From 0f1cc819b8591a3c6f28782bcd078ecfe4bd7183 Mon Sep 17 00:00:00 2001 From: Hannah Ward Date: Wed, 4 Jan 2017 17:03:54 +0000 Subject: [PATCH] Added basic PassiveTotal tags, updated MANIFEST --- MANIFEST.json | 13 ++---- passivetotal/machinetag.json | 86 ++++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+), 9 deletions(-) create mode 100644 passivetotal/machinetag.json diff --git a/MANIFEST.json b/MANIFEST.json index 3879143..8e84d1f 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -1,5 +1,5 @@ { - "version": "20161219", + "version": "20170104", "license": "CC-0", "description": "Manifest file of MISP taxonomies available.", "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/", @@ -156,14 +156,9 @@ "version": 1 }, { - "description": "The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman.", - "name": "targeted-threat-index", - "version": 1 - }, - { - "description": "Representation of the behavior or modus operandi of cyber adversaries (a.k.a TTP) as normalized in STIX", - "name": "stix-ttp", - "version": 1 + "description": "Tags provided by RiskIQ's PassiveTotal service", + "name" : "passivetotal", + "version" : 1 } ] } diff --git a/passivetotal/machinetag.json b/passivetotal/machinetag.json new file mode 100644 index 0000000..a718f0d --- /dev/null +++ b/passivetotal/machinetag.json @@ -0,0 +1,86 @@ +{ + "namespace" : "passivetotal", + "expanded" : "PassiveTotal", + "description": "Tags from RiskIQ's PassiveTotal service", + "version" : 1, + "predicates": [ + { + "value" : "sinkholed", + "expanded": "Sinkhole Status" + }, + { + "value" : "ever-comprimised", + "expanded" : "Ever Comprimised?" + }, + { + "value" : "class", + "expanded" : "Classification" + }, + { + "value" : "dynamic-dns", + "expanded": "Dynamic DNS" + } + ], + "values" : [ + { + "predicate" : "sinkholed", + "entry" : [ + { + "value" : "yes", + "expanded": "Yes" + }, + { + "value" : "no", + "expanded" : "No" + } + ] + }, + { + "predicate" : "ever-comprimised", + "entry" : [ + { + "value" : "yes", + "expanded": "Yes" + }, + { + "value" : "no", + "expanded" : "No" + } + ] + }, + { + "predicate" : "dynamic-dns", + "entry" : [ + { + "value" : "yes", + "expanded": "Yes" + }, + { + "value" : "no", + "expanded" : "No" + } + ] + }, + { + "predicate" : "class", + "entry" : [ + { + "value" : "malicious", + "expanded" : "Malicious" + }, + { + "value" : "suspicious", + "expanded": "Malicious" + }, + { + "value": "non-malicious", + "expanded": "Non Malicious" + }, + { + "value" : "unknown", + "expanded" : "Unknown" + } + ] + } + ] +}