misp-taxonomies/cssa/machinetag.json

115 lines
3.1 KiB
JSON
Raw Normal View History

{
"namespace": "cssa",
"description": "The CSSA agreed sharing taxonomy.",
2019-08-21 16:29:56 +02:00
"version": 6,
"predicates": [
{
"value": "sharing-class",
"expanded": "Sharing Class"
},
{
"value": "origin",
"expanded": "Origin"
},
2019-10-01 16:22:04 +02:00
{
"value": "report",
"expanded": "Report"
},
{
"value": "analyse",
"expanded": "Please analyse sample",
"colour": "#fab74d"
}
],
"values": [
{
"predicate": "sharing-class",
"entry": [
{
"value": "high_profile",
"expanded": "Generated within the company during incident/case related investigations or forensic analysis or via malware reversing, validated by humans and highly contextualized.",
2019-08-21 16:29:56 +02:00
"colour": "#007695",
"numerical_value": 95
},
{
"value": "vetted",
"expanded": "Generated within the company, validated by a human prior to sharing, data points have been contextualized (to a degree) e.g. IPs are related to C2 or drop site.",
2019-08-21 16:29:56 +02:00
"colour": "#008aaf",
"numerical_value": 50
},
{
"value": "unvetted",
"expanded": "Generated within the company by automated means without human interaction e.g., by malware sandbox, honeypots, IDS, etc.",
2019-08-21 16:29:56 +02:00
"colour": "#00b3e2",
"numerical_value": 10
}
]
},
2019-10-01 16:22:04 +02:00
{
"predicate": "report",
"entry": [
{
"value": "details",
"expanded": "Description of the incidence.",
"colour": "#fbc166"
},
{
"value": "link",
"expanded": "Link to the original report location.",
"colour": "#fbcb7f"
},
{
"value": "attached",
"expanded": "Attached report.",
"colour": "#fcd597"
}
]
},
{
"predicate": "origin",
"entry": [
{
"value": "manual_investigation",
"expanded": "Information gathered by an analyst/incident responder/forensic expert/etc.",
"colour": "#29775d"
},
{
"value": "honeypot",
"expanded": "Information coming out of honeypots.",
"colour": "#2f8a6c"
},
{
"value": "sandbox",
"expanded": "Information coming out of sandboxes.",
"colour": "#369d7b"
},
{
"value": "email",
"expanded": "Information coming out of email infrastructure.",
2019-10-01 16:22:04 +02:00
"colour": "#3db08a"
},
{
"value": "3rd-party",
"expanded": "Information from outside the company.",
"colour": "#46c098"
},
2019-10-01 16:22:04 +02:00
{
"value": "report",
"expanded": "Information coming from a report.",
"colour": "#22644e"
},
{
"value": "other",
"expanded": "If none of the other origins applies.",
"colour": "#59c6a2"
},
{
"value": "unknown",
"expanded": "Origin of the data unknown.",
"colour": "#6ccdad"
}
]
}
]
}