FilesExpand file tree

 master

/

sources.yaml

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

171 lines (151 loc) · 7.09 KB

 master

/

sources.yaml

Top

File metadata and controls

• Code
• Blame

171 lines (151 loc) · 7.09 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

# sources.yaml — Registry of publicly-downloadable cybersecurity reference sources

# Used by update_routine.py to check for newer versions

#

# Fields:

# org: Publishing organization

# name: Report/document name

# content_type: bucket type (threat-intel, breach-report, government, research, etc.)

# url_pattern: Direct URL or URL with {year} placeholder

# latest_known_year: Last version confirmed in this collection

# cadence: annual | quarterly | ad-hoc | ongoing

# notes: Release timing, access notes, etc.

sources:

# ── Breach Reports ──────────────────────────────────────────────────────────

- org: Verizon

name: Data Breach Investigations Report (DBIR)

content_type: breach-report

url_pattern: https://www.verizon.com/business/resources/reports/dbir/

latest_known_year: 2024

cadence: annual

notes: "Released April-May each year. Full report + executive summary available."

- org: IBM/Ponemon

name: Cost of a Data Breach Report

content_type: breach-report

url_pattern: https://www.ibm.com/reports/data-breach

latest_known_year: 2023

cadence: annual

notes: "Released July-August. IBM sponsors, Ponemon Institute conducts research."

# ── Threat Intelligence ──────────────────────────────────────────────────────

- org: Cisco

name: Annual Cybersecurity Report

content_type: threat-intel

url_pattern: https://www.cisco.com/c/en/us/products/security/security-reports.html

latest_known_year: 2018

cadence: annual

notes: "Cisco restructured reporting — check for current equivalent."

- org: Proofpoint

name: State of the Phish

content_type: threat-intel

url_pattern: https://www.proofpoint.com/us/resources/threat-reports/state-of-phish

latest_known_year: 2024

cadence: annual

notes: "Released early in the year. Free registration may be required."

- org: Proofpoint

name: Human Factor Report

content_type: threat-intel

url_pattern: https://www.proofpoint.com/us/resources/threat-reports/human-factor

latest_known_year: 2018

cadence: annual

notes: "Annual. Check for current year version."

- org: Proofpoint

name: Data Loss Landscape Report

content_type: threat-intel

url_pattern: https://www.proofpoint.com/us/resources/threat-reports/data-loss-landscape

latest_known_year: 2024

cadence: annual

notes: "Annual."

- org: CrowdStrike

name: Global Threat Report

content_type: threat-intel

url_pattern: https://www.crowdstrike.com/global-threat-report/

latest_known_year: null

cadence: annual

notes: "Not yet in collection — add. Released Feb-March each year."

- org: Mandiant

name: M-Trends Report

content_type: threat-intel

url_pattern: https://www.mandiant.com/resources/m-trends

latest_known_year: null

cadence: annual

notes: "Not yet in collection — add. Released March each year."

- org: Coveware

name: Ransomware Quarterly Reports

content_type: threat-intel

url_pattern: https://www.coveware.com/ransomware-quarterly-reports

latest_known_year: 2022

cadence: quarterly

notes: "Collection has Q3/Q4 2020, Q2 2022. Check for newer quarters."

# ── Government & Regulatory ──────────────────────────────────────────────────

- org: CISA

name: Cybersecurity Advisories (Joint Advisories)

content_type: government

url_pattern: https://www.cisa.gov/news-events/cybersecurity-advisories

latest_known_year: null

cadence: ongoing

notes: "Landing page for advisories (non-direct downloads). Use for discovery of key AA-series advisories."

- org: CISA

name: Known Exploited Vulnerabilities Catalog

content_type: government

url_pattern: https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

latest_known_year: null

cadence: ongoing

notes: "Direct machine-readable CSV endpoint."

- org: US Intelligence Community

name: Annual Threat Assessment (WWTA)

content_type: government

url_pattern: https://www.dni.gov/index.php/newsroom/reports-publications

latest_known_year: 2023

cadence: annual

notes: "Released Feb-March. Collection has 2018-2023. Check for 2024/2025."

# ── Research ─────────────────────────────────────────────────────────────────

- org: World Economic Forum

name: Global Risks Report

content_type: research

url_pattern: https://www.weforum.org/reports/global-risks-report-{year}

latest_known_year: 2024

cadence: annual

notes: "Released Jan. Collection has 2019, 2021, 2024. Missing 2020, 2022, 2023."

- org: World Economic Forum

name: Global Cybersecurity Outlook

content_type: research

url_pattern: https://www.weforum.org/publications/global-cybersecurity-outlook-{year}/

latest_known_year: null

cadence: annual

notes: "Not yet in collection — add. Annual report on cyber risk."

# ── Frameworks ───────────────────────────────────────────────────────────────

- org: NIST

name: Cybersecurity Framework (CSF) 2.0

content_type: framework

url_pattern: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf

latest_known_year: 2024

cadence: ad-hoc

notes: "Not yet in collection — add. CSF 2.0 released Feb 2024."

- org: CIS

name: CIS Controls v8

content_type: framework

url_pattern: https://www.cisecurity.org/controls/cis-controls-list

latest_known_year: null

cadence: ad-hoc

notes: "Not yet in collection — free registration required."

# ── Standards ────────────────────────────────────────────────────────────────

- org: NIST

name: SP 800-53 Rev 5 (Security Controls)

content_type: standard

url_pattern: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf

latest_known_year: 2020

cadence: ad-hoc

notes: "Not yet in collection — add."

- org: NIST

name: SP 800-61 Rev 2 (Incident Response)

content_type: standard

url_pattern: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

latest_known_year: 2012

cadence: ad-hoc

notes: "Not yet in collection — add. Rev 3 in draft."

- org: Vendor Security Alliance

name: VSA Questionnaire

content_type: tool-template

url_pattern: https://vsa-questionnaire-bucket-docs.s3.us-west-2.amazonaws.com/CurrentVSA.zip

latest_known_year: 2025

cadence: annual

notes: "Stable 'Current' URL always points to latest ZIP. Contains 2 XLSXs. SCRM/TPRM assessment tool."