Threat Catalog

ThreatCatalog

Experimental

ThreatCatalog describes a set of topically-associated threats

metadata object Required

threats array[Threat]

threats is a list of threats defined by this catalog

Threat

Experimental

Threat describes a specifically-scoped opportunity for a negative impact to the organization

capabilities array[MultiEntryMapping] Required

capabilities documents the relationship between this threat and a system capability

description string Required

description provides a detailed explanation of an opportunity for negative impact

group string Required

group references by id a catalog group that this threat belongs to

id string Required

id allows this entry to be referenced by other elements

title string Required

title describes this threat at a glance

actors array[Actor]

actors describes the relevant internal or external threat actors

vectors array[MultiEntryMapping]

vectors documents the relationship between this threat and one or more vectors