MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

Various updates following pull-request 78

pull/82/head
Alexandre Dulaunoy 2017-12-12 15:51:59 +01:00
parent 47503c4eb1
commit a90a428983
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
taxonomy/README.md
View File

@ -6,6 +6,9 @@ In MISP 2.4.X, a flexible mechanism has been introduced to support various [taxo
You can access the taxonomy by going into 'Event Actions' and select 'List Taxonomies'. For fresh install, make sure to click 'Update Taxonomies' to view available taxonomies. You can access the taxonomy by going into 'Event Actions' and select 'List Taxonomies'. For fresh install, make sure to click 'Update Taxonomies' to view available taxonomies.
A [complete list of the available taxonomies](https://www.misp-project.org/taxonomies.html) [PDF](https://www.misp-project.org/taxonomies.pdf) are available on the MISP project website.
![MISP Taxonomy index](./figures/taxonomies-index.png) ![MISP Taxonomy index](./figures/taxonomies-index.png)
The following taxonomies can be used in MISP (as local or distributed tags) or in other tools willing to share common taxonomies among security information sharing tools. The following taxonomies can be used in MISP (as local or distributed tags) or in other tools willing to share common taxonomies among security information sharing tools.
@ -138,30 +141,30 @@ Create a JSON file describing your taxonomy as triple tags.
~~~~ shell ~~~~ shell
For example : For example :
mkdir jirafields mkdir sample
vim machinetag.json vim machinetag.json
~~~~ ~~~~
Sample JSON with triple tags. You can use JSON validator to ame sure there is no syntax error. Sample JSON with triple tags. You can use the JSON validator to be sure that there is no syntax error.
~~~~ shell ~~~~ shell
{ {
"namespace": "jirafields", "namespace": "sample",
"description": "Some descriptive words", "description": "Some descriptive words",
"version": 1, "version": 1,
"predicates": [ "predicates": [
{ {
"value": "xxxxxxx", "value": "my-predicate",
"expanded": "xxxxxxx" "expanded": "my-predicate"
} }
], ],
"values": [ "values": [
{ {
"predicate": "xxxxxx", "predicate": "my-predicate",
"entry": [ "entry": [
{ {
"value": "xxxxx", "value": "a-value",
"expanded": "xxxxxx" "expanded": "A value"
} }
] ]
} }
@ -179,7 +182,7 @@ Applying rules for distribution based on tags:
### MISP Taxonomies - tools ### MISP Taxonomies - tools
[machinetag.py](https://github.com/MISP/misp-taxonomies/blob/master/tools/machinetag.py) is a parsing tool to dump taxonomies expressed in Machine Tags (Triple Tags) and list all valid tags from a specific taxonomy. - [machinetag.py](https://github.com/MISP/misp-taxonomies/blob/master/tools/machinetag.py) is a parsing tool to dump taxonomies expressed in Machine Tags (Triple Tags) and list all valid tags from a specific taxonomy.
~~~~shell ~~~~shell
% cd tools % cd tools
@ -199,6 +202,8 @@ Applying rules for distribution based on tags:
... ...
~~~~ ~~~~
- [PyTaxonomies](https://github.com/MISP/PyTaxonomies) - Python module to use the MISP Taxonomies
### Other use cases using MISP taxonomies ### Other use cases using MISP taxonomies
Tags can be used to set events for further processing by external tools (e.g. VirusTotal auto-expansion using Viper). Tags can be used to set events for further processing by external tools (e.g. VirusTotal auto-expansion using Viper).