misp-taxonomies/PAP/machinetag.json

35 lines
1.3 KiB
JSON
Raw Normal View History

2016-08-01 13:45:39 +02:00
{
"namespace": "PAP",
"expanded": "Permissible Actions Protocol",
2016-08-01 13:50:55 +02:00
"description": "The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.",
"version": 3,
"exclusive": true,
2016-08-01 13:45:39 +02:00
"predicates": [
{
"value": "RED",
2016-08-01 14:08:57 +02:00
"expanded": "(PAP:RED) Non-detectable actions only. Recipients may not use PAP:RED information on the network. Only passive actions on logs, that are not detectable from the outside.",
"colour": "#ff2b2b"
2016-08-01 13:45:39 +02:00
},
{
"value": "AMBER",
2016-08-01 14:08:57 +02:00
"expanded": "(PAP:AMBER) Passive cross check. Recipients may use PAP:AMBER information for conducting online checks, like using services provided by third parties (e.g. VirusTotal), or set up a monitoring honeypot.",
"colour": "#ffc000"
2016-08-01 13:45:39 +02:00
},
{
"value": "GREEN",
2016-08-01 14:08:57 +02:00
"expanded": "(PAP:GREEN) Active actions allowed. Recipients may use PAP:GREEN information to ping the target, block incoming/outgoing traffic from/to the target or specifically configure honeypots to interact with the target.",
"colour": "#33ff00"
},
{
"value": "CLEAR",
"expanded": "(PAP:CLEAR) No restrictions in using this information.",
"colour": "#ffffff"
2016-08-01 13:45:39 +02:00
},
{
"value": "WHITE",
2016-08-01 14:08:57 +02:00
"expanded": "(PAP:WHITE) No restrictions in using this information.",
"colour": "#ffffff"
2016-08-01 13:45:39 +02:00
}
2017-02-13 12:01:05 +01:00
]
2016-08-01 13:45:39 +02:00
}