misp-taxonomies/cssa/machinetag.json

{
  "namespace": "cssa",
  "description": "The CSSA agreed sharing taxonomy.",
  "version": 3,
  "predicates": [
    {
      "value": "sharing-class",
      "expanded": "Sharing Class"
    },
    {
      "value": "origin",
      "expanded": "Origin"
    }
  ],
  "values": [
    {
      "predicate": "sharing-class",
      "entry": [
        {
          "value": "high_profile",
          "expanded": "Generated within the company during incident/case related investigations or forensic analysis or via malware reversing, validated by humans and highly contextualized.",
          "colour": "#007695"
        },
        {
          "value": "vetted",
          "expanded": "Generated within the company, validated by a human prior to sharing, data points have been contextualized (to a degree) e.g. IPs are related to C2 or drop site.",
          "colour": "#008aaf"
        },
        {
          "value": "unvetted",
          "expanded": "Generated within the company by automated means without human interaction e.g., by malware sandbox, honeypots, IDS, etc.",
          "colour": "#00b3e2"
        }
      ]
    },
    {
      "predicate": "origin",
      "entry": [
        {
          "value": "manual_investigation",
          "expanded": "Information gathered by an analyst/incident responder/forensic expert/etc.",
          "colour": "#29775d"
        },
        {
          "value": "honeypot",
          "expanded": "Information coming out of honeypots.",
          "colour": "#2f8a6c"
        },
        {
          "value": "sandbox",
          "expanded": "Information coming out of sandboxes.",
          "colour": "#369d7b"
        },
        {
          "value": "email",
          "expanded": "Information coming out of email infrastructure.",
          "colour": "#3cb08a"
        },
        {
          "value": "3rd-party",
          "expanded": "Information from outside the company.",
          "colour": "#46c098"
        },
        {
          "value": "other",
          "expanded": "If none of the other origins applies.",
          "colour": "#59c6a2"
        },
        {
          "value": "unknown",
          "expanded": "Origin of the data unknown.",
          "colour": "#6ccdad"
        }
      ]
    }
  ]
}
Moved to a proper directory - The CSSA agreed sharing taxonomy. 2017-08-16 09:45:06 +02:00			`{`
			`"namespace": "cssa",`
			`"description": "The CSSA agreed sharing taxonomy.",`
cssa: Version must be an integer 2017-08-16 09:50:24 +02:00			`"version": 3,`
Moved to a proper directory - The CSSA agreed sharing taxonomy. 2017-08-16 09:45:06 +02:00			`"predicates": [`
			`{`
			`"value": "sharing-class",`
			`"expanded": "Sharing Class"`
			`},`
			`{`
			`"value": "origin",`
			`"expanded": "Origin"`
			`}`
			`],`
			`"values": [`
			`{`
			`"predicate": "sharing-class",`
			`"entry": [`
			`{`
			`"value": "high_profile",`
			`"expanded": "Generated within the company during incident/case related investigations or forensic analysis or via malware reversing, validated by humans and highly contextualized.",`
			`"colour": "#007695"`
			`},`
			`{`
			`"value": "vetted",`
			`"expanded": "Generated within the company, validated by a human prior to sharing, data points have been contextualized (to a degree) e.g. IPs are related to C2 or drop site.",`
			`"colour": "#008aaf"`
			`},`
			`{`
			`"value": "unvetted",`
			`"expanded": "Generated within the company by automated means without human interaction e.g., by malware sandbox, honeypots, IDS, etc.",`
			`"colour": "#00b3e2"`
			`}`
			`]`
			`},`
			`{`
			`"predicate": "origin",`
			`"entry": [`
			`{`
			`"value": "manual_investigation",`
			`"expanded": "Information gathered by an analyst/incident responder/forensic expert/etc.",`
			`"colour": "#29775d"`
			`},`
			`{`
			`"value": "honeypot",`
			`"expanded": "Information coming out of honeypots.",`
			`"colour": "#2f8a6c"`
			`},`
			`{`
			`"value": "sandbox",`
			`"expanded": "Information coming out of sandboxes.",`
			`"colour": "#369d7b"`
			`},`
			`{`
			`"value": "email",`
			`"expanded": "Information coming out of email infrastructure.",`
			`"colour": "#3cb08a"`
			`},`
			`{`
			`"value": "3rd-party",`
			`"expanded": "Information from outside the company.",`
			`"colour": "#46c098"`
			`},`
			`{`
			`"value": "other",`
			`"expanded": "If none of the other origins applies.",`
			`"colour": "#59c6a2"`
			`},`
			`{`
			`"value": "unknown",`
			`"expanded": "Origin of the data unknown.",`
			`"colour": "#6ccdad"`
			`}`
			`]`
			`}`
			`]`
			`}`