VERIS - The language of security

VERIS provides a common format for describing security incidents and a common set of definitions to ensure that what you're describing is understood properly. VERIS is an open format which means that anyone can use it in their organization without paying licensing fees, and it is customizable so you can gather additional variables that you care about without breaking the schema for someone else.

VERIS molecule logo

Model an incident in as much detail as you want (or as little).

The Vocabulary for Event Recording and Incident Sharing (VERIS) was designed to model information security breaches affecting organizations. It has a rich and descriptive set of enumerations that allow for highly detailed models that are useful for data analysis. Yet despite the large set of descriptors, there are very few fields that are actually required in a VERIS incident.

Ready for Data Analysis

The VERIS Framework makes it easy to aggregate a collection of incident data and then perform analysis to identify trends, commonalities, and outliers. VERIS incidents support free-text entry of incident data, as well as coding with pre-defined enumerations for querying and counting.

Each variable in the VERIS framework is beautifully documented in a way that even Wade Baker would have to agree is complete and worthy of excessive praise. Go to the schema documentation

sample graphic from VERIS data
picture of documentation

Examples to follow

Each VERIS incident combines actors, actions, assets, and attributes with anonymized victim demographics and free text fields to provide a complete picture of a security incident. The VERIS wiki has examples of some of the most common security incidents so you can quickly see how these pieces come together to document an incident.

Go to the VERIS examples