Feature - Veris Schema Support

The Veris Framework http://veriscommunity.net/ is an industry effort to put together a standard language to describe security incidents, especially security breaches. They define a schema for the fields and data elements to collect during a security incident investigation and response. I’ve added what I can through custom fields, but with only three custom field tabs and only ten fields per tab, it is not possible to add the entire Veris framework into eramba using custom fields, and you lose some of the modular nature of the schema, being limited to three tabs. It would be a good thing for Eramba to support this schema natively.

hello!

it does sound a bit too complex for eramba , i never heard about this before and i’ll have a read to understand more about it.

Who else is using this framework?

Regards!

I’ve been able to add much of the Veris framework through use of custom fields.

Could you share screenshot of your use of custom fields ? Any issues with reporting ?

Custom Tab: Impact Assessment
Name Type Action
Impact.Overall.Rating Dropdown
Impact.Loss.Variety Dropdown
Impact.Loss.Rating Dropdown
Asset.Variety Dropdown
Attribute.Confidentiality.Data_Disclosure Dropdown
Attribute.Integrity.Variety Dropdown
Attribute.Availability.Variety Dropdown
Attribute.Confidentiality.Data.Variety Dropdown
Attribute.Confidentiality.State Dropdown
Custom Tab: Incident Description
Name Type Action
Actor.x.Motive Dropdown
Actor.External.Variety Dropdown
Actor.Internal.Variety Dropdown
Action.Malware.Variety Dropdown
Action.Malware.Vector Dropdown
Action.Hacking.Variety Dropdown
Action.Social.Variety Dropdown
Action.Social.Vector Dropdown
Action.Social.Target Dropdown
Action.Misuse.Variety Dropdown
Custom Tab: Discovery and Response
Name Type Action
Security.Incident Dropdown
Discovery_Method Dropdown
Targeted Dropdown
Cost.Corrective.Action Dropdown
Acton.Physical.Location Dropdown
Action.Physical.Vector Dropdown
Jurisdiction Dropdown

Check boxes would have been better than multivalued dropdown for many fields, but they’re not available for custom fields. Reporting is not showing the distribution of controls, nor of status. I’m not certain that this is related to the custom fields, which don’t show in the reports. Incident classification shows just fine.

I can’t get the screen captures to load as all I can generate are TIFFs.

Just understood why you weren’t listing the whole vector / varieties… the 10 custom filed per tab…

I would rather see eramba support integration with or delegation to external ticketing systems for incidents, eg jira, which could easily support veris model.