This dataset represents a broad ranging public effort to gather cyber security incident reports. Each incident is reported using The Vocabulary for Event Recording and Incident Sharing (VERIS). The collection is maintained by the Verizon RISK Team, and is used by Verizon in its annual Data Breach Investigations Reports (DBIR). The current repository contains more than 5,000 incident reports,that cover a variety of different types of events such as server breach, website defacements, and physically stolen assets.
This dataset is the result of our team's efforts in extracting data incidents targeting an organization's network. Each entry in the dataset is the unique ID of an entry in the VCDB, and indicates a hacking incident that we have successfully mapped to a network asset of the victim organization. These incidents have been used to generate our set of victim organizations' network features.
Using the aggregation units obtained from the Regional Internet Registry (RIR) databases, we have aggregated information on individual IP addresses, such as malicious activities, network misconfigurations or active threat instances, at an organizational level. These features can then be used to train models for assessing risks and predicting future security incidents for an organization. This dataset is available in JSON format and includes features from both victim and non-victim organizations. Our list of features include the organization's network size, aggregated time series data from reputation blacklists (RBLs) over a 60 day period, and several network mismanagement symptoms. For a more detailed explanation on each of the features and the aggregation process, please refer to our conference paper.