From 99d77f87b0da0d8e4ae15719a0c87f4584dd3f32 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sun, 16 Oct 2016 11:00:42 +0200 Subject: [PATCH] Optional fields added --- misp-taxonomy-format/raw.md | 77 ++++++++++++++++++++++++++++++++++++- 1 file changed, 76 insertions(+), 1 deletion(-) diff --git a/misp-taxonomy-format/raw.md b/misp-taxonomy-format/raw.md index f04c4e0..09fcadc 100644 --- a/misp-taxonomy-format/raw.md +++ b/misp-taxonomy-format/raw.md @@ -97,6 +97,81 @@ predicates array contain one or more JSON objects which lists all the possible p values array contain one or more JSON objects which lists all the possible values of a predicate. The JSON object contain two fields: predicate and entry. predicate is represented as a string and describes the predicate value. entry is an array with one or more JSON objects. The JSON object contains two fields: value and expanded. value and expanded **MUST** be present. value is represented as a string and describe the value machine parsable. expanded is represented as a string and describes the human-readable version of the value. +## optional fields + +### colour + +colour fields **MAY** be used at predicates or values level to set a specify colour that *MAY** be used by the implementation. The colour field is described as an RGB colour fill in hexadecimal representation. + +Example use of the colour field in the Traffic Light Protocol (TLP): + +~~~~ +"predicates": [ + { + "colour": "#CC0033", + "expanded": "(TLP:RED) Information exclusively and directly + given to (a group of) individual recipients. + Sharing outside is not legitimate.", + "value": "red" + }, + { + "colour": "#FFC000", + "expanded": "(TLP:AMBER) Information exclusively given + to an organization; sharing limited within + the organization to be effectively acted upon.", + "value": "amber" + }...] +~~~~ + +### description + +description fields **MAY** be used at predicates or values level to add a descriptive and human-readable information about the specific predicate or value. The field is represented as a string. Implementations **MAY* use the description field to improve more contextual information. The description at the namespace level is a **MUST** as described above. + +### numerical_value + +numerical_value fields **MAY** be used at predicates or values level to add a machine-readable numeric value to a specific predicate or value. +The field is represented as JSON number. Implementations **SHOULD** use the decimal value provided to support scoring or filtering. + +Example use of the numerical_value in the MISP confidence level: + +~~~~ + { + "predicate": "confidence-level", + "entry": [ + { + "expanded": "Completely confident", + "value": "completely-confident", + "numerical_value": 100 + }, + { + "expanded": "Usually confident", + "value": "usually-confident", + "numerical_value": 75 + }, + { + "expanded": "Fairly confident", + "value": "fairly-confident", + "numerical_value": 50 + }, + { + "expanded": "Rarely confident", + "value": "rarely-confident", + "numerical_value": 25 + }, + { + "expanded": "Unconfident", + "value": "unconfident", + "numerical_value": 0 + }, + { + "expanded": "Confidence cannot be evaluated", + "value": "confidence-cannot-be-evalued" + } + ] + } +~~~~ + + # Directory The MISP taxonomies directory is publicly available [@?MISP-T] in a git repository. The repository @@ -132,7 +207,7 @@ A taxonomies array describes the taxonomy available with the description, name a } ~~~~ -# Sample +# Sample Taxonomy in MISP taxonomy format ## Admiralty Scale Taxonomy