From d3d9f8a3c8fd1973cba18540a6c6a9a941b610dd Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sun, 23 Jun 2019 17:21:15 +0200
Subject: [PATCH] chg: [misp-taxonomy-format] JSON reference is now RFC 8259 -
 Comment from Carsten Bormann

---
 misp-taxonomy-format/raw.md     |   2 +-
 misp-taxonomy-format/raw.md.txt | 220 ++++++++++++++++++++------------
 2 files changed, 139 insertions(+), 83 deletions(-)

diff --git a/misp-taxonomy-format/raw.md b/misp-taxonomy-format/raw.md
index 458654c..d71a069 100755
--- a/misp-taxonomy-format/raw.md
+++ b/misp-taxonomy-format/raw.md
@@ -82,7 +82,7 @@ to describe machine tag (aka triple tag) vocabularies.
 
 ## Overview
 
-The MISP taxonomy format uses the JSON [@!RFC4627] format. Each namespace is represented as a JSON object with meta information including the following fields: namespace, description, version, type.
+The MISP taxonomy format uses the JSON [@!RFC8259] format. Each namespace is represented as a JSON object with meta information including the following fields: namespace, description, version, type.
 
 namespace defines the overall namespace of the machine tag. The namespace is represented as a string and **MUST** be present. The description is represented as a string and **MUST** be present. A version is represented as a unsigned integer **MUST** be present. A type defines where a specific taxonomy is applicable and a type can be applicable at event, user or org level. The type is represented as an array containing one or more type and **SHOULD** be present. If a type is not mentioned, by default, the taxonomy is applicable at event level only. An exclusive boolean property **MAY** be present and defines at namespace level if the predicates are mutually exclusive.
 
diff --git a/misp-taxonomy-format/raw.md.txt b/misp-taxonomy-format/raw.md.txt
index 36f735a..49a7be7 100644
--- a/misp-taxonomy-format/raw.md.txt
+++ b/misp-taxonomy-format/raw.md.txt
@@ -79,13 +79,13 @@ Table of Contents
      4.1.  Admiralty Scale Taxonomy  . . . . . . . . . . . . . . . .   7
      4.2.  Open Source Intelligence - Classification . . . . . . . .   9
      4.3.  Available taxonomies in the public directory  . . . . . .  11
-   5.  JSON Schema . . . . . . . . . . . . . . . . . . . . . . . . .  19
-   6.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  22
-   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  22
-     7.1.  Normative References  . . . . . . . . . . . . . . . . . .  22
-     7.2.  Informative References  . . . . . . . . . . . . . . . . .  22
+   5.  JSON Schema . . . . . . . . . . . . . . . . . . . . . . . . .  20
+   6.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  23
+   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  23
+     7.1.  Normative References  . . . . . . . . . . . . . . . . . .  23
+     7.2.  Informative References  . . . . . . . . . . . . . . . . .  23
      7.3.  URIs  . . . . . . . . . . . . . . . . . . . . . . . . . .  23
-   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  23
+   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  24
 
 1.  Introduction
 
@@ -145,7 +145,7 @@ Internet-Draft            MISP taxonomy format             November 2017
 
 2.1.  Overview
 
-   The MISP taxonomy format uses the JSON [RFC4627] format.  Each
+   The MISP taxonomy format uses the JSON [RFC8259] format.  Each
    namespace is represented as a JSON object with meta information
    including the following fields: namespace, description, version,
    type.
@@ -153,7 +153,7 @@ Internet-Draft            MISP taxonomy format             November 2017
    namespace defines the overall namespace of the machine tag.  The
    namespace is represented as a string and MUST be present.  The
    description is represented as a string and MUST be present.  A
-   version is represented as a decimal and MUST be present.  A type
+   version is represented as a unsigned integer MUST be present.  A type
    defines where a specific taxonomy is applicable and a type can be
    applicable at event, user or org level.  The type is represented as
    an array containing one or more type and SHOULD be present.  If a
@@ -683,11 +683,22 @@ Internet-Draft            MISP taxonomy format             November 2017
       to support analysts to perform their analysis to get crowdsourced
       support when using threat intelligence sharing platform like MISP.
 
+   common-taxonomy:
+      The Common Taxonomy for Law Enforcement and The National Network
+      of CSIRTs bridges the gap between the CSIRTs and international Law
+      Enforcement communities by adding a legislative framework to
+      facilitate the harmonisation of incident reporting to competent
+      authorities, the development of useful statistics and sharing
+      information within the entire cybercrime ecosystem.
+
    copine-scale:
       The COPINE Scale is a rating system created in Ireland and used in
       the United Kingdom to categorise the severity of images of child
       sex abuse.
 
+   cryptocurrency-threat:
+      Threats targetting cryptocurrency, based on CipherTrace report.
+
    csirt_case_classification:
       FIRST CSIRT Case Classification.
 
@@ -701,7 +712,24 @@ Internet-Draft            MISP taxonomy format             November 2017
       of cyber adversaries. <https://www.dni.gov/index.php/cyber-threat-
       framework>
 
+   data-classification:
+      Data classification for data potentially at risk of exfiltration
+      based on table 2.1 of Solving Cyber Risk book.
+
+   dcso-sharing:
+      DCSO Sharing Taxonomy to classify certain types of MISP events
+      using the DCSO Event Guide
+
    ddos:
+
+
+
+
+Dulaunoy & Iklody         Expires June 2, 2018                 [Page 13]
+
+Internet-Draft            MISP taxonomy format             November 2017
+
+
       Distributed Denial of Service - or short: DDoS - taxonomy supports
       the description of Denial of Service attacks and especially the
       types they belong too.
@@ -723,16 +751,13 @@ Internet-Draft            MISP taxonomy format             November 2017
       ISM (Information Security Marking Metadata) V13 as described by
       DNI.gov (Director of National Intelligence - US).
 
-
-
-Dulaunoy & Iklody         Expires June 2, 2018                 [Page 13]
-
-Internet-Draft            MISP taxonomy format             November 2017
-
-
    domain-abuse:
       Taxonomy to tag domain names used for cybercrime.
 
+   drugs:
+      A taxonomy based on the superclass and class of drugs, based on
+      <https://www.drugbank.ca/releases/latest>
+
    economical-impact:
       Economical impact is a taxonomy to describe the financial impact
       as positive or negative gain to the tagged information.
@@ -753,6 +778,14 @@ Internet-Draft            MISP taxonomy format             November 2017
       (6.2.(a)) and JP 2-0, Joint Intelligence.
 
    eu-marketop-and-publicadmin:
+
+
+
+Dulaunoy & Iklody         Expires June 2, 2018                 [Page 14]
+
+Internet-Draft            MISP taxonomy format             November 2017
+
+
       Market operators and public administrations that must comply to
       some notifications requirements under EU NIS directive.
 
@@ -764,7 +797,9 @@ Internet-Draft            MISP taxonomy format             November 2017
       designated by a EU security classification, the unauthorised
       disclosure of which could cause varying degrees of prejudice to
       the interests of the European Union or of one or more of the
-      Member States as described in CELEX 32013D0488
+      Member States as described in COUNCIL DECISION of 23 September
+      2013 on the security rules for protecting EU classified
+      information
 
    europol-event:
       EUROPOL type of events taxonomy.
@@ -778,19 +813,11 @@ Internet-Draft            MISP taxonomy format             November 2017
       uncertainty.
 
    event-classification:
-
-
-
-Dulaunoy & Iklody         Expires June 2, 2018                 [Page 14]
-
-Internet-Draft            MISP taxonomy format             November 2017
-
-
       Event Classification.
 
    exercise:
       Exercise is a taxonomy to describe if the information is part of
-      one or more cyber or crisis exercise
+      one or more cyber or crisis exercise.
 
    false-positive:
       This taxonomy aims to ballpark the expected amount of false
@@ -799,7 +826,22 @@ Internet-Draft            MISP taxonomy format             November 2017
    file-type:
       List of known file types.
 
+   flesch-reading-ease:
+      Flesch Reading Ease is a revised system for determining the
+      comprehension difficulty of written material.  The scoring of the
+      flesh score can have a maximum of 121.22 and there is no limit on
+      how low a score can be (negative score are valid).
+
    fpf:
+
+
+
+
+Dulaunoy & Iklody         Expires June 2, 2018                 [Page 15]
+
+Internet-Draft            MISP taxonomy format             November 2017
+
+
       The Future of Privacy Forum (FPF) visual guide to practical de-
       identification [1] taxonomy is used to evaluate the degree of
       identifiability of personal data and the types of pseudonymous
@@ -833,15 +875,6 @@ Internet-Draft            MISP taxonomy format             November 2017
       Christian Seifert, Ian Welch, Peter Komisarczuk, 'Taxonomy of
       Honeypots', Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF
       WELLINGTON, School of Mathematical and Computing Sciences, June
-
-
-
-
-Dulaunoy & Iklody         Expires June 2, 2018                 [Page 15]
-
-Internet-Draft            MISP taxonomy format             November 2017
-
-
       2006, <http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-
       06/CS-TR-06-12.pdf>
 
@@ -858,10 +891,20 @@ Internet-Draft            MISP taxonomy format             November 2017
       taxonomy is inspired from NASA Incident Response and Management
       Handbook.
 
+
+
+Dulaunoy & Iklody         Expires June 2, 2018                 [Page 16]
+
+Internet-Draft            MISP taxonomy format             November 2017
+
+
    infoleak:
       A taxonomy describing information leaks and especially information
       classified as being potentially leaked.
 
+   information-security-data-source:
+      Taxonomy to classify the information security data sources
+
    information-security-indicators:
       Information security indicators have been standardized by the ETSI
       Industrial Specification Group (ISG) ISI.  These indicators
@@ -890,14 +933,6 @@ Internet-Draft            MISP taxonomy format             November 2017
       Malware Capabilities based on MAEC 5.0
 
    maec-malware-obfuscation-methods:
-
-
-
-Dulaunoy & Iklody         Expires June 2, 2018                 [Page 16]
-
-Internet-Draft            MISP taxonomy format             November 2017
-
-
       Obfuscation methods used by malware based on MAEC 5.0
 
    malware_classification:
@@ -910,6 +945,15 @@ Internet-Draft            MISP taxonomy format             November 2017
       MONARC threat taxonomy.
 
    ms-caro-malware:
+
+
+
+
+Dulaunoy & Iklody         Expires June 2, 2018                 [Page 17]
+
+Internet-Draft            MISP taxonomy format             November 2017
+
+
       Malware Type and Platform classification based on Microsoft's
       implementation of the Computer Antivirus Research Organization
       (CARO) Naming Scheme and Malware Terminology.
@@ -946,14 +990,6 @@ Internet-Draft            MISP taxonomy format             November 2017
       to help provide a common lexicon when discussing incidents.  This
       priority assignment drives NCCIC urgency, pre-approved incident
       response offerings, reporting requirements, and recommendations
-
-
-
-Dulaunoy & Iklody         Expires June 2, 2018                 [Page 17]
-
-Internet-Draft            MISP taxonomy format             November 2017
-
-
       for leadership escalation.  Generally, incident priority
       distribution should follow a similar pattern to the graph below.
       Based on <https://www.us-cert.gov/NCCIC-Cyber-Incident-Scoring-
@@ -966,6 +1002,14 @@ Internet-Draft            MISP taxonomy format             November 2017
       Status of events used in Request Tracker.
 
    runtime-packer:
+
+
+
+Dulaunoy & Iklody         Expires June 2, 2018                 [Page 18]
+
+Internet-Draft            MISP taxonomy format             November 2017
+
+
       Runtime or software packer used to combine compressed data with
       the decompression code.  The decompression code can add additional
       obfuscations mechanisms including polymorphic-packer or other
@@ -999,20 +1043,29 @@ Internet-Draft            MISP taxonomy format             November 2017
    tor:
       Taxonomy to describe Tor network infrastructure
 
+   type:
+      Taxonomy to describe different types of intelligence gathering
+      discipline which can be described the origin of intelligence.
+
+   use-case-applicability:
+      The Use Case Applicability categories reflect standard resolution
+      categories, to clearly display alerting rule configuration
+      problems.
+
    veris:
       Vocabulary for Event Recording and Incident Sharing (VERIS).
 
+   vocabulaire-des-probabilites-estimatives:
+      Vocabulaire des probabilites estimatives
 
 
 
-Dulaunoy & Iklody         Expires June 2, 2018                 [Page 18]
+
+Dulaunoy & Iklody         Expires June 2, 2018                 [Page 19]
 
 Internet-Draft            MISP taxonomy format             November 2017
 
 
-   vocabulaire-des-probabilites-estimatives:
-      Vocabulaire des probabilites estimatives
-
    workflow:
       Workflow support language is a common language to support
       intelligence analysts to perform their analysis on data and
@@ -1058,17 +1111,17 @@ Internet-Draft            MISP taxonomy format             November 2017
             }
           }
         },
+        "values": {
+          "type": "array",
+          "uniqueItems": true,
 
 
 
-Dulaunoy & Iklody         Expires June 2, 2018                 [Page 19]
+Dulaunoy & Iklody         Expires June 2, 2018                 [Page 20]
 
 Internet-Draft            MISP taxonomy format             November 2017
 
 
-        "values": {
-          "type": "array",
-          "uniqueItems": true,
           "items": {
             "type": "object",
             "additionalProperties": false,
@@ -1114,17 +1167,17 @@ Internet-Draft            MISP taxonomy format             November 2017
                 "value"
               ]
             }
+          }
+        }
+      },
 
 
 
-Dulaunoy & Iklody         Expires June 2, 2018                 [Page 20]
+Dulaunoy & Iklody         Expires June 2, 2018                 [Page 21]
 
 Internet-Draft            MISP taxonomy format             November 2017
 
 
-          }
-        }
-      },
       "type": "object",
       "additionalProperties": false,
       "properties": {
@@ -1170,17 +1223,17 @@ Internet-Draft            MISP taxonomy format             November 2017
           "$ref": "#/defs/values"
         }
       },
+      "required": [
+        "namespace",
+        "description",
 
 
 
-Dulaunoy & Iklody         Expires June 2, 2018                 [Page 21]
+Dulaunoy & Iklody         Expires June 2, 2018                 [Page 22]
 
 Internet-Draft            MISP taxonomy format             November 2017
 
 
-      "required": [
-        "namespace",
-        "description",
         "version",
         "predicates"
       ]
@@ -1200,10 +1253,10 @@ Internet-Draft            MISP taxonomy format             November 2017
               DOI 10.17487/RFC2119, March 1997,
               <https://www.rfc-editor.org/info/rfc2119>.
 
-   [RFC4627]  Crockford, D., "The application/json Media Type for
-              JavaScript Object Notation (JSON)", RFC 4627,
-              DOI 10.17487/RFC4627, July 2006,
-              <https://www.rfc-editor.org/info/rfc4627>.
+   [RFC8259]  Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
+              Interchange Format", STD 90, RFC 8259,
+              DOI 10.17487/RFC8259, December 2017,
+              <https://www.rfc-editor.org/info/rfc8259>.
 
 7.2.  Informative References
 
@@ -1223,22 +1276,20 @@ Internet-Draft            MISP taxonomy format             November 2017
    [MISP-T]   MISP, "MISP Taxonomies - shared and common vocabularies of
               tags", <https://github.com/MISP/misp-taxonomies>.
 
-
-
-
-
-
-
-Dulaunoy & Iklody         Expires June 2, 2018                 [Page 22]
-
-Internet-Draft            MISP taxonomy format             November 2017
-
-
 7.3.  URIs
 
    [1] https://fpf.org/2016/04/25/a-visual-guide-to-practical-data-de-
        identification/
 
+
+
+
+
+Dulaunoy & Iklody         Expires June 2, 2018                 [Page 23]
+
+Internet-Draft            MISP taxonomy format             November 2017
+
+
 Authors' Addresses
 
    Alexandre Dulaunoy
@@ -1285,4 +1336,9 @@ Authors' Addresses
 
 
 
-Dulaunoy & Iklody         Expires June 2, 2018                 [Page 23]
+
+
+
+
+
+Dulaunoy & Iklody         Expires June 2, 2018                 [Page 24]