US Cyber Command · Schema
CybersecurityAdvisory
A cybersecurity advisory published by USCYBERCOM jointly with CISA, NSA, FBI, or allied nation cybersecurity agencies, disclosing active threats and recommended mitigations.
CybersecurityFederal GovernmentMilitaryThreat IntelligenceDefense
Properties
| Name | Type | Description |
|---|---|---|
| advisory_id | string | Unique identifier for the advisory. |
| title | string | Title of the cybersecurity advisory. |
| publication_date | string | Date the advisory was published. |
| issuing_agencies | array | Government agencies that jointly authored and issued this advisory. |
| tlp_level | string | Traffic Light Protocol classification level. |
| threat_actor | string | Threat actor or group described in this advisory. |
| nation_state | string | Nation-state sponsor of the described threat. |
| targeted_sectors | array | Critical infrastructure or industry sectors targeted by the described threat. |
| ttps | array | MITRE ATT&CK tactics, techniques, and procedures described in the advisory. |
| advisory_url | string | URL to the full advisory document. |
| cisa_url | string | URL to the CISA advisory page, if jointly published. |
| cvEs | array | CVE identifiers for vulnerabilities discussed in the advisory. |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/api-evangelist/us-cyber-command/refs/heads/main/json-schema/uscybercom-advisory-schema.json",
"title": "CybersecurityAdvisory",
"description": "A cybersecurity advisory published by USCYBERCOM jointly with CISA, NSA, FBI, or allied nation cybersecurity agencies, disclosing active threats and recommended mitigations.",
"type": "object",
"properties": {
"advisory_id": {
"type": "string",
"description": "Unique identifier for the advisory.",
"example": "AA23-320A"
},
"title": {
"type": "string",
"description": "Title of the cybersecurity advisory.",
"example": "Russian Military Cyber Actors Target US and Global Critical Infrastructure"
},
"publication_date": {
"type": "string",
"format": "date",
"description": "Date the advisory was published."
},
"issuing_agencies": {
"type": "array",
"description": "Government agencies that jointly authored and issued this advisory.",
"items": {
"type": "string"
},
"example": ["USCYBERCOM", "CISA", "NSA", "FBI"]
},
"tlp_level": {
"type": "string",
"description": "Traffic Light Protocol classification level.",
"enum": [
"TLP:CLEAR",
"TLP:GREEN",
"TLP:AMBER",
"TLP:RED"
]
},
"threat_actor": {
"type": "string",
"description": "Threat actor or group described in this advisory.",
"example": "Sandworm"
},
"nation_state": {
"type": "string",
"description": "Nation-state sponsor of the described threat.",
"enum": [
"Russia",
"Iran",
"North Korea",
"China",
"Other",
"Unknown"
]
},
"targeted_sectors": {
"type": "array",
"description": "Critical infrastructure or industry sectors targeted by the described threat.",
"items": {
"type": "string"
},
"example": ["Energy", "Water", "Transportation", "Communications"]
},
"ttps": {
"type": "array",
"description": "MITRE ATT&CK tactics, techniques, and procedures described in the advisory.",
"items": {
"type": "string"
},
"example": ["T1190 - Exploit Public-Facing Application", "T1133 - External Remote Services"]
},
"advisory_url": {
"type": "string",
"format": "uri",
"description": "URL to the full advisory document.",
"example": "https://www.cybercom.mil/Media/News/Article/2574011/"
},
"cisa_url": {
"type": "string",
"format": "uri",
"description": "URL to the CISA advisory page, if jointly published.",
"example": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a"
},
"cvEs": {
"type": "array",
"description": "CVE identifiers for vulnerabilities discussed in the advisory.",
"items": {
"type": "string"
},
"example": ["CVE-2023-23397", "CVE-2023-28252"]
}
},
"required": ["advisory_id", "title", "publication_date", "issuing_agencies"]
}