misp-book/taxonomy/README.md

3.1 KiB

Taxonomies

In MISP 2.4, a flexible mechanism has been introduced to support various taxonomy of classification.

You can access the taxonomy by going into 'Event Actions' and select 'List Taxonomies'.

MISP Taxonomy index

12 default taxonomies are available:

A taxonomy contains a series of tags that can use as normal tags in your MISP instance. The advantage is that you even set a specific tag as being exportable. This means that you can export your classification with other MISP instance and share the same taxonomies.

If you want to enable a specific taxonomy, you can click on the cross to enable it. Then you can even cherry-pick the tags you want to use on the system. If you want to use the whole taxonomy, select all and then click on the cross in the top left.

Contributing a taxonomy

It is quite easy. Create a JSON file describing your taxonomy as triple tags (e.g. check an existing one like Admiralty Scale), create a directory matching your name space, put your machinetag file in the directory and pull your request. That's it. Everyone can benefit from your taxonomy and can be automatically enabled in information sharing tools like MISP.

Adding a private taxonomy

$ cd /var/www/MISP/app/files/taxonomies/
$ mkdir privatetaxonomy
$ vi machinetag.json

Create a JSON file Create a JSON file describing your taxonomy as triple tags.

Once you are happy with your file go to MISP Web GUI taxonomies/index and update the taxonomies, the newly created taxonomy should be visible, now you need to activate the tags within your taxonomy.