Optional fields added

pull/6/head
Alexandre Dulaunoy 2016-10-16 11:00:42 +02:00
parent 60100e33e2
commit 99d77f87b0
1 changed files with 76 additions and 1 deletions

View File

@ -97,6 +97,81 @@ predicates array contain one or more JSON objects which lists all the possible p
values array contain one or more JSON objects which lists all the possible values of a predicate. The JSON object contain two fields: predicate and entry. predicate is represented as a string and describes the predicate value. entry is an array with one or more JSON objects. The JSON object contains two fields: value and expanded. value and expanded **MUST** be present. value is represented as a string and describe the value machine parsable. expanded is represented as a string and describes the human-readable version of the value. values array contain one or more JSON objects which lists all the possible values of a predicate. The JSON object contain two fields: predicate and entry. predicate is represented as a string and describes the predicate value. entry is an array with one or more JSON objects. The JSON object contains two fields: value and expanded. value and expanded **MUST** be present. value is represented as a string and describe the value machine parsable. expanded is represented as a string and describes the human-readable version of the value.
## optional fields
### colour
colour fields **MAY** be used at predicates or values level to set a specify colour that *MAY** be used by the implementation. The colour field is described as an RGB colour fill in hexadecimal representation.
Example use of the colour field in the Traffic Light Protocol (TLP):
~~~~
"predicates": [
{
"colour": "#CC0033",
"expanded": "(TLP:RED) Information exclusively and directly
given to (a group of) individual recipients.
Sharing outside is not legitimate.",
"value": "red"
},
{
"colour": "#FFC000",
"expanded": "(TLP:AMBER) Information exclusively given
to an organization; sharing limited within
the organization to be effectively acted upon.",
"value": "amber"
}...]
~~~~
### description
description fields **MAY** be used at predicates or values level to add a descriptive and human-readable information about the specific predicate or value. The field is represented as a string. Implementations **MAY* use the description field to improve more contextual information. The description at the namespace level is a **MUST** as described above.
### numerical_value
numerical_value fields **MAY** be used at predicates or values level to add a machine-readable numeric value to a specific predicate or value.
The field is represented as JSON number. Implementations **SHOULD** use the decimal value provided to support scoring or filtering.
Example use of the numerical_value in the MISP confidence level:
~~~~
{
"predicate": "confidence-level",
"entry": [
{
"expanded": "Completely confident",
"value": "completely-confident",
"numerical_value": 100
},
{
"expanded": "Usually confident",
"value": "usually-confident",
"numerical_value": 75
},
{
"expanded": "Fairly confident",
"value": "fairly-confident",
"numerical_value": 50
},
{
"expanded": "Rarely confident",
"value": "rarely-confident",
"numerical_value": 25
},
{
"expanded": "Unconfident",
"value": "unconfident",
"numerical_value": 0
},
{
"expanded": "Confidence cannot be evaluated",
"value": "confidence-cannot-be-evalued"
}
]
}
~~~~
# Directory # Directory
The MISP taxonomies directory is publicly available [@?MISP-T] in a git repository. The repository The MISP taxonomies directory is publicly available [@?MISP-T] in a git repository. The repository
@ -132,7 +207,7 @@ A taxonomies array describes the taxonomy available with the description, name a
} }
~~~~ ~~~~
# Sample # Sample Taxonomy in MISP taxonomy format
## Admiralty Scale Taxonomy ## Admiralty Scale Taxonomy