misp-taxonomies/cssa/machinetag.json

{
  "namespace": "cssa",
  "description": "The CSSA agreed sharing taxonomy.",
  "version": 8,
  "predicates": [
    {
      "value": "sharing-class",
      "expanded": "Sharing Class"
    },
    {
      "value": "report",
      "expanded": "Report"
    },
    {
      "value": "origin",
      "expanded": "Origin"
    },
    {
      "value": "analyse",
      "expanded": "Please analyse sample",
      "colour": "#fab74d"
    }
  ],
  "values": [
    {
      "predicate": "sharing-class",
      "entry": [
        {
          "value": "high_profile",
          "expanded": "Generated within the company during incident/case related investigations or forensic analysis or via malware reversing, validated by humans and highly contextualized.",
          "colour": "#007695",
          "numerical_value": 95
        },
        {
          "value": "vetted",
          "expanded": "Generated within the company, validated by a human prior to sharing, data points have been contextualized (to a degree) e.g. IPs are related to C2 or drop site.",
          "colour": "#008aaf",
          "numerical_value": 50
        },
        {
          "value": "unvetted",
          "expanded": "Generated within the company by automated means without human interaction e.g., by malware sandbox, honeypots, IDS, etc.",
          "colour": "#00b3e2",
          "numerical_value": 10
        }
      ]
    },
    {
      "predicate": "report",
      "entry": [
        {
          "value": "details",
          "expanded": "Description of the incidence.",
          "colour": "#fbc166"
        },
        {
          "value": "link",
          "expanded": "Link to the original report location.",
          "colour": "#fbcb7f"
        },
        {
          "value": "attached",
          "expanded": "Attached report.",
          "colour": "#fcd597"
        }
      ]
    },
    {
      "predicate": "origin",
      "entry": [
        {
          "value": "manual_investigation",
          "expanded": "Information gathered by an analyst/incident responder/forensic expert/etc.",
          "colour": "#29775d"
        },
        {
          "value": "honeypot",
          "expanded": "Information coming out of honeypots.",
          "colour": "#2f8a6c"
        },
        {
          "value": "sandbox",
          "expanded": "Information coming out of sandboxes.",
          "colour": "#369d7b"
        },
        {
          "value": "email",
          "expanded": "Information coming out of email infrastructure.",
          "colour": "#3db08a"
        },
        {
          "value": "3rd-party",
          "expanded": "Information from outside the company.",
          "colour": "#46c098"
        },
        {
          "value": "report",
          "expanded": "Information coming from a report.",
          "colour": "#22644e"
        },
        {
          "value": "other",
          "expanded": "If none of the other origins applies.",
          "colour": "#59c6a2"
        },
        {
          "value": "unknown",
          "expanded": "Origin of the data unknown.",
          "colour": "#6ccdad"
        }
      ]
    }
  ]
}
Moved to a proper directory - The CSSA agreed sharing taxonomy. 2017-08-16 09:45:06 +02:00			`{`
			`"namespace": "cssa",`
			`"description": "The CSSA agreed sharing taxonomy.",`
chg: [cssa] version updated 2019-11-06 09:03:08 +01:00			`"version": 8,`
Moved to a proper directory - The CSSA agreed sharing taxonomy. 2017-08-16 09:45:06 +02:00			`"predicates": [`
			`{`
			`"value": "sharing-class",`
			`"expanded": "Sharing Class"`
			`},`
add report 2019-10-01 16:22:04 +02:00			`{`
			`"value": "report",`
			`"expanded": "Report"`
			`},`
fix: reorder predicates, make pytaxonomies happy 2019-11-28 14:11:08 +01:00			`{`
			`"value": "origin",`
			`"expanded": "Origin"`
			`},`
Update machinetag.json added "please analyse sample" tag 2018-02-06 11:24:21 +01:00			`{`
			`"value": "analyse",`
			`"expanded": "Please analyse sample",`
			`"colour": "#fab74d"`
Moved to a proper directory - The CSSA agreed sharing taxonomy. 2017-08-16 09:45:06 +02:00			`}`
			`],`
			`"values": [`
			`{`
			`"predicate": "sharing-class",`
			`"entry": [`
			`{`
			`"value": "high_profile",`
			`"expanded": "Generated within the company during incident/case related investigations or forensic analysis or via malware reversing, validated by humans and highly contextualized.",`
chg: numerical values added 2019-08-21 16:29:56 +02:00			`"colour": "#007695",`
			`"numerical_value": 95`
Moved to a proper directory - The CSSA agreed sharing taxonomy. 2017-08-16 09:45:06 +02:00			`},`
			`{`
			`"value": "vetted",`
			`"expanded": "Generated within the company, validated by a human prior to sharing, data points have been contextualized (to a degree) e.g. IPs are related to C2 or drop site.",`
chg: numerical values added 2019-08-21 16:29:56 +02:00			`"colour": "#008aaf",`
			`"numerical_value": 50`
Moved to a proper directory - The CSSA agreed sharing taxonomy. 2017-08-16 09:45:06 +02:00			`},`
			`{`
			`"value": "unvetted",`
			`"expanded": "Generated within the company by automated means without human interaction e.g., by malware sandbox, honeypots, IDS, etc.",`
chg: numerical values added 2019-08-21 16:29:56 +02:00			`"colour": "#00b3e2",`
			`"numerical_value": 10`
Moved to a proper directory - The CSSA agreed sharing taxonomy. 2017-08-16 09:45:06 +02:00			`}`
			`]`
			`},`
add report 2019-10-01 16:22:04 +02:00			`{`
			`"predicate": "report",`
			`"entry": [`
			`{`
			`"value": "details",`
			`"expanded": "Description of the incidence.",`
			`"colour": "#fbc166"`
			`},`
			`{`
			`"value": "link",`
			`"expanded": "Link to the original report location.",`
			`"colour": "#fbcb7f"`
			`},`
			`{`
			`"value": "attached",`
			`"expanded": "Attached report.",`
			`"colour": "#fcd597"`
			`}`
			`]`
			`},`
Moved to a proper directory - The CSSA agreed sharing taxonomy. 2017-08-16 09:45:06 +02:00			`{`
			`"predicate": "origin",`
			`"entry": [`
			`{`
			`"value": "manual_investigation",`
			`"expanded": "Information gathered by an analyst/incident responder/forensic expert/etc.",`
			`"colour": "#29775d"`
			`},`
			`{`
			`"value": "honeypot",`
			`"expanded": "Information coming out of honeypots.",`
			`"colour": "#2f8a6c"`
			`},`
			`{`
			`"value": "sandbox",`
			`"expanded": "Information coming out of sandboxes.",`
			`"colour": "#369d7b"`
			`},`
			`{`
			`"value": "email",`
			`"expanded": "Information coming out of email infrastructure.",`
add report 2019-10-01 16:22:04 +02:00			`"colour": "#3db08a"`
Moved to a proper directory - The CSSA agreed sharing taxonomy. 2017-08-16 09:45:06 +02:00			`},`
			`{`
			`"value": "3rd-party",`
			`"expanded": "Information from outside the company.",`
			`"colour": "#46c098"`
			`},`
add report 2019-10-01 16:22:04 +02:00			`{`
			`"value": "report",`
			`"expanded": "Information coming from a report.",`
			`"colour": "#22644e"`
			`},`
Moved to a proper directory - The CSSA agreed sharing taxonomy. 2017-08-16 09:45:06 +02:00			`{`
			`"value": "other",`
			`"expanded": "If none of the other origins applies.",`
			`"colour": "#59c6a2"`
			`},`
			`{`
			`"value": "unknown",`
			`"expanded": "Origin of the data unknown.",`
			`"colour": "#6ccdad"`
			`}`
			`]`
			`}`
			`]`
			`}`