From fa4de79b4c22f3f96b02f8eba0e41ee53a220080 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 1 Feb 2021 09:16:54 +0100 Subject: [PATCH] new: [json] original CyCAT.org taxonomy in MISP taxonomy format --- json/machinetag.json | 110 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 json/machinetag.json diff --git a/json/machinetag.json b/json/machinetag.json new file mode 100644 index 0000000..446ffdb --- /dev/null +++ b/json/machinetag.json @@ -0,0 +1,110 @@ +{ + "namespace": "cycat", + "expanded": " Universal Cybersecurity Resource Catalogue", + "description": "Taxonomy used by CyCAT, the Universal Cybersecurity Resource Catalogue, to categorize the namespaces it supports and uses.", + "version": 1, + "refs": [ + "https://www.cycat.org/" + ], + "values": [ + { + "predicate": "type", + "entry": [ + { + "value": "tool", + "expanded": "Tool", + "description": "Open source or proprietary tool used in cybersecurity." + }, + { + "value": "playbook", + "expanded": "Playbook", + "description": "Playbook, such as a defined set of rules with one or more actions triggered by different events to respond to, orchestrate or automate cybersecurity related actions." + }, + { + "value": "taxonomy", + "expanded": "Taxonomy", + "description": "Cybersecurity taxonomy is a set of labels used to classify (in both terms - arrange in classes or/and design to national classification) cybersecurity related information." + }, + { + "value": "rule", + "expanded": "Rule", + "description": "Detection rule or set of detection rules used in the cybersecurity field. Rulesets can be in different formats for (N/L)IDS/SIEM (such as Snort, Suricata, Zeek, SIGMA or YARA) or any other tool capable of parsing them." + }, + { + "value": "notebook", + "expanded": "Notebook", + "description": "Interactive document to code, experiment, train or visualize cybersecurity-related information. A notebook can be transcribed in a format such as Jupyter Notebooks, Apache Zeppelin, Pluton or Google Colab." + }, + { + "value": "vulnerability", + "expanded": "Vulnerability", + "description": "Public or non-public information about a security vulnerability in a specific software, hardware or service." + }, + { + "value": "proof-of-concept", + "expanded": "Proof-of-concept", + "description": "Code to validate a known vulnerability." + }, + { + "value": "fingerprint", + "expanded": "Fingerprint", + "description": "Code to uniquely identify specific cybersecurity-relevant patterns. Fingerprints can be expressed in different formats such as ja3, ja3s, hassh, jarm or favicon-mmh3." + }, + { + "value": "mitigation", + "expanded": "Mitigation", + "description": "Mitigating control to prevent unwanted activity from happening, like a specific configuration of the operating system/tools or an implementation policy." + } + ] + }, + { + "predicate": "scope", + "entry": [ + { + "value": "identify", + "expanded": "Identify" + }, + { + "value": "protect", + "expanded": "Protect" + }, + { + "value": "detect", + "expanded": "Detect" + }, + { + "value": "respond", + "expanded": "Respond" + }, + { + "value": "recover", + "expanded": "Recover" + }, + { + "value": "exploit", + "expanded": "Exploit" + }, + { + "value": "investigate", + "expanded": "Investigate" + }, + { + "value": "train", + "expanded": "Train" + } + ] + } + ], + "predicates": [ + { + "value": "type", + "expanded": "Type", + "description": "Type of entry in the catalogue." + }, + { + "value": "scope", + "expanded": "Scope", + "description": "Scope of usage for the entry in the catalogue." + } + ] +}