{
  "attributes": {
    "description": {
      "description": "Description of the anonymisation technique or tool used",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 1
    },
    "encryption-function": {
      "description": "Encryption function or algorithm used to anonymise the attribute",
      "disable_correlation": true,
      "misp-attribute": "text",
      "sane_default": [
        "aes128",
        "aes-128-cbc",
        "aes-128-cfb",
        "aes-128-cfb1",
        "aes-128-cfb8",
        "aes-128-ctr",
        "aes-128-ecb",
        "aes-128-ofb",
        "aes192",
        "aes-192-cbc",
        "aes-192-cfb",
        "aes-192-cfb1",
        "aes-192-cfb8",
        "aes-192-ctr",
        "aes-192-ecb",
        "aes-192-ofb",
        "aes-256-cfb",
        "aes-256-cfb1",
        "aes-256-cfb8",
        "aes-256-ctr",
        "aes-256-ecb",
        "aes-256-ofb",
        "bf",
        "bf-cbc",
        "bf-cfb",
        "bf-ecb",
        "bf-ofb",
        "blowfish",
        "camellia128",
        "camellia-128-cbc",
        "camellia-128-cfb",
        "camellia-128-cfb1",
        "camellia-128-cfb8",
        "camellia-128-ctr",
        "camellia-128-ecb",
        "camellia-128-ofb",
        "camellia192",
        "camellia-192-cbc",
        "camellia-192-cfb",
        "camellia-192-cfb1",
        "camellia-192-cfb8",
        "camellia-192-ctr",
        "camellia-192-ecb",
        "camellia-192-ofb",
        "camellia256",
        "camellia-256-cbc",
        "camellia-256-cfb",
        "camellia-256-cfb1",
        "camellia-256-cfb8",
        "camellia-256-ctr",
        "camellia-256-ecb",
        "camellia-256-ofb",
        "cast",
        "cast5-cbc",
        "cast5-cfb",
        "cast5-ecb",
        "cast5-ofb",
        "cast-cbc",
        "des",
        "des3",
        "des-cbc",
        "des-cfb",
        "des-ecb",
        "des-ede",
        "des-ede3",
        "des-ede3-cbc",
        "des-ede3-cfb",
        "des-ede3-ofb",
        "des-ede-cbc",
        "des-ede-cfb",
        "des-ede-ofb",
        "des-ofb",
        "desx",
        "gost89",
        "gost89-cnt",
        "idea",
        "idea-cbc",
        "idea-cfb",
        "idea-ecb",
        "idea-ofb",
        "rc2",
        "rc2-40-cbc",
        "rc2-64-cbc",
        "rc2-cbc",
        "rc2-cfb",
        "rc2-ecb",
        "rc2-ofb",
        "rc4",
        "rc4-40",
        "rc4-64",
        "rc5",
        "rc5-cbc",
        "rc5-cfb",
        "rc5-ecb",
        "rc5-ofb",
        "seed",
        "seed-cbc",
        "seed-cfb",
        "seed-ecb",
        "seed-ofb",
        "sm4",
        "sm4-cbc",
        "sm4-cfb",
        "sm4-ctr",
        "sm4-ecb",
        "sm4-ofb"
      ],
      "ui-priority": 1
    },
    "iv": {
      "description": "Initialisation vector for the encryption function used to anonymise the attribute",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 1
    },
    "key": {
      "description": "Key (such as a PSK in a keyed-hash-function) used to anonymise the attribute",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 1
    },
    "keyed-hash-function": {
      "description": "Keyed-hash function used to anonymise the attribute",
      "disable_correlation": true,
      "misp-attribute": "text",
      "sane_default": [
        "hmac-sha1",
        "hmac-md5",
        "hmac-sha256",
        "hmac-sha384",
        "hmac-sha512"
      ],
      "ui-priority": 1
    },
    "level-of-knowledge": {
      "description": "Level of knowledge of the organisation who created this object",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 10,
      "values_list": [
        "Only the anonymised data is known",
        "Deanonymised data is known"
      ]
    },
    "method": {
      "description": "Anonymisation (or pseudo-anonymisation) method(s) used",
      "disable_correlation": true,
      "misp-attribute": "text",
      "multiple": true,
      "sane_default": [
        "hiding - Attribute is replaced with a constant value (typically 0) of the same size. Sometimes called 'black marker'.",
        "hash - A hash function maps each attribute to a new (not necessarily unique) attribute.",
        "permutation - Maps each original value to a unique new value.",
        "prefix-preserving - Any two values that had the same n-bit prefix before anonymisation will still have the same n-bit prefix as each other after anonymization. (Would be more accurately called 'prefix-relationship-preserving', because the actual prefix values are not preserved.) ",
        "shift - Adds a fixed offset to each value/attribute.",
        "enumeration - Map each original value to a new value such that their ordering is preserved.",
        "partitioning - Possible values are partitioned into meaningful sets; actual values are replaced with a fixed value from the same set. E.g., TCP port numbers 0 to 1023 are replaced with 0, and 1024 to 65535 replaced with 65535.",
        "updated - Checksums are recalculated to reflect changes made to other fields.",
        "truncation - Field is shortened, losing data at the end.",
        "encryption - Attribute is encrypted."
      ],
      "ui-priority": 1
    },
    "regexp": {
      "description": "Regular expression to perfom the anonymisation (reversible or not)",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 10
    }
  },
  "description": "Anonymisation object describing an anonymisation technique used to encode MISP attribute values. Reference: https://www.caida.org/tools/taxonomy/anonymization.xml",
  "meta-category": "misc",
  "name": "anonymisation",
  "requiredOneOf": [
    "description",
    "method",
    "key",
    "keyed-hash-function",
    "encryption-function",
    "regexp",
    "iv"
  ],
  "uuid": "5867cffe-60ff-44f6-b097-e5f36b5de0ac",
  "version": 2
}