Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

FPF’s are json files and have the following sections:

Name

Type

Description

version

string

The Finding Packaging Format document version

meta

object

Describes the Dependency-Track instance that created the file

project

object

The project the findings are associated with

findings

array

An array of zero or more findings

SCARF

We adopted a unified tool output reporting format, called the SWAMP Common Assessment Results Format (SCARF). This format makes it much easier for a tool results viewer to display the output from a given tool. As a result, we have fostered interoperability
among commercial and open source tools. The SCARF framework includes open source libraries in a variety of languages to produce SCARF and process SCARF. In addition, we have produced open source result parsers that translate the output of all the SCARF-based tools to SCARF. We continue to work towards tool interoperability standards by joining the Static Analysis Results Interchange Format (SARIF) Technical Committee. As a participating member, we contribute to creating a standardized, open source static analysis tool format to be adopted by all static analysis tool developers.

You can use SCARF Framework yourself using the libraries:

Available libraries

XML

JSON

Perl

reader writer

reader writer

Python

reader writer

reader writer

C/C++

reader writer

reader writer

Java

reader

SARIF

We are also compliant to OASIS SARIF (Static Analysis Results Interchange Format). Some SDK are available:

...

They are Logging and Auditing file formats and are extensible, text-based formats designed to support multiple device types by offering the most relevant information.

CEF Field Definitions

Field

Definition

Version

An integer that identifies the version of the CEF format. This information is used to determine what the following fields represent.

Example: 0

Device Vendor Device Product Device Version

Strings that uniquely identify the type of sending device. No two products Dec use the same device-vendor and device-product pair, although there is no central authority that manages these pairs. Be sure to assign unique name pairs.

Example: JATP|Cortex|3.6.0.12

Signature ID/ Event Class ID

A unique identifier in CEF format that identifies the event-type. This can be a string or an integer. The Event Class ID identifies the type of event reported.

Example (one of these types):

http |email| cnc| submission| exploit| datatheft

Malware Name

A string indicating the malware name.

Example: TROJAN_FAREIT.DC

Severity/Incident Risk Mapping

An integer that reflects the severity of the event. For the Juniper ATP Appliance CEF, the severity value is an incident risk mapping range from 0-10

Example: 9.

External ID

The Juniper ATP Appliance incident number.

Example: externalId=1003

Event ID

The Juniper ATP Appliance Event ID number.

Example: eventId=13405

Extension

A collection of key-value pairs; the keys are part of a predefined set. An event can contain any number of key- value pairs in any order, separated by spaces.

Note: Review the definitions for these extension field labels provided in the section: CEF Extension Field Key=Value Pair Definitions.

LEEF also has predefined attributes.

...

Team Reviewer is based on open source software developed by Aaron Weaver (OWASP Defect Dojo Project)

COPYRIGHT (C) 2014-2021 2022 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.