Home US Cyber Command Uscybercom Advisory Structure
Uscybercom Advisory Structure
A cybersecurity advisory published by USCYBERCOM jointly with CISA, NSA, FBI, or allied nation cybersecurity agencies, disclosing active threats and recommended mitigations.
Type: object
Properties: 12
Required: 4
Cybersecurity Federal Government Military Threat Intelligence Defense
CybersecurityAdvisory is a JSON Structure definition published by US Cyber Command, describing 12 properties, of which 4 are required. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.
Properties
advisory_id
title
publication_date
issuing_agencies
tlp_level
threat_actor
nation_state
targeted_sectors
ttps
advisory_url
cisa_url
cvEs
Meta-schema: https://json-structure.org/meta/core/v0/#
JSON Structure
{
"$schema": "https://json-structure.org/meta/core/v0/#",
"$id": "https://raw.githubusercontent.com/api-evangelist/us-cyber-command/refs/heads/main/json-structure/uscybercom-advisory-structure.json",
"name": "CybersecurityAdvisory",
"description": "A cybersecurity advisory published by USCYBERCOM jointly with CISA, NSA, FBI, or allied nation cybersecurity agencies, disclosing active threats and recommended mitigations.",
"type": "object",
"properties": {
"advisory_id": {
"type": "string",
"description": "Unique identifier for the advisory.",
"example": "AA23-320A"
},
"title": {
"type": "string",
"description": "Title of the cybersecurity advisory.",
"example": "Russian Military Cyber Actors Target US and Global Critical Infrastructure"
},
"publication_date": {
"type": "date",
"description": "Date the advisory was published."
},
"issuing_agencies": {
"type": "array",
"description": "Government agencies that jointly authored and issued this advisory.",
"items": {
"type": "string"
},
"example": [
"USCYBERCOM",
"CISA",
"NSA",
"FBI"
]
},
"tlp_level": {
"type": "string",
"description": "Traffic Light Protocol classification level.",
"enum": [
"TLP:CLEAR",
"TLP:GREEN",
"TLP:AMBER",
"TLP:RED"
]
},
"threat_actor": {
"type": "string",
"description": "Threat actor or group described in this advisory.",
"example": "Sandworm"
},
"nation_state": {
"type": "string",
"description": "Nation-state sponsor of the described threat.",
"enum": [
"Russia",
"Iran",
"North Korea",
"China",
"Other",
"Unknown"
]
},
"targeted_sectors": {
"type": "array",
"description": "Critical infrastructure or industry sectors targeted by the described threat.",
"items": {
"type": "string"
},
"example": [
"Energy",
"Water",
"Transportation",
"Communications"
]
},
"ttps": {
"type": "array",
"description": "MITRE ATT&CK tactics, techniques, and procedures described in the advisory.",
"items": {
"type": "string"
},
"example": [
"T1190 - Exploit Public-Facing Application",
"T1133 - External Remote Services"
]
},
"advisory_url": {
"type": "uri",
"description": "URL to the full advisory document.",
"example": "https://www.cybercom.mil/Media/News/Article/2574011/"
},
"cisa_url": {
"type": "uri",
"description": "URL to the CISA advisory page, if jointly published.",
"example": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a"
},
"cvEs": {
"type": "array",
"description": "CVE identifiers for vulnerabilities discussed in the advisory.",
"items": {
"type": "string"
},
"example": [
"CVE-2023-23397",
"CVE-2023-28252"
]
}
},
"required": [
"advisory_id",
"title",
"publication_date",
"issuing_agencies"
]
}