MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

Update README.md

pull/78/head
makflwana 2017-12-11 22:43:47 +11:00 committed by GitHub
parent f2d06ba512
commit c79e9b46d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 37 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
taxonomy/README.md
View File

@ -2,9 +2,9 @@
## Taxonomies ## Taxonomies
In MISP 2.4, a flexible mechanism has been introduced to support various [taxonomy of classification](https://github.com/MISP/misp-taxonomies). In MISP 2.4.X, a flexible mechanism has been introduced to support various [taxonomy of classification](https://github.com/MISP/misp-taxonomies).
You can access the taxonomy by going into 'Event Actions' and select 'List Taxonomies'. You can access the taxonomy by going into 'Event Actions' and select 'List Taxonomies'. For fresh install, make sure to click 'Update Taxonomies' to view available taxonomies.
![MISP Taxonomy index](./figures/taxonomies-index.png) ![MISP Taxonomy index](./figures/taxonomies-index.png)
@ -12,9 +12,6 @@ The following taxonomies can be used in MISP (as local or distributed tags) or i
![Overview of the MISP taxonomies](./figures/taxonomy-explanation.png) ![Overview of the MISP taxonomies](./figures/taxonomy-explanation.png)
The following taxonomies are described:
1. [Admiralty Scale](https://github.com/MISP/misp-taxonomies/tree/master/admiralty-scale): The Admiralty Scale (also called the NATO System) is used to rank the reliability of a source and the credibility of an information. 1. [Admiralty Scale](https://github.com/MISP/misp-taxonomies/tree/master/admiralty-scale): The Admiralty Scale (also called the NATO System) is used to rank the reliability of a source and the credibility of an information.
2. [adversary](https://github.com/MISP/misp-taxonomies/tree/master/adversary) An overview and description of the adversary infrastructure. 2. [adversary](https://github.com/MISP/misp-taxonomies/tree/master/adversary) An overview and description of the adversary infrastructure.
@ -131,19 +128,50 @@ For more information, "[Information Sharing and Taxonomies Practical Classificat
## Adding a private taxonomy ## Adding a private taxonomy
<!-- ========================== I don't know if this part is nor yet relevant? ================================================= -->
~~~~ shell ~~~~ shell
$ cd /var/www/MISP/app/files/taxonomies/ $ cd /var/www/MISP/app/files/taxonomies/
$ mkdir privatetaxonomy $ mkdir privatetaxonomy
$ vi machinetag.json $ vi machinetag.json
~~~~ ~~~~
Create a JSON file Create a JSON file describing your taxonomy as triple tags. Create a JSON file describing your taxonomy as triple tags.
~~~~ shell
For example :
mkdir jirafields
vim machinetag.json
~~~~
Sample JSON with triple tags. You can use JSON validator to ame sure there is no syntax error.
~~~~ shell
{
"namespace": "jirafields",
"description": "Some descriptive words",
"version": 1,
"predicates": [
{
"value": "xxxxxxx",
"expanded": "xxxxxxx"
}
],
"values": [
{
"predicate": "xxxxxx",
"entry": [
{
"value": "xxxxx",
"expanded": "xxxxxx"
}
]
}
]
}
~~~~
Once you are happy with your file go to MISP Web GUI taxonomies/index and update the taxonomies, the newly created taxonomy should be visible, now you need to activate the tags within your taxonomy. Once you are happy with your file go to MISP Web GUI taxonomies/index and update the taxonomies, the newly created taxonomy should be visible, now you need to activate the tags within your taxonomy.
## How using Taxonomy in MISP ## How to use Taxonomy in MISP
### Filtering the distribution of events among MISP instances ### Filtering the distribution of events among MISP instances