data/capec.sample.R
In r-net-tools/net-security: Security Standards Data Sets
#' Sample of 100 random CAPEC
#'
#' A data set containing public information about CAPEC information from MITRE.
#'
#' \describe{
#' \item{id}{This attribute provides a unique identifier for the entry. It will be static for the lifetime of the entry. In the event that this entry becomes deprecated, the ID will not be reused and a pointer will be left in this entry to the replacement.}
#' \item{name}{The Name is a descriptive name used to give the reader an idea of the meaning behind the compound attack pattern structure. All words in the name should be capitalized except for articles and prepositions unless they begin or end the name. Subsequent words in a hyphenated chain are also not capitalized.}
#' \item{status}{The Status attribute defines the status level for this view.}
#' \item{pattern.abstraction}{The Abstraction defines the abstraction level for this attack pattern. The abstraction levels for Compound_Elements and Attack Patterns are the same. For example, if the Compound_Element is a chain, and all elements of the chain are Meta level, then the Compound_Element Abstraction attribute is Meta.}
#' \item{pattern.completeness}{Pattern_Completeness attribute for each pattern to allow easy discrimination between attack pattern stubs and full attack patterns.}
#' \item{descr}{This element represents a detailed description of an attack pattern. Content may include a summary and a list of steps taken by the attacker. USAGE: This element can be used to capture a range of descriptive information. Comprehensive descriptions might include attack trees, exploit graphs, etc., to more clearly elaborate this type of attack.}
#' \item{attack.prerequisites}{An attack prerequisite is a condition that must exist in order for an attack of this type to succeed. This field describes an individual attack prerequisite.}
#' \item{severity}{This element reflect the typical severity of an attack on a scale of {Very Low, Low, Medium, High, Very High}. USAGE: This element is used to capture an overall typical average value for this type of attack with the understanding that it will not be completely accurate for all attacks.}
#' \item{likelihood.exploit}{This element reflect the likelihood of attack success on a scale of {Very Low, Low, Medium, High, Very High}, in consideration of the attack prerequisites, targeted weakness, attack surface, skills and resources required, as well as effectiveness of likely implemented blocking solutions.}
#' \item{likelihood.exploit.descr}{This element provides qualifications or assumptions regarding the estimated likelihood.}
#' \item{methods.of.attack}{This element represents a container of one or more methods of attack. Method of attack is enumerated list of defined vectors that identify the underlying mechanism(s) used in the attack. Method of attack is enumerated list of defined vectors that identify the underlying mechanism(s) used in the attack. USAGE: This element is represented as an enumerated list to facilitate normalization and classification of attack patterns, and to help define the applicable attack surface required for this attack.}
#' \item{examples.cves}{This element represents a container of one or more example instances. An example instance details an explanatory example or demonstrative exploit instance of this attack, USAGE: This element is used to to help the reader understand the nature, context and variability of the attack in more practical and concrete terms. This element identifies specific vulnerabilities targeted by this exploit instance of the attack. USAGE: This element is used to reference industry-standard identifiers such as Common Vulnerabilities and Exposures (CVE) numbers and/or US-CERT numbers.}
#' \item{hack.skills}{This element represents a container of one or more attacker skill or knowledge required. Attacker skill or knowledge required describes the level of skills or specific knowledge needed by an attacker to execute this type of attack. Attacker skill or knowledge required describes the level of skills or specific knowledge needed by an attacker to execute this type of attack. First element reflects the level of knowledge or skill required to execute this type of attack on a scale of { Low, Medium, High }. USAGE: This element is used to represent the level with respect to a specified type of skill or knowledge, e.g., low - basic SQL knowledge, high - expert knowledge of LINUX kernel, etc. Second element details the skill or knowledge required.}
#' \item{resources.required}{This element describes the resources (CPU cycles, IP addresses, tools, etc.) required by an attacker to effectively execute this type of attack.}
#' \item{proving.techniques}{This element represents a container of one or more probing techniques. A probing technique describes a method used to probe and reconnoiter a potential target to determine vulnerability and/or to prepare for this type of attack. A probing technique describes a method used to probe and reconnoiter a potential target to determine vulnerability and/or to prepare for this type of attack.}
#' \item{indicators.warnings.of.Attack}{This element represents a container of one or more indicator warning of attack. Indicator warning of attack describes activities, events, conditions or behaviors that may indicate that an attack of this type is imminent, in progress or has occurred. Indicator warning of attack describes activities, events, conditions or behaviors that may indicate that an attack of this type is imminent, in progress or has occurred.}
#' \item{obfuscation.techniques}{This element represents a container of one or more obfuscation techniques. An obfuscation technique can be used to disguise the fact that an attack of this type is imminent, in progress or has occurred. An obfuscation technique can be used to disguise the fact that an attack of this type is imminent, in progress or has occurred.}
#' \item{solutions.mitigations}{This element represents a container of one or more solutions or mitigations. A solution or mitigation describes actions or approaches to prevent or mitigate the risk of this attack by improving the resilience of the target system, reduce its attack surface or to reduce the impact of the attack if it is successful.}
#' \item{attack.motivation.consequences}{This element represents a container of one ore more attack motivation consequences. Attack motivation consequence represents the desired technical results that could be achieved/leveraged by this attack pattern, represented as an enumerated list of defined adversary motivations/consequences. USAGE: This element is used to identify specific technical results that could be leveraged to achieve the adversary's business or mission objective. This information is useful for aligning attack patterns to threat models and for determining which attack patterns are relevant for a given context.}
#' \item{injection.vector}{This element details the mechanism and format of an input-driven attack of this type. Injection vectors take into account the grammar of an attack, the syntax accepted by the system, the position of various fields, and the ranges of data that are acceptable.}
#' \item{payload}{This element describes the code, configuration or other data to be executed or otherwise activated as part of an injection-based attack of this type.}
#' \item{activation.zone}{This element describes the area within the target software that is capable of executing or otherwise activating the payload of an injection-based attack of this type. The activation zone is where the intent of the attacker is put into action. The activation zone may be a command interpreter, some active machine code in a buffer, a client browser, a system API call, etc.}
#' \item{payload.activation.impact}{This element describes the impact that the activation of the attack payload for an injection-based attack of this type would typically have on the confidentiality, integrity or availability of the target software.}
#' \item{related.cwe.target}{This element represents a container of one or more related weaknesses. Related weaknesses refer to software weaknesses potentially targeted for exploit by this attack pattern. USAGE: This element is used to reference industry standard Common Weakness Enumeration (CWE) data, including weaknesses that are exploited by the attack as well as weaknesses whose presence increases the likelihood or impact of the attack. USAGE: This element is used to indicate whether the weakness is targeted or secondary. If the attack is designed to exploit the weakness, then that weakness is Targeted. A weaknesses whose presence may increase the likelihood of the attack succeeding or the impact of the attack if it does succeed is Secondary.}
#' \item{related.cwe.second}{This element represents a container of one or more related weaknesses. Related weaknesses refer to software weaknesses potentially targeted for exploit by this attack pattern. USAGE: This element is used to reference industry standard Common Weakness Enumeration (CWE) data, including weaknesses that are exploited by the attack as well as weaknesses whose presence increases the likelihood or impact of the attack. USAGE: This element is used to indicate whether the weakness is targeted or secondary. If the attack is designed to exploit the weakness, then that weakness is Targeted. A weaknesses whose presence may increase the likelihood of the attack succeeding or the impact of the attack if it does succeed is Secondary.}
#' \item{related.cves}{This element represents a specific instance vulnerability targeted for exploit by this attack pattern. The element contains the Common Vulnerabilities and Explosures (CVE) or US-CERT number identifying the vulnerability.}
#' \item{related.capec}{This element represents a container of one or more related capec IDs.}
#' \item{related.attack.patterns}{This element represents a container of one or more related attack patterns. A related attack pattern refers to an attack pattern that is dependent on or applied in conjunction with this attack pattern.}
#' \item{relevant.security.requirements}{A relevant security requirement is a general security requirement that is relevant to this type of attack.}
#' \item{related.security.principles}{A related security principle is a security rule or practice that impedes this attack pattern.}
#' \item{related.guidelines}{A related guideline represents a security guideline that is relevant to identifying or mitigating this type of attack.}
#' \item{purposes}{Purpose refers to the intended purpose behind the attack pattern relative to an enumerated list of attack objectives. USAGE: This element is represented as an enumerated list to facilitate normalization and classification of attack patterns.}
#' \item{impact.confidentiality}{This element characterizes the typical relative impact of this pattern on the confidentiality, integrity, and availability of the targeted software. This element describes the typical impact of this pattern on the confidentiality characteristics of the targeted software and related data.}
#' \item{impact.integrity}{This element characterizes the typical relative impact of this pattern on the confidentiality, integrity, and availability of the targeted software. This element describes the typical impact of this pattern on the integrity characteristics of the targeted software and related data.}
#' \item{impact.availability}{This element characterizes the typical relative impact of this pattern on the confidentiality, integrity, and availability of the targeted software. This element describes the typical impact of this pattern on the availability characteristics of the targeted software and related data.}
#' \item{tech.architectural.paradigms}{This element characterizes the technical context where this pattern is applicable. Architectural paradigm characterizes the target using an enumerated list of supported paradigms in which this attack pattern is possible and relevant. USAGE: This element is represented as an enumerated list to facilitate normalization and classification of attack patterns.}
#' \item{tech.frameworks}{This element characterizes the technical context where this pattern is applicable. This element represents a container of one or more frameworks in which this attack pattern is possible and relevant. Frameworks characterizes the target using an enumerated list of frameworks utilized by the target.}
#' \item{tech.platforms}{This element characterizes the technical context where this pattern is applicable. This element represents a container of one or more platforms in which this attack pattern is possible and relevant. Platforms characterizes the target using an enumerated list of platforms utilized by the target.}
#' \item{tech.languages}{This element characterizes the technical context where this pattern is applicable. This element represents a container of one or more languages in which this attack pattern is possible and relevant. Languages characterizes the target using an enumerated list of languages utilized by the target.}
#' \item{references}{Reference represents a documentary resource used to develop the definition of this attack pattern.}
#' }
#'
#' @docType data
#'
#' @name capec.sample
#'
#' @usage data(capec.sample)
#'
#' @format A data frame with 100 rows and 34 columns.
#'
#' @keywords capec
#'
#' @source \url{https://capec.mitre.org/about/index.html}
"capec.sample"
r-net-tools/net-security documentation built on May 26, 2019, 11:20 p.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
#' Sample of 100 random CAPEC
#'
#' A data set containing public information about CAPEC information from MITRE.
#'
#' \describe{
#' \item{id}{This attribute provides a unique identifier for the entry. It will be static for the lifetime of the entry. In the event that this entry becomes deprecated, the ID will not be reused and a pointer will be left in this entry to the replacement.}
#' \item{name}{The Name is a descriptive name used to give the reader an idea of the meaning behind the compound attack pattern structure. All words in the name should be capitalized except for articles and prepositions unless they begin or end the name. Subsequent words in a hyphenated chain are also not capitalized.}
#' \item{status}{The Status attribute defines the status level for this view.}
#' \item{pattern.abstraction}{The Abstraction defines the abstraction level for this attack pattern. The abstraction levels for Compound_Elements and Attack Patterns are the same. For example, if the Compound_Element is a chain, and all elements of the chain are Meta level, then the Compound_Element Abstraction attribute is Meta.}
#' \item{pattern.completeness}{Pattern_Completeness attribute for each pattern to allow easy discrimination between attack pattern stubs and full attack patterns.}
#' \item{descr}{This element represents a detailed description of an attack pattern. Content may include a summary and a list of steps taken by the attacker. USAGE: This element can be used to capture a range of descriptive information. Comprehensive descriptions might include attack trees, exploit graphs, etc., to more clearly elaborate this type of attack.}
#' \item{attack.prerequisites}{An attack prerequisite is a condition that must exist in order for an attack of this type to succeed. This field describes an individual attack prerequisite.}
#' \item{severity}{This element reflect the typical severity of an attack on a scale of {Very Low, Low, Medium, High, Very High}. USAGE: This element is used to capture an overall typical average value for this type of attack with the understanding that it will not be completely accurate for all attacks.}
#' \item{likelihood.exploit}{This element reflect the likelihood of attack success on a scale of {Very Low, Low, Medium, High, Very High}, in consideration of the attack prerequisites, targeted weakness, attack surface, skills and resources required, as well as effectiveness of likely implemented blocking solutions.}
#' \item{likelihood.exploit.descr}{This element provides qualifications or assumptions regarding the estimated likelihood.}
#' \item{methods.of.attack}{This element represents a container of one or more methods of attack. Method of attack is enumerated list of defined vectors that identify the underlying mechanism(s) used in the attack. Method of attack is enumerated list of defined vectors that identify the underlying mechanism(s) used in the attack. USAGE: This element is represented as an enumerated list to facilitate normalization and classification of attack patterns, and to help define the applicable attack surface required for this attack.}
#' \item{examples.cves}{This element represents a container of one or more example instances. An example instance details an explanatory example or demonstrative exploit instance of this attack, USAGE: This element is used to to help the reader understand the nature, context and variability of the attack in more practical and concrete terms. This element identifies specific vulnerabilities targeted by this exploit instance of the attack. USAGE: This element is used to reference industry-standard identifiers such as Common Vulnerabilities and Exposures (CVE) numbers and/or US-CERT numbers.}
#' \item{hack.skills}{This element represents a container of one or more attacker skill or knowledge required. Attacker skill or knowledge required describes the level of skills or specific knowledge needed by an attacker to execute this type of attack. Attacker skill or knowledge required describes the level of skills or specific knowledge needed by an attacker to execute this type of attack. First element reflects the level of knowledge or skill required to execute this type of attack on a scale of { Low, Medium, High }. USAGE: This element is used to represent the level with respect to a specified type of skill or knowledge, e.g., low - basic SQL knowledge, high - expert knowledge of LINUX kernel, etc. Second element details the skill or knowledge required.}
#' \item{resources.required}{This element describes the resources (CPU cycles, IP addresses, tools, etc.) required by an attacker to effectively execute this type of attack.}
#' \item{proving.techniques}{This element represents a container of one or more probing techniques. A probing technique describes a method used to probe and reconnoiter a potential target to determine vulnerability and/or to prepare for this type of attack. A probing technique describes a method used to probe and reconnoiter a potential target to determine vulnerability and/or to prepare for this type of attack.}
#' \item{indicators.warnings.of.Attack}{This element represents a container of one or more indicator warning of attack. Indicator warning of attack describes activities, events, conditions or behaviors that may indicate that an attack of this type is imminent, in progress or has occurred. Indicator warning of attack describes activities, events, conditions or behaviors that may indicate that an attack of this type is imminent, in progress or has occurred.}
#' \item{obfuscation.techniques}{This element represents a container of one or more obfuscation techniques. An obfuscation technique can be used to disguise the fact that an attack of this type is imminent, in progress or has occurred. An obfuscation technique can be used to disguise the fact that an attack of this type is imminent, in progress or has occurred.}
#' \item{solutions.mitigations}{This element represents a container of one or more solutions or mitigations. A solution or mitigation describes actions or approaches to prevent or mitigate the risk of this attack by improving the resilience of the target system, reduce its attack surface or to reduce the impact of the attack if it is successful.}
#' \item{attack.motivation.consequences}{This element represents a container of one ore more attack motivation consequences. Attack motivation consequence represents the desired technical results that could be achieved/leveraged by this attack pattern, represented as an enumerated list of defined adversary motivations/consequences. USAGE: This element is used to identify specific technical results that could be leveraged to achieve the adversary's business or mission objective. This information is useful for aligning attack patterns to threat models and for determining which attack patterns are relevant for a given context.}
#' \item{injection.vector}{This element details the mechanism and format of an input-driven attack of this type. Injection vectors take into account the grammar of an attack, the syntax accepted by the system, the position of various fields, and the ranges of data that are acceptable.}
#' \item{payload}{This element describes the code, configuration or other data to be executed or otherwise activated as part of an injection-based attack of this type.}
#' \item{activation.zone}{This element describes the area within the target software that is capable of executing or otherwise activating the payload of an injection-based attack of this type. The activation zone is where the intent of the attacker is put into action. The activation zone may be a command interpreter, some active machine code in a buffer, a client browser, a system API call, etc.}
#' \item{payload.activation.impact}{This element describes the impact that the activation of the attack payload for an injection-based attack of this type would typically have on the confidentiality, integrity or availability of the target software.}
#' \item{related.cwe.target}{This element represents a container of one or more related weaknesses. Related weaknesses refer to software weaknesses potentially targeted for exploit by this attack pattern. USAGE: This element is used to reference industry standard Common Weakness Enumeration (CWE) data, including weaknesses that are exploited by the attack as well as weaknesses whose presence increases the likelihood or impact of the attack. USAGE: This element is used to indicate whether the weakness is targeted or secondary. If the attack is designed to exploit the weakness, then that weakness is Targeted. A weaknesses whose presence may increase the likelihood of the attack succeeding or the impact of the attack if it does succeed is Secondary.}
#' \item{related.cwe.second}{This element represents a container of one or more related weaknesses. Related weaknesses refer to software weaknesses potentially targeted for exploit by this attack pattern. USAGE: This element is used to reference industry standard Common Weakness Enumeration (CWE) data, including weaknesses that are exploited by the attack as well as weaknesses whose presence increases the likelihood or impact of the attack. USAGE: This element is used to indicate whether the weakness is targeted or secondary. If the attack is designed to exploit the weakness, then that weakness is Targeted. A weaknesses whose presence may increase the likelihood of the attack succeeding or the impact of the attack if it does succeed is Secondary.}
#' \item{related.cves}{This element represents a specific instance vulnerability targeted for exploit by this attack pattern. The element contains the Common Vulnerabilities and Explosures (CVE) or US-CERT number identifying the vulnerability.}
#' \item{related.capec}{This element represents a container of one or more related capec IDs.}
#' \item{related.attack.patterns}{This element represents a container of one or more related attack patterns. A related attack pattern refers to an attack pattern that is dependent on or applied in conjunction with this attack pattern.}
#' \item{relevant.security.requirements}{A relevant security requirement is a general security requirement that is relevant to this type of attack.}
#' \item{related.security.principles}{A related security principle is a security rule or practice that impedes this attack pattern.}
#' \item{related.guidelines}{A related guideline represents a security guideline that is relevant to identifying or mitigating this type of attack.}
#' \item{purposes}{Purpose refers to the intended purpose behind the attack pattern relative to an enumerated list of attack objectives. USAGE: This element is represented as an enumerated list to facilitate normalization and classification of attack patterns.}
#' \item{impact.confidentiality}{This element characterizes the typical relative impact of this pattern on the confidentiality, integrity, and availability of the targeted software. This element describes the typical impact of this pattern on the confidentiality characteristics of the targeted software and related data.}
#' \item{impact.integrity}{This element characterizes the typical relative impact of this pattern on the confidentiality, integrity, and availability of the targeted software. This element describes the typical impact of this pattern on the integrity characteristics of the targeted software and related data.}
#' \item{impact.availability}{This element characterizes the typical relative impact of this pattern on the confidentiality, integrity, and availability of the targeted software. This element describes the typical impact of this pattern on the availability characteristics of the targeted software and related data.}
#' \item{tech.architectural.paradigms}{This element characterizes the technical context where this pattern is applicable. Architectural paradigm characterizes the target using an enumerated list of supported paradigms in which this attack pattern is possible and relevant. USAGE: This element is represented as an enumerated list to facilitate normalization and classification of attack patterns.}
#' \item{tech.frameworks}{This element characterizes the technical context where this pattern is applicable. This element represents a container of one or more frameworks in which this attack pattern is possible and relevant. Frameworks characterizes the target using an enumerated list of frameworks utilized by the target.}
#' \item{tech.platforms}{This element characterizes the technical context where this pattern is applicable. This element represents a container of one or more platforms in which this attack pattern is possible and relevant. Platforms characterizes the target using an enumerated list of platforms utilized by the target.}
#' \item{tech.languages}{This element characterizes the technical context where this pattern is applicable. This element represents a container of one or more languages in which this attack pattern is possible and relevant. Languages characterizes the target using an enumerated list of languages utilized by the target.}
#' \item{references}{Reference represents a documentary resource used to develop the definition of this attack pattern.}
#' }
#'
#' @docType data
#'
#' @name capec.sample
#'
#' @usage data(capec.sample)
#'
#' @format A data frame with 100 rows and 34 columns.
#'
#' @keywords capec
#'
#' @source \url{https://capec.mitre.org/about/index.html}
"capec.sample"
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.