MISP
/
misp-rfc
mirror of https://github.com/MISP/misp-rfc
2
0
Fork 0
Code Issues Releases Wiki Activity

add: exclusive property added to express exclusivity at predicate or value level 

Exclusive property allows to express if a predicate or a value is exclusive.
The exclusive property applies at namespace level (if the predicate is exclusive) or
at predicate level is the value is exclusive.

TLP and fr-classif updated with exclusive property.

The exclusive property can be used by the software (e.g. MISP) to warn users
if (s)he tries to add multiple tags on the same element (attribute, event...).
It's up to the configuration of the software to enforce it or not.

By default, tags are not exclusive.
pull/8/head
Alexandre Dulaunoy 2017-11-29 07:54:58 +01:00
parent c2aaeb7201
commit ccb6b0c74e
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
misp-taxonomy-format/raw.md Normal file → Executable file
View File

@ -5,7 +5,7 @@
% ipr= "trust200902"
% area = "Security"
%
% date = 2017-09-04T00:00:00Z
% date = 2017-11-29T00:00:00Z
%
% [[author]]
% initials="A."
@ -84,7 +84,7 @@ to describe machine tag (aka triple tag) vocabularies.
The MISP taxonomy format uses the JSON [@!RFC4627] format. Each namespace is represented as a JSON object with meta information including the following fields: namespace, description, version, type.
namespace defines the overall namespace of the machine tag. The namespace is represented as a string and **MUST** be present. The description is represented as a string and **MUST** be present. A version is represented as a decimal and **MUST** be present. A type defines where a specific taxonomy is applicable and a type can be applicable at event, user or org level. The type is represented as an array containing one or more type and **SHOULD** be present. If a type is not mentioned, by default, the taxonomy is applicable at event level only.
namespace defines the overall namespace of the machine tag. The namespace is represented as a string and **MUST** be present. The description is represented as a string and **MUST** be present. A version is represented as a decimal and **MUST** be present. A type defines where a specific taxonomy is applicable and a type can be applicable at event, user or org level. The type is represented as an array containing one or more type and **SHOULD** be present. If a type is not mentioned, by default, the taxonomy is applicable at event level only. An exclusive boolean property **MAY** be present and defines at namespace level if the predicates are mutually exclusive.
predicates defines all the predicates available in the namespace defined. predicates is represented as an array of JSON objects. predicates **MUST** be present and **MUST** at least content one element.
@ -92,7 +92,7 @@ values defines all the values for each predicate in the namespace defined. value
## predicates
The predicates array contains one or more JSON objects which lists all the possible predicates. The JSON object contains two fields: value and expanded. value **MUST** be present. expanded **SHOULD** be present. value is represented as a string and describes the predicate value. The predicate value **MUST** not contain spaces or colons. expanded is represented as a string and describes the human-readable version of the predicate value.
The predicates array contains one or more JSON objects which lists all the possible predicates. The JSON object contains two fields: value and expanded. value **MUST** be present. expanded **SHOULD** be present. value is represented as a string and describes the predicate value. The predicate value **MUST** not contain spaces or colons. expanded is represented as a string and describes the human-readable version of the predicate value. An exclusive property **MAY** be present and defines at namespace level if the values are mutually exclusive.
## values
@ -500,6 +500,9 @@ is a *MUST* if the taxonomy is included in the MISP taxonomies directory.
"value": {
"type": "string"
},
"exclusive": {
"type": "boolean"
},
"required": [
"value"
]
@ -522,6 +525,9 @@ is a *MUST* if the taxonomy is included in the MISP taxonomies directory.
"namespace": {
"type": "string"
},
"exclusive": {
"type": "boolean"
},
"type": {
"type": "array",
"uniqueItems": true,