misp-decaying-models/models/nids-simple-model.json

{
  "uuid": "073fae4a-2377-4cfa-bd34-2516830d33c3",
  "name": "NIDS Simple Decaying Model",
  "formula": "Polynomial",
  "ref": [
    "https://arxiv.org/abs/1902.03914",
    "https://arxiv.org/abs/1803.11052"
  ],
  "authors": [
    "MISP Project"
  ],
  "parameters": {
    "lifetime": 120,
    "decay_speed": 2,
    "threshold": 30,
    "default_base_score": 80,
    "base_score_config": {
      "estimative-language:confidence-in-analytic-judgment": 0.1667,
      "estimative-language:likelihood-probability": 0.1667,
      "false-positive:risk": 0.1667,
      "priority-level": 0.1667,
      "retention": 0.1667,
      "targeted-threat-index:targeting-sophistication-base-value": 0.0833,
      "targeted-threat-index:technical-sophistication-multiplier": 0.0833
    }
  },
  "description": "Simple decaying model for Network Intrusion Detection System (NIDS). ",
  "attribute_types": [
    "domain",
    "domain|ip",
    "hostname",
    "hostname|port",
    "ip-dst",
    "ip-dst|port",
    "ip-src",
    "ip-src|port",
    "url",
    "snort",
    "suricata",
    "zeek",
    "bro"
  ],
  "version": 2
}
chg: [release] add the NIDS decaying model, clarify license and add some documentation. 2019-08-27 08:37:32 +02:00			`{`
			`"uuid": "073fae4a-2377-4cfa-bd34-2516830d33c3",`
			`"name": "NIDS Simple Decaying Model",`
			`"formula": "Polynomial",`
			`"ref": [`
			`"https://arxiv.org/abs/1902.03914",`
			`"https://arxiv.org/abs/1803.11052"`
			`],`
			`"authors": [`
			`"MISP Project"`
			`],`
			`"parameters": {`
			`"lifetime": 120,`
			`"decay_speed": 2,`
			`"threshold": 30,`
			`"default_base_score": 80,`
			`"base_score_config": {`
Updated `base_score_config` to support `namespace:predicate` format 2019-09-13 09:30:58 +02:00			`"estimative-language:confidence-in-analytic-judgment": 0.1667,`
			`"estimative-language:likelihood-probability": 0.1667,`
			`"false-positive:risk": 0.1667,`
			`"priority-level": 0.1667,`
			`"retention": 0.1667,`
			`"targeted-threat-index:targeting-sophistication-base-value": 0.0833,`
			`"targeted-threat-index:technical-sophistication-multiplier": 0.0833`
chg: [release] add the NIDS decaying model, clarify license and add some documentation. 2019-08-27 08:37:32 +02:00			`}`
			`},`
			`"description": "Simple decaying model for Network Intrusion Detection System (NIDS). ",`
			`"attribute_types": [`
			`"domain",`
			`"domain\|ip",`
			`"hostname",`
			`"hostname\|port",`
			`"ip-dst",`
			`"ip-dst\|port",`
			`"ip-src",`
			`"ip-src\|port",`
			`"url",`
			`"snort",`
			`"suricata",`
			`"zeek",`
			`"bro"`
			`],`
Updated `base_score_config` to support `namespace:predicate` format 2019-09-13 09:30:58 +02:00			`"version": 2`
chg: [release] add the NIDS decaying model, clarify license and add some documentation. 2019-08-27 08:37:32 +02:00			`}`