new: [json] original CyCAT.org taxonomy in MISP taxonomy format

json/machinetag.json

@@ -0,0 +1,110 @@
+{
+  "namespace": "cycat",
+  "expanded": " Universal Cybersecurity Resource Catalogue",
+  "description": "Taxonomy used by CyCAT, the Universal Cybersecurity Resource Catalogue, to categorize the namespaces it supports and uses.",
+  "version": 1,
+  "refs": [
+    "https://www.cycat.org/"
+  ],
+  "values": [
+    {
+      "predicate": "type",
+      "entry": [
+        {
+          "value": "tool",
+          "expanded": "Tool",
+          "description": "Open source or proprietary tool used in cybersecurity."
+        },
+        {
+          "value": "playbook",
+          "expanded": "Playbook",
+          "description": "Playbook, such as a defined set of rules with one or more actions triggered by different events to respond to, orchestrate or automate cybersecurity related actions."
+        },
+        {
+          "value": "taxonomy",
+          "expanded": "Taxonomy",
+          "description": "Cybersecurity taxonomy is a set of labels used to classify (in both terms - arrange in classes or/and design to national classification) cybersecurity related information."
+        },
+        {
+          "value": "rule",
+          "expanded": "Rule",
+          "description": "Detection rule or set of detection rules used in the cybersecurity field. Rulesets can be in different formats for (N/L)IDS/SIEM (such as Snort, Suricata, Zeek, SIGMA or YARA) or any other tool capable of parsing them."
+        },
+        {
+          "value": "notebook",
+          "expanded": "Notebook",
+          "description": "Interactive document to code, experiment, train or visualize cybersecurity-related information. A notebook can be transcribed in a format such as Jupyter Notebooks, Apache Zeppelin, Pluton or Google Colab."
+        },
+        {
+          "value": "vulnerability",
+          "expanded": "Vulnerability",
+          "description": "Public or non-public information about a security vulnerability in a specific software, hardware or service."
+        },
+        {
+          "value": "proof-of-concept",
+          "expanded": "Proof-of-concept",
+          "description": "Code to validate a known vulnerability."
+        },
+        {
+          "value": "fingerprint",
+          "expanded": "Fingerprint",
+          "description": "Code to uniquely identify specific cybersecurity-relevant patterns. Fingerprints can be expressed in different formats such as ja3, ja3s, hassh, jarm or favicon-mmh3."
+        },
+        {
+          "value": "mitigation",
+          "expanded": "Mitigation",
+          "description": "Mitigating control to prevent unwanted activity from happening, like a specific configuration of the operating system/tools or an implementation policy."
+        }
+      ]
+    },
+    {
+      "predicate": "scope",
+      "entry": [
+        {
+          "value": "identify",
+          "expanded": "Identify"
+        },
+        {
+          "value": "protect",
+          "expanded": "Protect"
+        },
+        {
+          "value": "detect",
+          "expanded": "Detect"
+        },
+        {
+          "value": "respond",
+          "expanded": "Respond"
+        },
+        {
+          "value": "recover",
+          "expanded": "Recover"
+        },
+        {
+          "value": "exploit",
+          "expanded": "Exploit"
+        },
+        {
+          "value": "investigate",
+          "expanded": "Investigate"
+        },
+        {
+          "value": "train",
+          "expanded": "Train"
+        }
+      ]
+    }
+  ],
+  "predicates": [
+    {
+      "value": "type",
+      "expanded": "Type",
+      "description": "Type of entry in the catalogue."
+    },
+    {
+      "value": "scope",
+      "expanded": "Scope",
+      "description": "Scope of usage for the entry in the catalogue."
+    }
+  ]
+}