All,
As discussed on the call on Tuesday, it seemed like people were looking for a Vulnerability object so that they could say malware/actors/campaigns target particular vulnerabilities.
Way back when we were first working on 2.0 we had a definition in there that I updated and moved over. Primarily, it would be used to capture external references to CVE and other vulnerability identifiers,
as Jason had suggested. It also has a name and description in case there’s no CVE or other reference assigned yet or you want to duplicate them into the object directly. I also added the relationships it would conceivably need.
Can you please review it to see if it captures what you need it to?
Thanks,
John