2021-02-07 11:37:48 +01:00
|
|
|
---
|
|
|
|
namespace: cycat
|
2021-02-07 18:59:36 +01:00
|
|
|
expanded: Cybersecurity Resource Catalogue
|
|
|
|
description: Taxonomy used by CyCAT, the Cybersecurity Resource Catalogue,
|
2021-02-07 11:37:48 +01:00
|
|
|
to categorize the namespaces it supports and uses.
|
|
|
|
version: 1
|
|
|
|
refs:
|
|
|
|
- https://www.cycat.org/
|
|
|
|
values:
|
|
|
|
- predicate: type
|
|
|
|
entry:
|
|
|
|
- value: tool
|
|
|
|
expanded: Tool
|
|
|
|
description: Open source or proprietary tool used in cybersecurity.
|
|
|
|
- value: playbook
|
|
|
|
expanded: Playbook
|
|
|
|
description: Playbook, such as a defined set of rules with one or more actions
|
|
|
|
triggered by different events to respond to, orchestrate or automate cybersecurity
|
|
|
|
related actions.
|
|
|
|
- value: taxonomy
|
|
|
|
expanded: Taxonomy
|
|
|
|
description: Cybersecurity taxonomy is a set of labels used to classify (in both
|
|
|
|
terms - arrange in classes or/and design to national classification) cybersecurity
|
|
|
|
related information.
|
|
|
|
- value: rule
|
|
|
|
expanded: Rule
|
|
|
|
description: Detection rule or set of detection rules used in the cybersecurity
|
|
|
|
field. Rulesets can be in different formats for (N/L)IDS/SIEM (such as Snort,
|
|
|
|
Suricata, Zeek, SIGMA or YARA) or any other tool capable of parsing them.
|
|
|
|
- value: notebook
|
|
|
|
expanded: Notebook
|
|
|
|
description: Interactive document to code, experiment, train or visualize cybersecurity-related
|
|
|
|
information. A notebook can be transcribed in a format such as Jupyter Notebooks,
|
|
|
|
Apache Zeppelin, Pluton or Google Colab.
|
|
|
|
- value: vulnerability
|
|
|
|
expanded: Vulnerability
|
|
|
|
description: Public or non-public information about a security vulnerability in
|
|
|
|
a specific software, hardware or service.
|
|
|
|
- value: proof-of-concept
|
|
|
|
expanded: Proof-of-concept
|
|
|
|
description: Code to validate a known vulnerability.
|
|
|
|
- value: fingerprint
|
|
|
|
expanded: Fingerprint
|
|
|
|
description: Code to uniquely identify specific cybersecurity-relevant patterns.
|
|
|
|
Fingerprints can be expressed in different formats such as ja3, ja3s, hassh,
|
|
|
|
jarm or favicon-mmh3.
|
|
|
|
- value: mitigation
|
|
|
|
expanded: Mitigation
|
|
|
|
description: Mitigating control to prevent unwanted activity from happening, like
|
|
|
|
a specific configuration of the operating system/tools or an implementation
|
|
|
|
policy.
|
|
|
|
- value: dataset
|
|
|
|
expanded: Dataset
|
|
|
|
description: Dataset for validation of detections and tool stacks,
|
|
|
|
- predicate: scope
|
|
|
|
entry:
|
|
|
|
- value: identify
|
|
|
|
expanded: Identify
|
|
|
|
- value: protect
|
|
|
|
expanded: Protect
|
|
|
|
- value: detect
|
|
|
|
expanded: Detect
|
|
|
|
- value: respond
|
|
|
|
expanded: Respond
|
|
|
|
- value: recover
|
|
|
|
expanded: Recover
|
|
|
|
- value: exploit
|
|
|
|
expanded: Exploit
|
|
|
|
- value: investigate
|
|
|
|
expanded: Investigate
|
|
|
|
- value: train
|
|
|
|
expanded: Train
|
|
|
|
- value: test
|
|
|
|
expanded: Test
|
|
|
|
predicates:
|
|
|
|
- value: type
|
|
|
|
expanded: Type
|
|
|
|
description: Type of entry in the catalogue.
|
|
|
|
- value: scope
|
|
|
|
expanded: Scope
|
|
|
|
description: Scope of usage for the entry in the catalogue.
|