The VERIS WebApp
So how do you get started using VERIS to record your actual data? We have a WebApp for that! This is a web browser app which lets you walk through a series of form fields to record as much or as little as your know about the incident. Once you finish, you hit Submit and the incident details are converted into a JSON record and stored in the app. To get the data out of the app, you just export it, and the JSON file is saved to your local system. This is a good way to get started coding cases up in VERIS format, and leaves you with data that is suitable for pulling into a nosql database, or into R as we do for the DBIR.
If you aren't already familiar with VERIS and how to code incidents, we have a number of resources available to you. First, we list some training videos by both Rapid7 and by our own team. The Rapid7 videos are good for getting you more familiar with how VERIS works, and the DBIR team videos are all about how to use the webapp on real case examples. We recommend you take a look at the VERIS videos to get familiar with how to apply the framework to actual cases, and then take a look at team videos that match the kind of case you're working on to begin with. We have several common examples in our library.
Get the WebApp and Schema File
Which schema to choose? That largely depends on what you’re using the data for. Each of the schema files corresponds to the use of the data and ends with the VERIS version it represents. As you may know, we update VERIS periodically, usually before we start work on the new year's report. This means that organizations who implemented an older version of VERIS and have not migrated their schema will need to pay attention to the version they choose of the schema file.
The DBIR schema is used by the team coding partner cases for inclusion into the DBIR. For 2022, we will be using the dbir-merged1_3_6.json schema file.
The VCDB schema is for people who are coding cases for the VERIS Community Database project. The 1.3.6 schema file would be vcdb-merged1_3_6.json
The VERISC schema (VERISC stands for VERIS Community) is for people who want to code their own data--not to be shared with anyone necessarily, although you could later chose to share the JSON files if you wanted to. The current schema file for VERISC is verisc-merged1_3_6.json
The schema file will change the fields displayed in the WebApp. For example, a case coded in the VCDB schema will include a field for the name of the organization that was the victim of the breach. For a case in the DBIR, that field would not exist because we do not collect victim-identifying information from our partners. Since the schema files are JSON, you can inspect them for yourself in an editor.
Training Resources
Videos from Rapid7 about VERIS
Trey Ford made several short videos about VERIS that you may find useful. They are a quick introduction to the VERIS framework, and the 4A's--the Actors, Actions, Assets and Attributes that make up the building blocks of the framework.
Videos of using the new webapp can be found at the VERIS Framework youtube channel