misp-book

History

Alexandre Dulaunoy a1c6ff6369 Taxonomy initial documentation		2015-12-03 19:33:50 +01:00
..
figures	Taxonomy initial documentation	2015-12-03 19:33:50 +01:00
README.md	Taxonomy initial documentation	2015-12-03 19:33:50 +01:00

README.md

Taxonomies

In MISP 2.4, a flexible mechanism has been introduced to support various taxonomy of classification.

You can access the taxonomy by going into 'Event Actions' and select 'List Taxonomies'.

8 default taxonomies are available:

Admiralty Scale
CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection
eCSIRT and IntelMQ incident classification
EUCI - EU classified information marking
Information Security Marking Metadata from DNI (Director of National Intelligence - US)
TLP - Traffic Light Protocol
Vocabulary for Event Recording and Incident Sharing VERIS

A taxonomy contains a series of tags that can use as normal tags in your MISP instance. The advantage is that you even set a specific tag as being exportable. This means that you can export your classification with other MISP instance and share the same taxonomies.

If you want to enable a specific taxonomy, you can click on the cross to enable it. Then you can even cherry-pick the tags you want to use on the system. If you want to use the whole taxonomy, select all and then click on the cross in the top left.