From 89ef0d5e83a8585505e1eeaa898ad42fc5d1216a Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sun, 16 Oct 2016 12:13:34 +0200 Subject: [PATCH] Latest export added --- misp-taxonomy-format/raw.md.txt | 60 ++++++++++++++++----------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/misp-taxonomy-format/raw.md.txt b/misp-taxonomy-format/raw.md.txt index 73f2e31..f9110c1 100644 --- a/misp-taxonomy-format/raw.md.txt +++ b/misp-taxonomy-format/raw.md.txt @@ -83,7 +83,7 @@ Table of Contents 1. Introduction - Sharing threat information became a fundamental requirements in the + Sharing threat information became a fundamental requirements on the Internet, security and intelligence community at large. Threat information can include indicators of compromise, malicious file indicators, financial fraud indicators or even detailed information @@ -94,16 +94,16 @@ Table of Contents vocabularies that can be used in threat information sharing. Machine tags were introduced in 2007 [machine-tags] to allow users to - be more precise when tagging their picture with geolocation. So a - machine tag is a tag which use a special syntax to provide more - information to user and machines. Machine tags are also known as - triple tags due to the their format. + be more precise when tagging their pictures with geolocation. So a + machine tag is a tag which uses a special syntax to provide more + information to users and machines. Machine tags are also known as + triple tags due to their format. - In MISP taxonomy context, machine tags help analysts to classify - their cybersecurity events, indicators or threats. MISP taxonomy can - be used for classification, filtering, triggering action or - visualization depending on their use in threat intelligence platforms - like MISP [MISP-P]. + In the MISP taxonomy context, machine tags help analysts to classify + their cybersecurity events, indicators or threats. MISP taxonomies + can be used for classification, filtering, triggering actions or + visualisation depending on their use in threat intelligence platforms + such as MISP [MISP-P]. @@ -125,9 +125,9 @@ Internet-Draft MISP taxonomy format October 2016 A machine tag is composed of a namespace (MUST), a predicate (MUST) and an optional value (OPTIONAL). - Machine tags are represented as a string. Below a set of sample - machine tags for different namespaces like tlp, admiralty-scale or - osint. + Machine tags are represented as a string. Below listed are a set of + sample machine tags for different namespaces such as tlp, admiralty- + scale and osint. tlp:amber admiralty-scale:information-credibility="1" @@ -135,14 +135,13 @@ Internet-Draft MISP taxonomy format October 2016 The MISP taxonomy format describes how to define a machine tag namespace in a parseable format. The objective is to provide a - simple format to describe machine tags (aka triple tags) - vocabularies. + simple format to describe machine tag (aka triple tag) vocabularies. 2.1. Overview The MISP taxonomy format uses the JSON [RFC4627] format. Each namespace is represented as a JSON object with meta information - including the following fields namespace, description, version. + including the following fields: namespace, description, version. namespace defines the overall namespace of the machine tag. The namespace is represented as a string and MUST be present. The @@ -154,14 +153,15 @@ Internet-Draft MISP taxonomy format October 2016 predicates MUST be present and MUST at least content one element. values defines all the values for each predicate in the namespace - defined. values SHOULD ne present. + defined. values SHOULD be present. 2.2. predicates - predicates array contain one or more JSON objects which lists all the - possible predicate. The JSON object contains two fields: value and - expanded. value and expanded MUST be present. value is represented as - a string and describes the predicate value. The predicate value MUST + The predicates array contains one or more JSON objects which lists + all the possible predicates. The JSON object contains two fields: + value and expanded. value and expanded MUST be present. value is + represented as a string and describes the predicate value. The + predicate value MUST not contain spaces or colons. expanded is @@ -170,18 +170,18 @@ Dulaunoy & Iklody Expires April 16, 2017 [Page 3] Internet-Draft MISP taxonomy format October 2016 - not contain spaces or colons. expanded is represented as a string and - describes the human-readable version of the predicate value. + represented as a string and describes the human-readable version of + the predicate value. 2.3. values - values array contain one or more JSON objects which lists all the - possible values of a predicate. The JSON object contain two fields: + The values array contain one or more JSON objects which lists all the + possible values of a predicate. The JSON object contains two fields: predicate and entry. predicate is represented as a string and describes the predicate value. entry is an array with one or more JSON objects. The JSON object contains two fields: value and expanded. value and expanded MUST be present. value is represented as - a string and describe the value machine parsable. expanded is + a string and describes the machine parsable value. expanded is represented as a string and describes the human-readable version of the value. @@ -190,7 +190,7 @@ Internet-Draft MISP taxonomy format October 2016 2.4.1. colour colour fields MAY be used at predicates or values level to set a - specify colour that *MAY** be used by the implementation. The colour + specify colour that MAY be used by the implementation. The colour field is described as an RGB colour fill in hexadecimal representation. @@ -217,7 +217,7 @@ Internet-Draft MISP taxonomy format October 2016 description fields MAY be used at predicates or values level to add a descriptive and human-readable information about the specific predicate or value. The field is represented as a string. - Implementations *_MAY_ use the description field to improve more + Implementations MAY use the description field to improve more @@ -231,9 +231,9 @@ Internet-Draft MISP taxonomy format October 2016 2.4.3. numerical_value - numerical_value fields MAY be used at predicates or values level to + numerical_value fields MAY be used at a predicate or value level to add a machine-readable numeric value to a specific predicate or - value. The field is represented as JSON number. Implementations + value. The field is represented as a JSON number. Implementations SHOULD use the decimal value provided to support scoring or filtering.