confidentiality_impact":{"type":"string","description":"modified confidentiality impact","example":"not_defined","enum":["low","none","high","not_defined"]},"confidentiality_requirement":{"type":"string","description":"These metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a user's organization, measured in terms of Confidentiality, Integrity, and Availability. That is, if an IT asset supports a business function for which Availability is most important, the analyst can assign a greater value to Availability relative to Confidentiality and Integrity. Each security requirement has three possible values: Low, Medium, or High. The full effect on the environmental score is determined by the corresponding Modified Base Impact metrics. That is, these metrics modify the environmental score by reweighting the Modified Confidentiality, Integrity, and Availability impact metrics. For example, the Modified Confidentialityimpact (MC) metric has increased weight if the Confidentiality Requirement (CR) is High. Likewise, the Modified Confidentiality impact metric has decreased weight if the Confidentiality Requirement is Low. The Modified Confidentiality impact metric weighting is neutral if the Confidentiality Requirement is Medium. This same process is applied to the Integrity and Availability requirements.Note that the Confidentiality Requirement will not affect the Environmental score if the (Modified Base) confidentiality impact is set to None. Also, increasing the Confidentiality Requirement from Medium to Highwill not change the Environmental score when the (Modified Base) impact metrics are set to High. This is because the modified impact sub score (part of the Modified Base score that calculates impact) is already at a maximum value of 10. The list of possible values is: `not_defined`: Assigning this value to the metric will not influence the score. It is a signal to the equation to skip this metric. `high`: Loss of [Confidentiality / Integrity / Availability] is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). `medium`: Loss of [Confidentiality / Integrity / Availability] is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers).`low`: Loss of [Confidentiality / Integrity / Availability] is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). For brevity, the same table is used for all three metrics. The greater the Security Requirement, the higher the score (recall that Medium is considered the default).","example":"high","enum":["low","none","high","not_defined"]},"report_confidence":{"type":"string","description":"measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details","example":"confirmed","enum":["unknown","reasonable","confirmed"]},"temporal_score":{"type":"number","description":"Round up(CVSSv3BaseScore × CVSSv3ExploitCodeMaturity × CVSSv3RemediationLevel × CVSSv3ReportConfidence)","format":"double","example":10},"modified_privileges_required":{"type":"string","description":"modified privileges required","example":"not_defined","enum":["low","none","high","not_defined"]},"modified_attack_vector":{"type":"string","description":"modified attack vector","example":"not_defined","enum":["network","adjacent_network","local","physical","not_defined"]},"base_score":{"type":"number","description":"The base score is a key metric in CVSS, which uses a scoring system to determine the level of severity of a vulnerability. see: https://www.first.org/cvss/v3-1","format":"double","example":10},"environmental_score":{"type":"number","description":"a Score number from 0 to 10","format":"double","example":10},"remediation_level":{"type":"string","description":"Remediation Level of a vulnerability is an important factor for prioritization","example":"high","enum":["temporary_fix","offical_fix","high","workaround","unavailable","not_defined"]},"vector_string":{"type":"string","description":"a text representation of a set of CVSSv3 metrics. It is commonly used to record or transfer CVSSv3 metric information in a concise form","example":"string"},"integrity_requirement":{"type":"string","description":"These metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a user's organization, measured in terms of Confidentiality, Integrity, and Availability. That is, if an IT asset supports a business function for which Availability is most important, the analyst can assign a greater value to Availability relative to Confidentiality and Integrity. Each security requirement has three possible values: Low, Medium, or High. The full effect on the environmental score is determined by the corresponding Modified Base Impact metrics. That is, these metrics modify the environmental score by reweighting the Modified Confidentiality, Integrity, and Availability impact metrics. For example, the Modified Confidentialityimpact (MC) metric has increased weight if the Confidentiality Requirement (CR) is High. Likewise, the Modified Confidentiality impact metric has decreased weight if the Confidentiality Requirement is Low. The Modified Confidentiality impact metric weighting is neutral if the Confidentiality Requirement is Medium. This same process is applied to the Integrity and Availability requirements.Note that the Confidentiality Requirement will not affect the Environmental score if the (Modified Base) confidentiality impact is set to None. Also, increasing the Confidentiality Requirement from Medium to Highwill not change the Environmental score when the (Modified Base) impact metrics are set to High. This is because the modified impact sub score (part of the Modified Base score that calculates impact) is already at a maximum value of 10. The list of possible values is: `not_defined`: Assigning this value to the metric will not influence the score. It is a signal to the equation to skip this metric. `high`: Loss of [Confidentiality / Integrity / Availability] is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). `medium`: Loss of [Confidentiality / Integrity / Availability] is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers).`low`: Loss of [Confidentiality / Integrity / Availability] is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers). For brevity, the same table is used for all three metrics. The greater the Security Requirement, the higher the score (recall that Medium is considered the default).","example":"high","enum":["low","none","high","not_defined"]},"attack_vector":{"type":"string","description":"Reflects the context by which vulnerability exploitation is possible","example":"adjacent_network","enum":["network","adjacent_network","local","physical"]},"attack_complexity":{"type":"string","description":"describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability","example":"high","enum":["low","high"]}},"additionalProperties":false,"example":{"integrity_impact":"high","modified_user_interaction":"none","modified_scope":"not_defined","availability_requirement":"high","user_interaction":"none","modified_integrity_impact":"not_defined","privileges_required":"high","exploitability_score":10,"impact_score":10,"environmental_severity":"critical","modified_availability_impact":"not_defined","availability_impact":"high","scope":"changed","exploit_code_maturity":"functional","modified_attack_complexity":"not_defined","base_severity":"critical","confidentiality_impact":"high","temporal_severity":"critical","modified_confidentiality_impact":"not_defined","confidentiality_requirement":"high","report_confidence":"confirmed","temporal_score":10,"modified_privileges_required":"not_defined","modified_attack_vector":"not_defined","base_score":10,"environmental_score":10,"remediation_level":"high","vector_string":"string","integrity_requirement":"high","attack_vector":"adjacent_network","attack_complexity":"high"},"$$ref":"#/components/schemas/CVSSv3","title":"CVSSv3"}}