VERIS Framework
What is VERIS Framework?
VERIS FrameworkVerizon's Vocabulary for Event Recording and Incident Sharing — an open schema for describing security incidents in a structured, comparable way.
VERIS (Vocabulary for Event Recording and Incident Sharing) is a free, open schema created by Verizon to describe security incidents in a consistent, machine-readable form. Its core is the A4 model — Actor (who), Action (what), Asset (where), and Attribute (how confidentiality, integrity, or availability was affected) — alongside fields for timeline, discovery, response, and impact. VERIS powers the annual Verizon Data Breach Investigations Report (DBIR) and the public VCDB (VERIS Community Database) of anonymised incidents. Organizations use it to standardise internal incident metrics, benchmark against industry peers, share threat data with information sharing groups, and feed dashboards and risk models with comparable historical data.
● Examples
- 01
Tagging an internal incident in VERIS A4 to feed it into a yearly trend dashboard.
- 02
Comparing your sector's breach distribution against the latest DBIR using VERIS categories.
● Frequently asked questions
What is VERIS Framework?
Verizon's Vocabulary for Event Recording and Incident Sharing — an open schema for describing security incidents in a structured, comparable way. It belongs to the Defense & Operations category of cybersecurity.
What does VERIS Framework mean?
Verizon's Vocabulary for Event Recording and Incident Sharing — an open schema for describing security incidents in a structured, comparable way.
How does VERIS Framework work?
VERIS (Vocabulary for Event Recording and Incident Sharing) is a free, open schema created by Verizon to describe security incidents in a consistent, machine-readable form. Its core is the A4 model — Actor (who), Action (what), Asset (where), and Attribute (how confidentiality, integrity, or availability was affected) — alongside fields for timeline, discovery, response, and impact. VERIS powers the annual Verizon Data Breach Investigations Report (DBIR) and the public VCDB (VERIS Community Database) of anonymised incidents. Organizations use it to standardise internal incident metrics, benchmark against industry peers, share threat data with information sharing groups, and feed dashboards and risk models with comparable historical data.
How do you defend against VERIS Framework?
Defences for VERIS Framework typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for VERIS Framework?
Common alternative names include: VERIS, Verizon VERIS.
● Related terms
- forensics-ir№ 524
Incident Response
The organised process of preparing for, detecting, analysing, containing, eradicating, and recovering from cyber security incidents, then capturing lessons learned.
- defense-ops№ 527
Indicator of Compromise (IoC)
An observable artifact — such as a file hash, IP, domain, URL, or registry key — that suggests a system has been or is being compromised.
- defense-ops№ 266
Cyber Threat Intelligence (CTI)
Evidence-based knowledge about adversaries, their motivations, and methods, used to inform defensive decisions and prioritize controls.
- compliance№ 687
MITRE ATT&CK
A globally accessible knowledge base of adversary tactics and techniques observed in real-world attacks, maintained by MITRE.
- defense-ops№ 315
Diamond Model of Intrusion Analysis
An intrusion analysis framework that ties every malicious event to four linked vertices: adversary, capability, infrastructure, and victim.
- defense-ops№ 136
Business Impact Analysis (BIA)
A structured analysis that identifies critical business processes, their dependencies, and the operational, financial and reputational impact of their disruption.