CUE Central Registry

github.com/gemaraproj/gemara@v0.23.0

test/test-data/good-vector-mitre-mapping.yaml raw

 1title: Vector Catalog to MITRE ATT&CK Mapping
 2metadata:
 3  id: VECTOR-MITRE-MAP-001
 4  version: "1.0.0"
 5  type: MappingDocument
 6  gemara-version: "0.20.0"
 7  description: Maps Vector Catalog vectors to MITRE ATT&CK techniques
 8  author:
 9    id: security-team
10    name: Security Team
11    type: Human
12  mapping-references:
13    - id: EXAMPLE-VECTOR-CATALOG
14      title: Example Attack Vector Catalog
15      version: "1.0.0"
16    - id: MITRE-ATTACK
17      title: MITRE ATT&CK Framework
18      version: "v16.1"
19      url: "https://attack.mitre.org/"
20
21source-reference:
22  reference-id: EXAMPLE-VECTOR-CATALOG
23target-reference:
24  reference-id: MITRE-ATTACK
25remarks: Maps containerized system attack vectors to corresponding MITRE ATT&CK techniques
26
27mappings:
28  - id: VEC001-T1190
29    source:
30      entry-id: VEC-001
31      entry-type: Vector
32    target:
33      entry-id: T1190
34      entry-type: Vector
35    relationship: relates-to
36    rationale: >-
37      Container image vulnerabilities can be 
38      exploited through public-facing applications
39
40  - id: VEC002-T1611
41    source:
42      entry-id: VEC-002
43      entry-type: Vector
44    target:
45      entry-id: T1611
46      entry-type: Vector
47    relationship: equivalent
48    rationale: >- 
49      Container escape directly maps to MITRE ATT&CK 
50      technique T1611: Escape to Host