bpmcdevitt/data_importer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

showcase example of captured data potential. this is what we will fill for each CNA

Browse source
This commit is contained in:
Brendan McDevitt 2022-05-20 15:27:16 -05:00
parent c3732be9e7
commit 2825e1105d
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
doc/cna_readme_notes/cnas_with_html_advisories.md
View file

@ -170,5 +170,11 @@ https://www.elastic.co/community/security
HTML table index has everything. cve-id links to mitre. ESA-ID, CVE, Date Disclosed, Vulnerability Summary, Remediation Summary
#### Captured Data Potential From Advisory
```
captured_keys = { :esa_id, :cve, :date_disclosed, :vulnerability_summary, :remediation_summary }
{
:esa_id => "ESA-2021-09",
:cve => "CVE-2021-22138",
:date_disclosed => "2021-03-23",
:vulnerability_summary => "A TLS certificate validation flaw was found in the monitoring feature of Logstash versions 6.4.0 and before versions 6.8.15 and 7.12.0. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data.",
:remediation_summary => "Users should update their version of Logstash to 7.12.0 or 6.8.15."
}
```