2016-05-17 18:27:19 +02:00
|
|
|
{
|
|
|
|
"values": [
|
|
|
|
{
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "tag to hide from the user-interface.",
|
|
|
|
"value": "hide"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"predicate": "ui"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "tag to hide from the API.",
|
|
|
|
"value": "hide"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"predicate": "api"
|
2016-06-12 05:20:26 +02:00
|
|
|
},
|
2017-03-02 22:00:56 +01:00
|
|
|
{
|
|
|
|
"entry": [
|
2017-03-02 22:01:44 +01:00
|
|
|
{
|
2017-03-02 22:00:56 +01:00
|
|
|
"expanded": "block",
|
|
|
|
"value": "block"
|
2017-03-02 22:01:44 +01:00
|
|
|
}
|
2017-03-02 22:00:56 +01:00
|
|
|
],
|
|
|
|
"predicate": "expansion"
|
|
|
|
},
|
2016-06-12 05:20:26 +02:00
|
|
|
{
|
2017-02-13 12:02:51 +01:00
|
|
|
"predicate": "contributor",
|
|
|
|
"entry": [
|
2016-06-12 05:20:26 +02:00
|
|
|
{
|
|
|
|
"expanded": "OpenPGP Fingerprint",
|
|
|
|
"value": "pgpfingerprint"
|
|
|
|
}
|
2017-02-13 12:02:51 +01:00
|
|
|
]
|
2016-09-09 22:21:12 +02:00
|
|
|
},
|
|
|
|
{
|
2017-02-13 12:02:51 +01:00
|
|
|
"predicate": "confidence-level",
|
|
|
|
"entry": [
|
2016-09-09 22:21:12 +02:00
|
|
|
{
|
|
|
|
"expanded": "Completely confident",
|
|
|
|
"value": "completely-confident",
|
|
|
|
"numerical_value": 100
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "Usually confident",
|
|
|
|
"value": "usually-confident",
|
2016-09-10 12:13:41 +02:00
|
|
|
"numerical_value": 75
|
2016-09-09 22:21:12 +02:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "Fairly confident",
|
|
|
|
"value": "fairly-confident",
|
2016-09-10 12:13:41 +02:00
|
|
|
"numerical_value": 50
|
2016-09-09 22:21:12 +02:00
|
|
|
},
|
|
|
|
{
|
2016-09-12 10:57:12 +02:00
|
|
|
"expanded": "Rarely confident",
|
|
|
|
"value": "rarely-confident",
|
2016-09-10 12:13:41 +02:00
|
|
|
"numerical_value": 25
|
2016-09-09 22:21:12 +02:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "Unconfident",
|
|
|
|
"value": "unconfident",
|
2016-09-10 12:13:41 +02:00
|
|
|
"numerical_value": 0
|
2016-09-09 22:21:12 +02:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "Confidence cannot be evaluated",
|
2019-06-25 12:18:27 +02:00
|
|
|
"value": "confidence-cannot-be-evalued",
|
|
|
|
"numerical_value": 50
|
2016-09-09 22:21:12 +02:00
|
|
|
}
|
2017-02-13 12:02:51 +01:00
|
|
|
]
|
2016-09-15 21:57:51 +02:00
|
|
|
},
|
|
|
|
{
|
2017-02-13 12:02:51 +01:00
|
|
|
"predicate": "threat-level",
|
|
|
|
"entry": [
|
2016-09-15 21:57:51 +02:00
|
|
|
{
|
2017-02-13 12:02:51 +01:00
|
|
|
"expanded": "No risk",
|
|
|
|
"value": "no-risk",
|
|
|
|
"numerical_value": 0,
|
|
|
|
"description": "Harmless information. (CEUS threat level)"
|
2016-09-15 21:57:51 +02:00
|
|
|
},
|
2016-09-15 22:03:18 +02:00
|
|
|
{
|
2017-02-13 12:02:51 +01:00
|
|
|
"expanded": "Low risk",
|
|
|
|
"value": "low-risk",
|
|
|
|
"numerical_value": 25,
|
|
|
|
"description": "Low risk which can include mass-malware. (CEUS threat level)"
|
2016-09-15 22:03:18 +02:00
|
|
|
},
|
2016-09-15 21:57:51 +02:00
|
|
|
{
|
2017-02-13 12:02:51 +01:00
|
|
|
"expanded": "Medium risk",
|
|
|
|
"value": "medium-risk",
|
|
|
|
"numerical_value": 50,
|
|
|
|
"description": "Medium risk which can include targeted attacks (e.g. APT). (CEUS threat level)"
|
2016-09-15 21:57:51 +02:00
|
|
|
},
|
|
|
|
{
|
2017-02-13 12:02:51 +01:00
|
|
|
"expanded": "High risk",
|
|
|
|
"value": "high-risk",
|
|
|
|
"numerical_value": 100,
|
|
|
|
"description": "High risk which can include highly sophisticated attacks or 0-day attack. (CEUS threat level)"
|
2016-09-15 21:57:51 +02:00
|
|
|
}
|
2017-02-13 12:02:51 +01:00
|
|
|
]
|
2018-01-04 17:38:08 +01:00
|
|
|
},
|
2018-02-07 11:05:15 +01:00
|
|
|
{
|
|
|
|
"predicate": "automation-level",
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "Generated automatically without human verification",
|
|
|
|
"value": "unsupervised",
|
2019-06-25 12:18:27 +02:00
|
|
|
"numerical_value": 0
|
2018-02-07 11:05:15 +01:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "Generated automatically but verified by a human",
|
|
|
|
"value": "reviewed",
|
|
|
|
"numerical_value": 50
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "Output of human analysis",
|
|
|
|
"value": "manual",
|
2019-06-25 12:18:27 +02:00
|
|
|
"numerical_value": 100
|
2018-02-07 11:05:15 +01:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
2018-01-04 17:38:08 +01:00
|
|
|
{
|
|
|
|
"predicate": "tool",
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "misp2stix",
|
|
|
|
"value": "misp2stix"
|
2019-04-25 15:28:11 +02:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "misp2yara",
|
|
|
|
"value": "misp2yara"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"predicate": "misp2yara",
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "generated",
|
|
|
|
"value": "generated"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "as-is",
|
|
|
|
"value": "as-is"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "valid",
|
|
|
|
"value": "valid"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "invalid",
|
|
|
|
"value": "invalid"
|
2018-01-04 17:38:08 +01:00
|
|
|
}
|
|
|
|
]
|
2019-11-18 10:12:51 +01:00
|
|
|
},
|
2021-02-08 10:12:41 +01:00
|
|
|
{
|
|
|
|
"predicate": "event-type",
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "observation",
|
|
|
|
"value": "observation"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "incident",
|
|
|
|
"value": "incident"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "report",
|
|
|
|
"value": "report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "collection",
|
|
|
|
"value": "collection"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "analysis",
|
|
|
|
"value": "analysis"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "automatic-analysis",
|
|
|
|
"value": "automatic-analysis"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
2019-11-18 10:12:51 +01:00
|
|
|
{
|
|
|
|
"predicate": "ids",
|
|
|
|
"entry": [
|
|
|
|
{
|
|
|
|
"expanded": "force",
|
|
|
|
"value": "force",
|
|
|
|
"description": "Force the IDS flag to be the one from the tag."
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "true",
|
|
|
|
"value": "true",
|
|
|
|
"description": "Overwrite the current IDS flag of the information tag by IDS true."
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "false",
|
|
|
|
"value": "false",
|
|
|
|
"description": "Overwrite the current IDS flag of the information tag by IDS false."
|
|
|
|
}
|
|
|
|
]
|
2016-05-17 18:27:19 +02:00
|
|
|
}
|
|
|
|
],
|
|
|
|
"predicates": [
|
|
|
|
{
|
|
|
|
"expanded": "User-interface tag influencing the MISP behavior and visual interaction.",
|
|
|
|
"value": "ui"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "API related tag influencing the MISP behavior of the API.",
|
|
|
|
"value": "api"
|
2016-06-12 05:20:26 +02:00
|
|
|
},
|
2017-07-25 14:51:53 +02:00
|
|
|
{
|
|
|
|
"description": "Expansion tag incluencing the MISP behavior using expansion modules",
|
|
|
|
"expanded": "Expansion",
|
|
|
|
"value": "expansion"
|
|
|
|
},
|
2016-06-12 05:20:26 +02:00
|
|
|
{
|
|
|
|
"expanded": "Information related to the contributor.",
|
|
|
|
"value": "contributor"
|
2016-09-09 22:21:12 +02:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "Confidence level",
|
2019-11-05 10:28:02 +01:00
|
|
|
"value": "confidence-level",
|
|
|
|
"exclusive": true
|
2016-09-15 22:05:43 +02:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "Cyberthreat Effect Universal Scale - MISP's internal threat level taxonomy",
|
2019-11-05 10:28:02 +01:00
|
|
|
"value": "threat-level",
|
|
|
|
"exclusive": true
|
2016-10-09 15:46:12 +02:00
|
|
|
},
|
2018-01-12 16:19:29 +01:00
|
|
|
{
|
|
|
|
"expanded": "Automation level",
|
2018-01-12 16:55:49 +01:00
|
|
|
"value": "automation-level",
|
|
|
|
"exclusive": true
|
2018-01-12 16:19:29 +01:00
|
|
|
},
|
2016-10-09 15:46:12 +02:00
|
|
|
{
|
|
|
|
"description": "Event with this tag should not be synced to other MISP instances",
|
|
|
|
"expanded": "Should not sync",
|
|
|
|
"value": "should-not-sync"
|
2017-12-19 17:58:35 +01:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"description": "Tool associated with the information taggged",
|
|
|
|
"expanded": "Tool",
|
|
|
|
"value": "tool"
|
2019-07-18 14:31:49 +02:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "misp2yara export tool",
|
2019-11-05 10:28:02 +01:00
|
|
|
"value": "misp2yara",
|
|
|
|
"exclusive": true
|
2019-11-28 14:11:08 +01:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "IDS related tag unfluencing the MISP behavior of the IDS flag.",
|
|
|
|
"value": "ids"
|
2021-02-08 10:12:41 +01:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"expanded": "Type of the event.",
|
|
|
|
"value": "event-type"
|
2016-05-17 18:27:19 +02:00
|
|
|
}
|
|
|
|
],
|
2021-02-08 10:12:41 +01:00
|
|
|
"version": 12,
|
2016-09-09 22:21:12 +02:00
|
|
|
"description": "MISP taxonomy to infer with MISP behavior or operation.",
|
2016-05-17 18:27:19 +02:00
|
|
|
"expanded": "MISP",
|
|
|
|
"namespace": "misp"
|
|
|
|
}
|