{ "namespace": "cycat", "expanded": " Cybersecurity Resource Catalogue", "description": "Taxonomy used by CyCAT, the Cybersecurity Resource Catalogue, to categorize the namespaces it supports and uses.", "version": 1, "refs": [ "https://www.cycat.org/" ], "values": [ { "predicate": "type", "entry": [ { "value": "tool", "expanded": "Tool", "description": "Open source or proprietary tool used in cybersecurity." }, { "value": "playbook", "expanded": "Playbook", "description": "Playbook, such as a defined set of rules with one or more actions triggered by different events to respond to, orchestrate or automate cybersecurity related actions." }, { "value": "taxonomy", "expanded": "Taxonomy", "description": "Cybersecurity taxonomy is a set of labels used to classify (in both terms - arrange in classes or/and design to national classification) cybersecurity related information." }, { "value": "rule", "expanded": "Rule", "description": "Detection rule or set of detection rules used in the cybersecurity field. Rulesets can be in different formats for (N/L)IDS/SIEM (such as Snort, Suricata, Zeek, SIGMA or YARA) or any other tool capable of parsing them." }, { "value": "notebook", "expanded": "Notebook", "description": "Interactive document to code, experiment, train or visualize cybersecurity-related information. A notebook can be transcribed in a format such as Jupyter Notebooks, Apache Zeppelin, Pluton or Google Colab." }, { "value": "vulnerability", "expanded": "Vulnerability", "description": "Public or non-public information about a security vulnerability in a specific software, hardware or service." }, { "value": "proof-of-concept", "expanded": "Proof-of-concept", "description": "Code to validate a known vulnerability." }, { "value": "fingerprint", "expanded": "Fingerprint", "description": "Code to uniquely identify specific cybersecurity-relevant patterns. Fingerprints can be expressed in different formats such as ja3, ja3s, hassh, jarm or favicon-mmh3." }, { "value": "mitigation", "expanded": "Mitigation", "description": "Mitigating control to prevent unwanted activity from happening, like a specific configuration of the operating system/tools or an implementation policy." }, { "value": "dataset", "expanded": "Dataset", "description": "Dataset for validation of detections and tool stacks," } ] }, { "predicate": "scope", "entry": [ { "value": "identify", "expanded": "Identify" }, { "value": "protect", "expanded": "Protect" }, { "value": "detect", "expanded": "Detect" }, { "value": "respond", "expanded": "Respond" }, { "value": "recover", "expanded": "Recover" }, { "value": "exploit", "expanded": "Exploit" }, { "value": "investigate", "expanded": "Investigate" }, { "value": "train", "expanded": "Train" }, { "value": "test", "expanded": "Test" } ] } ], "predicates": [ { "value": "type", "expanded": "Type", "description": "Type of entry in the catalogue." }, { "value": "scope", "expanded": "Scope", "description": "Scope of usage for the entry in the catalogue." } ] }