pull/2/head
Saad Kadhi 2021-02-07 18:57:00 +01:00
commit 6f7a238ac0
2 changed files with 84 additions and 3 deletions

View File

@ -5,7 +5,7 @@ Taxonomy used by CyCAT.org, the Cybersecurity Resource Catalogue, to categorize
# Format # Format
The CyCAT.org taxonomy is [available in JSON format](https://github.com/CyCat-project/cycat-taxonomy/blob/main/json/machinetag.json). The CyCAT.org taxonomy is [available in JSON format](https://github.com/CyCat-project/cycat-taxonomy/blob/main/json/machinetag.json) and [yaml format](https://github.com/CyCat-project/cycat-taxonomy/blob/main/yaml/machinetag.yaml).
# Goal # Goal
@ -13,11 +13,11 @@ The taxonomy will be used on the CyCAT.org portal to classify and label the reso
# Contributing # Contributing
- Fork the repository, update the JSON and propose your changes via a pull-request. - Fork the repository, update the JSON or yaml and propose your changes via a pull-request.
# License # License
The CyCAT.org taxonomy (JSON files) are dual-licensed under: The CyCAT.org taxonomy (JSON/yaml files) are dual-licensed under:
- [CC0 1.0 Universal](https://creativecommons.org/publicdomain/zero/1.0/legalcode) (CC0 1.0) - Public Domain Dedication. - [CC0 1.0 Universal](https://creativecommons.org/publicdomain/zero/1.0/legalcode) (CC0 1.0) - Public Domain Dedication.

81
yaml/machinetag.yaml Normal file
View File

@ -0,0 +1,81 @@
---
namespace: cycat
expanded: Universal Cybersecurity Resource Catalogue
description: Taxonomy used by CyCAT, the Universal Cybersecurity Resource Catalogue,
to categorize the namespaces it supports and uses.
version: 1
refs:
- https://www.cycat.org/
values:
- predicate: type
entry:
- value: tool
expanded: Tool
description: Open source or proprietary tool used in cybersecurity.
- value: playbook
expanded: Playbook
description: Playbook, such as a defined set of rules with one or more actions
triggered by different events to respond to, orchestrate or automate cybersecurity
related actions.
- value: taxonomy
expanded: Taxonomy
description: Cybersecurity taxonomy is a set of labels used to classify (in both
terms - arrange in classes or/and design to national classification) cybersecurity
related information.
- value: rule
expanded: Rule
description: Detection rule or set of detection rules used in the cybersecurity
field. Rulesets can be in different formats for (N/L)IDS/SIEM (such as Snort,
Suricata, Zeek, SIGMA or YARA) or any other tool capable of parsing them.
- value: notebook
expanded: Notebook
description: Interactive document to code, experiment, train or visualize cybersecurity-related
information. A notebook can be transcribed in a format such as Jupyter Notebooks,
Apache Zeppelin, Pluton or Google Colab.
- value: vulnerability
expanded: Vulnerability
description: Public or non-public information about a security vulnerability in
a specific software, hardware or service.
- value: proof-of-concept
expanded: Proof-of-concept
description: Code to validate a known vulnerability.
- value: fingerprint
expanded: Fingerprint
description: Code to uniquely identify specific cybersecurity-relevant patterns.
Fingerprints can be expressed in different formats such as ja3, ja3s, hassh,
jarm or favicon-mmh3.
- value: mitigation
expanded: Mitigation
description: Mitigating control to prevent unwanted activity from happening, like
a specific configuration of the operating system/tools or an implementation
policy.
- value: dataset
expanded: Dataset
description: Dataset for validation of detections and tool stacks,
- predicate: scope
entry:
- value: identify
expanded: Identify
- value: protect
expanded: Protect
- value: detect
expanded: Detect
- value: respond
expanded: Respond
- value: recover
expanded: Recover
- value: exploit
expanded: Exploit
- value: investigate
expanded: Investigate
- value: train
expanded: Train
- value: test
expanded: Test
predicates:
- value: type
expanded: Type
description: Type of entry in the catalogue.
- value: scope
expanded: Scope
description: Scope of usage for the entry in the catalogue.