Skip to content

Add concluded value to identity evidence #411

New issue
New issue
Closed
#412
Closed
Add concluded value to identity evidence#411
#412
Assignees
stevespringett
Labels
proposed core enhancement
Milestone
1.6
@stevespringett

Description

@stevespringett
stevespringett
opened on Mar 24, 2024

Identity evidence has many methods, each with a technique, confidence score, and associated value of the evidence. What is missing, is the concluded value from all of the methods.

For example:

"evidence": {
  "identity": [
    {
      "field": "cpe",
      "confidence": 1.0,
      "concludedValue": "cpe:2.3:a:example:acme-application:1.0.0:*:*:*:*:*:*:*",
      "methods": [
        {
          "technique": "filename",
          "confidence": 0.1,
          "value": "acme-application-1.0.0.exe"
        },
        {
          "technique": "hash-comparison",
          "confidence": 0.8,
          "value": "7c547a9d67cc7bc315c93b6e2ff8e4b6b41ae5be454ac249655ecb5ca2a85abf"
        }
      ]
    }
  ]
}

The example above concludes that the combination of the two methods results in a specific CPE. The proposal is to add concludedValue so that this can be expressed.

Metadata

Metadata

Assignees

Labels

proposed core enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions