This is an XML Schema for the V-DNA Dictionary. It is used to transfer full information about a single Alert. For more information, consult the V-DNA Specification document.
Changelog 1.92 :
- Add CVSS v3 and remove CVSS v2 attributes.
- Rename CVSS -> CVSSv2
- Remove some unecessary attributes / sources / url
Changelog 1.91 :
- Add Nessus information
Changelog 1.9 :
- Add SnortRules information
Changelog 1.8 :
- Add IAVM information
Changelog 1.7 :
- Add OpenVAS information
Changelog 1.6 :
- Add OVAL class miscellaneous
Changelog 1.5 :
- Added Security Protection
Changelog 1.4 :
- Added Exploitdb
Changelog 1.3 :
- More detailled attributes
Changelog 1.2 :
- Add CPE urls
Changelog 1.1 :
- Added Metasploit
- Bug on Milw0rm url
Changelog 1.0 :
- VDNA First public release
VDNA
Security-Database
1.92
25/07/2014 17:00:00 PM
vDNA Generation Date
The module Key used to generate this vDNA
Alert Name
Security-database severity, could be NA, Low, Medium, High or Critical
Last modification date
Security-database Alert URL
First publication date
The Securty Protection :
NA : No informations
ALLOWS_OTHER_ACCESS : Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.
ALLOWS_USER_ACCESS : Provides user account access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.
ALLOWS_ADMIN_ACCESS : Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.
Token to verify if Security-Database have modify the vDNA
Common Vulnerability Scoring System v2 (CVSS-SIG). http://www.first.org/
CVSS compliant exemple for a short version: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Common Vulnerability Scoring System v3 (CVSS-SIG). http://www.first.org/
CVSS compliant exemple for a short version: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Security-database Crosslinker Engine
Alert Name
Security-database severity, could be NA, Low, Medium, High or Critical
Open Vulnerability and Assessment Language; OVAL is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. http://oval.mitre.org/
Vulnerability or Inventory
Common Platform Enumeration. http://cpe.mitre.org/
Common Weakness Enumeration. http://cwe.mitre.org/
Common Attack Pattern Enumeration and Classification. http://capec.mitre.org/
SAINT Corporation Exploit Database
Open Source Vunerability Database (OSVDB) Mapping
Milw0rm exploits and 0day exploits database
Exploitdb exploits and 0day exploits database
METASPLOIT exploits and 0day exploits database
OPENVAS database
Information Assurance Vulnerability Management (IAVM)
SnortĀ® IPS/IDS Rules
NessusĀ®