From 40f89e53a91322b5c15dbda3d96a194e6a3c8a33 Mon Sep 17 00:00:00 2001
From: Antoine Cailliau <antoine.cailliau@uclouvain.be>
Date: Fri, 7 Sep 2018 14:41:09 +0200
Subject: [PATCH] Moves Warning List information from taxonomy page.

---
 taxonomy/README.md     | 20 --------------------
 warninglists/README.md | 19 +++++++++++++++++++
 2 files changed, 19 insertions(+), 20 deletions(-)

diff --git a/taxonomy/README.md b/taxonomy/README.md
index 9bed1ee..81ef160 100644
--- a/taxonomy/README.md
+++ b/taxonomy/README.md
@@ -214,26 +214,6 @@ Tags can be used to:
 
 * Enrich IDS export with tags to fit your NIDS deployment.
 
-## MISP warning lists: The dilemma of false-positive
-
-- False-positive is a common issue in threat intelligence sharing.
-
-- It’s often a contextual issue:
-   - false-positive might be different per community of users sharing
-information.
-
-   - organization might have their own view on false-positive.
-
-- Based on the success of the MISP taxonomy model, we build misp-warninglists. They are lists of well-known indicators that can be
-associated to potential false positives, errors or mistakes. They are Simple JSON files.
-
-![MISP warning lists](./figures/MISPwarninglist.png)
-
-The warning lists are integrated in MISP to display an info/warning box at the event and attribute level. This can be enabled at MISP instance level. Default warning lists can be enabled or disabled like known public
-resolver, multicast IP addresses, hashes for empty values, rfc1918, TLDs or known google domains. The warning lists can be expanded or added in JSON locally or via
-pull requests (https://github.com/MISP/misp-warninglists). Warning lists can be also used for critical or core infrastructure
-warning, personally identifiable information...
-
 ## Future functionalities related to MISP taxonomies
 
 - Sighting support (thanks to NCSC-NL) is integrated in MISP allowing to auto expire IOC based on user detection.
diff --git a/warninglists/README.md b/warninglists/README.md
index 6dd285c..c71450f 100644
--- a/warninglists/README.md
+++ b/warninglists/README.md
@@ -3,3 +3,22 @@ MISP warninglists are lists of well-known indicators that can be associated to p
 There is a Python module available to work with warninglists in a Pythonic way called [PyMISPWarningLists](https://github.com/MISP/PyMISPWarningLists).
 [MISP warninglists GitHub Repo](https://github.com/MISP/misp-warninglists)
 
+## MISP warning lists: The dilemma of false-positive
+
+- False-positive is a common issue in threat intelligence sharing.
+
+- It’s often a contextual issue:
+   - false-positive might be different per community of users sharing
+information.
+
+   - organization might have their own view on false-positive.
+
+- Based on the success of the MISP taxonomy model, we build misp-warninglists. They are lists of well-known indicators that can be
+associated to potential false positives, errors or mistakes. They are Simple JSON files.
+
+![MISP warning lists](./figures/MISPwarninglist.png)
+
+The warning lists are integrated in MISP to display an info/warning box at the event and attribute level. This can be enabled at MISP instance level. Default warning lists can be enabled or disabled like known public
+resolver, multicast IP addresses, hashes for empty values, rfc1918, TLDs or known google domains. The warning lists can be expanded or added in JSON locally or via
+pull requests (https://github.com/MISP/misp-warninglists). Warning lists can be also used for critical or core infrastructure
+warning, personally identifiable information...