2017-08-16 09:45:06 +02:00
{
"namespace" : "cssa" ,
"description" : "The CSSA agreed sharing taxonomy." ,
2019-08-21 16:29:56 +02:00
"version" : 6 ,
2017-08-16 09:45:06 +02:00
"predicates" : [
{
"value" : "sharing-class" ,
"expanded" : "Sharing Class"
} ,
{
"value" : "origin" ,
"expanded" : "Origin"
2018-02-06 11:24:21 +01:00
} ,
2019-10-01 16:22:04 +02:00
{
"value" : "report" ,
"expanded" : "Report"
} ,
2018-02-06 11:24:21 +01:00
{
"value" : "analyse" ,
"expanded" : "Please analyse sample" ,
"colour" : "#fab74d"
2017-08-16 09:45:06 +02:00
}
] ,
"values" : [
{
"predicate" : "sharing-class" ,
"entry" : [
{
"value" : "high_profile" ,
"expanded" : "Generated within the company during incident/case related investigations or forensic analysis or via malware reversing, validated by humans and highly contextualized." ,
2019-08-21 16:29:56 +02:00
"colour" : "#007695" ,
"numerical_value" : 95
2017-08-16 09:45:06 +02:00
} ,
{
"value" : "vetted" ,
"expanded" : "Generated within the company, validated by a human prior to sharing, data points have been contextualized (to a degree) e.g. IPs are related to C2 or drop site." ,
2019-08-21 16:29:56 +02:00
"colour" : "#008aaf" ,
"numerical_value" : 50
2017-08-16 09:45:06 +02:00
} ,
{
"value" : "unvetted" ,
"expanded" : "Generated within the company by automated means without human interaction e.g., by malware sandbox, honeypots, IDS, etc." ,
2019-08-21 16:29:56 +02:00
"colour" : "#00b3e2" ,
"numerical_value" : 10
2017-08-16 09:45:06 +02:00
}
]
} ,
2019-10-01 16:22:04 +02:00
{
"predicate" : "report" ,
"entry" : [
{
"value" : "details" ,
"expanded" : "Description of the incidence." ,
"colour" : "#fbc166"
} ,
{
"value" : "link" ,
"expanded" : "Link to the original report location." ,
"colour" : "#fbcb7f"
} ,
{
"value" : "attached" ,
"expanded" : "Attached report." ,
"colour" : "#fcd597"
}
]
} ,
2017-08-16 09:45:06 +02:00
{
"predicate" : "origin" ,
"entry" : [
{
"value" : "manual_investigation" ,
"expanded" : "Information gathered by an analyst/incident responder/forensic expert/etc." ,
"colour" : "#29775d"
} ,
{
"value" : "honeypot" ,
"expanded" : "Information coming out of honeypots." ,
"colour" : "#2f8a6c"
} ,
{
"value" : "sandbox" ,
"expanded" : "Information coming out of sandboxes." ,
"colour" : "#369d7b"
} ,
{
"value" : "email" ,
"expanded" : "Information coming out of email infrastructure." ,
2019-10-01 16:22:04 +02:00
"colour" : "#3db08a"
2017-08-16 09:45:06 +02:00
} ,
{
"value" : "3rd-party" ,
"expanded" : "Information from outside the company." ,
"colour" : "#46c098"
} ,
2019-10-01 16:22:04 +02:00
{
"value" : "report" ,
"expanded" : "Information coming from a report." ,
"colour" : "#22644e"
} ,
2017-08-16 09:45:06 +02:00
{
"value" : "other" ,
"expanded" : "If none of the other origins applies." ,
"colour" : "#59c6a2"
} ,
{
"value" : "unknown" ,
"expanded" : "Origin of the data unknown." ,
"colour" : "#6ccdad"
}
]
}
]
}