misp-taxonomies/misp/machinetag.json

{
  "values": [
    {
      "entry": [
        {
          "expanded": "tag to hide from the user-interface.",
          "value": "hide"
        }
      ],
      "predicate": "ui"
    },
    {
      "entry": [
        {
          "expanded": "tag to hide from the API.",
          "value": "hide"
        }
      ],
      "predicate": "api"
    },
    {
      "entry": [
        {
          "expanded": "block",
          "value": "block"
        }
      ],
      "predicate": "expansion"
    },
    {
      "predicate": "contributor",
      "entry": [
        {
          "expanded": "OpenPGP Fingerprint",
          "value": "pgpfingerprint"
        }
      ]
    },
    {
      "predicate": "confidence-level",
      "entry": [
        {
          "expanded": "Completely confident",
          "value": "completely-confident",
          "numerical_value": 100
        },
        {
          "expanded": "Usually confident",
          "value": "usually-confident",
          "numerical_value": 75
        },
        {
          "expanded": "Fairly confident",
          "value": "fairly-confident",
          "numerical_value": 50
        },
        {
          "expanded": "Rarely confident",
          "value": "rarely-confident",
          "numerical_value": 25
        },
        {
          "expanded": "Unconfident",
          "value": "unconfident",
          "numerical_value": 0
        },
        {
          "expanded": "Confidence cannot be evaluated",
          "value": "confidence-cannot-be-evalued"
        }
      ]
    },
    {
      "predicate": "threat-level",
      "entry": [
        {
          "expanded": "No risk",
          "value": "no-risk",
          "numerical_value": 0,
          "description": "Harmless information. (CEUS threat level)"
        },
        {
          "expanded": "Low risk",
          "value": "low-risk",
          "numerical_value": 25,
          "description": "Low risk which can include mass-malware. (CEUS threat level)"
        },
        {
          "expanded": "Medium risk",
          "value": "medium-risk",
          "numerical_value": 50,
          "description": "Medium risk which can include targeted attacks (e.g. APT). (CEUS threat level)"
        },
        {
          "expanded": "High risk",
          "value": "high-risk",
          "numerical_value": 100,
          "description": "High risk which can include highly sophisticated attacks or 0-day attack. (CEUS threat level)"
        }
      ]
    },
    {
      "predicate": "automation-level",
      "entry": [
        {
          "expanded": "Generated automatically without human verification",
          "value": "unsupervised",
          "numerical_value": 100
        },
        {
          "expanded": "Generated automatically but verified by a human",
          "value": "reviewed",
          "numerical_value": 50
        },
        {
          "expanded": "Output of human analysis",
          "value": "manual",
          "numerical_value": 0
        }
      ]
    },
    {
      "predicate": "tool",
      "entry": [
        {
          "expanded": "misp2stix",
          "value": "misp2stix"
        }
      ]
    }
  ],
  "predicates": [
    {
      "expanded": "User-interface tag influencing the MISP behavior and visual interaction.",
      "value": "ui"
    },
    {
      "expanded": "API related tag influencing the MISP behavior of the API.",
      "value": "api"
    },
    {
      "description": "Expansion tag incluencing the MISP behavior using expansion modules",
      "expanded": "Expansion",
      "value": "expansion"
    },
    {
      "expanded": "Information related to the contributor.",
      "value": "contributor"
    },
    {
      "expanded": "Confidence level",
      "value": "confidence-level"
    },
    {
      "expanded": "Cyberthreat Effect Universal Scale - MISP's internal threat level taxonomy",
      "value": "threat-level"
    },
    {
      "expanded": "Automation level",
      "value": "automation-level",
      "exclusive": true
    },
    {
      "description": "Event with this tag should not be synced to other MISP instances",
      "expanded": "Should not sync",
      "value": "should-not-sync"
    },
    {
      "description": "Tool associated with the information taggged",
      "expanded": "Tool",
      "value": "tool"
    }
  ],
  "version": 7,
  "description": "MISP taxonomy to infer with MISP behavior or operation.",
  "expanded": "MISP",
  "namespace": "misp"
}
Initial MISP internal taxonomy to infer with MISP behaviors 2016-05-17 18:27:19 +02:00			`{`
			`"values": [`
			`{`
			`"entry": [`
			`{`
			`"expanded": "tag to hide from the user-interface.",`
			`"value": "hide"`
			`}`
			`],`
			`"predicate": "ui"`
			`},`
			`{`
			`"entry": [`
			`{`
			`"expanded": "tag to hide from the API.",`
			`"value": "hide"`
			`}`
			`],`
			`"predicate": "api"`
misp contibutor predicate 2016-06-12 05:20:26 +02:00			`},`
Proposal for blocking module expansion 2017-03-02 22:00:56 +01:00			`{`
			`"entry": [`
Clean-up 2017-03-02 22:01:44 +01:00			`{`
Proposal for blocking module expansion 2017-03-02 22:00:56 +01:00			`"expanded": "block",`
			`"value": "block"`
Clean-up 2017-03-02 22:01:44 +01:00			`}`
Proposal for blocking module expansion 2017-03-02 22:00:56 +01:00			`],`
			`"predicate": "expansion"`
			`},`
misp contibutor predicate 2016-06-12 05:20:26 +02:00			`{`
JQ all the things 2017-02-13 12:02:51 +01:00			`"predicate": "contributor",`
			`"entry": [`
misp contibutor predicate 2016-06-12 05:20:26 +02:00			`{`
			`"expanded": "OpenPGP Fingerprint",`
			`"value": "pgpfingerprint"`
			`}`
JQ all the things 2017-02-13 12:02:51 +01:00			`]`
First experimental confidence level for MISP taxonomy. 2016-09-09 22:21:12 +02:00			`},`
			`{`
JQ all the things 2017-02-13 12:02:51 +01:00			`"predicate": "confidence-level",`
			`"entry": [`
First experimental confidence level for MISP taxonomy. 2016-09-09 22:21:12 +02:00			`{`
			`"expanded": "Completely confident",`
			`"value": "completely-confident",`
			`"numerical_value": 100`
			`},`
			`{`
			`"expanded": "Usually confident",`
			`"value": "usually-confident",`
MISP confidence level updated The confidence levels have been changed to 100, 75, 50, 25 and 0. Undefined confidences are not set to avoid ambiguities. 2016-09-10 12:13:41 +02:00			`"numerical_value": 75`
First experimental confidence level for MISP taxonomy. 2016-09-09 22:21:12 +02:00			`},`
			`{`
			`"expanded": "Fairly confident",`
			`"value": "fairly-confident",`
MISP confidence level updated The confidence levels have been changed to 100, 75, 50, 25 and 0. Undefined confidences are not set to avoid ambiguities. 2016-09-10 12:13:41 +02:00			`"numerical_value": 50`
First experimental confidence level for MISP taxonomy. 2016-09-09 22:21:12 +02:00			`},`
			`{`
Update, language related 2016-09-12 10:57:12 +02:00			`"expanded": "Rarely confident",`
			`"value": "rarely-confident",`
MISP confidence level updated The confidence levels have been changed to 100, 75, 50, 25 and 0. Undefined confidences are not set to avoid ambiguities. 2016-09-10 12:13:41 +02:00			`"numerical_value": 25`
First experimental confidence level for MISP taxonomy. 2016-09-09 22:21:12 +02:00			`},`
			`{`
			`"expanded": "Unconfident",`
			`"value": "unconfident",`
MISP confidence level updated The confidence levels have been changed to 100, 75, 50, 25 and 0. Undefined confidences are not set to avoid ambiguities. 2016-09-10 12:13:41 +02:00			`"numerical_value": 0`
First experimental confidence level for MISP taxonomy. 2016-09-09 22:21:12 +02:00			`},`
			`{`
			`"expanded": "Confidence cannot be evaluated",`
Update, language related 2016-09-12 10:57:12 +02:00			`"value": "confidence-cannot-be-evalued"`
First experimental confidence level for MISP taxonomy. 2016-09-09 22:21:12 +02:00			`}`
JQ all the things 2017-02-13 12:02:51 +01:00			`]`
New threat level created (including CEUS mapping) 2016-09-15 21:57:51 +02:00			`},`
			`{`
JQ all the things 2017-02-13 12:02:51 +01:00			`"predicate": "threat-level",`
			`"entry": [`
New threat level created (including CEUS mapping) 2016-09-15 21:57:51 +02:00			`{`
JQ all the things 2017-02-13 12:02:51 +01:00			`"expanded": "No risk",`
			`"value": "no-risk",`
			`"numerical_value": 0,`
			`"description": "Harmless information. (CEUS threat level)"`
New threat level created (including CEUS mapping) 2016-09-15 21:57:51 +02:00			`},`
low risk added 2016-09-15 22:03:18 +02:00			`{`
JQ all the things 2017-02-13 12:02:51 +01:00			`"expanded": "Low risk",`
			`"value": "low-risk",`
			`"numerical_value": 25,`
			`"description": "Low risk which can include mass-malware. (CEUS threat level)"`
low risk added 2016-09-15 22:03:18 +02:00			`},`
New threat level created (including CEUS mapping) 2016-09-15 21:57:51 +02:00			`{`
JQ all the things 2017-02-13 12:02:51 +01:00			`"expanded": "Medium risk",`
			`"value": "medium-risk",`
			`"numerical_value": 50,`
			`"description": "Medium risk which can include targeted attacks (e.g. APT). (CEUS threat level)"`
New threat level created (including CEUS mapping) 2016-09-15 21:57:51 +02:00			`},`
			`{`
JQ all the things 2017-02-13 12:02:51 +01:00			`"expanded": "High risk",`
			`"value": "high-risk",`
			`"numerical_value": 100,`
			`"description": "High risk which can include highly sophisticated attacks or 0-day attack. (CEUS threat level)"`
New threat level created (including CEUS mapping) 2016-09-15 21:57:51 +02:00			`}`
JQ all the things 2017-02-13 12:02:51 +01:00			`]`
chg: Change predicate order to make PyTaxonomies happy 2018-01-04 17:38:08 +01:00			`},`
fix: Order of predicate (misp). 2018-02-07 11:05:15 +01:00			`{`
			`"predicate": "automation-level",`
			`"entry": [`
			`{`
			`"expanded": "Generated automatically without human verification",`
			`"value": "unsupervised",`
			`"numerical_value": 100`
			`},`
			`{`
			`"expanded": "Generated automatically but verified by a human",`
			`"value": "reviewed",`
			`"numerical_value": 50`
			`},`
			`{`
			`"expanded": "Output of human analysis",`
			`"value": "manual",`
			`"numerical_value": 0`
			`}`
			`]`
			`},`
chg: Change predicate order to make PyTaxonomies happy 2018-01-04 17:38:08 +01:00			`{`
			`"predicate": "tool",`
			`"entry": [`
			`{`
			`"expanded": "misp2stix",`
			`"value": "misp2stix"`
			`}`
			`]`
Initial MISP internal taxonomy to infer with MISP behaviors 2016-05-17 18:27:19 +02:00			`}`
			`],`
			`"predicates": [`
			`{`
			`"expanded": "User-interface tag influencing the MISP behavior and visual interaction.",`
			`"value": "ui"`
			`},`
			`{`
			`"expanded": "API related tag influencing the MISP behavior of the API.",`
			`"value": "api"`
misp contibutor predicate 2016-06-12 05:20:26 +02:00			`},`
Improve consistency when lising the predicates, remove duplicates * SeekmoSearchAssistant was here twice in ms-caro-malware-full * Mult was here twice in ms-caro-malware-full * CouponRuc was here twice in ms-caro-malware-full * mobile-malware was here twice in enisa * spear-phishing-attacks was here twice in enisa 2017-07-25 14:51:53 +02:00			`{`
			`"description": "Expansion tag incluencing the MISP behavior using expansion modules",`
			`"expanded": "Expansion",`
			`"value": "expansion"`
			`},`
misp contibutor predicate 2016-06-12 05:20:26 +02:00			`{`
			`"expanded": "Information related to the contributor.",`
			`"value": "contributor"`
First experimental confidence level for MISP taxonomy. 2016-09-09 22:21:12 +02:00			`},`
			`{`
			`"expanded": "Confidence level",`
			`"value": "confidence-level"`
Added predicate description 2016-09-15 22:05:43 +02:00			`},`
			`{`
			`"expanded": "Cyberthreat Effect Universal Scale - MISP's internal threat level taxonomy",`
threat-level predicate fixed 2016-09-15 22:54:28 +02:00			`"value": "threat-level"`
misp:should-not-sync added (to be used with feeds or other local event which are not recommended to be synced) 2016-10-09 15:46:12 +02:00			`},`
Add automation-level to the list of predicate descriptions 2018-01-12 16:19:29 +01:00			`{`
			`"expanded": "Automation level",`
Set exclusive flag on automation-level predicate 2018-01-12 16:55:49 +01:00			`"value": "automation-level",`
			`"exclusive": true`
Add automation-level to the list of predicate descriptions 2018-01-12 16:19:29 +01:00			`},`
misp:should-not-sync added (to be used with feeds or other local event which are not recommended to be synced) 2016-10-09 15:46:12 +02:00			`{`
			`"description": "Event with this tag should not be synced to other MISP instances",`
			`"expanded": "Should not sync",`
			`"value": "should-not-sync"`
fix: misp tool added (misp2stix) to be used as label 2017-12-19 17:58:35 +01:00			`},`
			`{`
			`"description": "Tool associated with the information taggged",`
			`"expanded": "Tool",`
			`"value": "tool"`
Initial MISP internal taxonomy to infer with MISP behaviors 2016-05-17 18:27:19 +02:00			`}`
			`],`
Set exclusive flag on automation-level predicate 2018-01-12 16:55:49 +01:00			`"version": 7,`
First experimental confidence level for MISP taxonomy. 2016-09-09 22:21:12 +02:00			`"description": "MISP taxonomy to infer with MISP behavior or operation.",`
Initial MISP internal taxonomy to infer with MISP behaviors 2016-05-17 18:27:19 +02:00			`"expanded": "MISP",`
			`"namespace": "misp"`
			`}`