Added basic PassiveTotal tags, updated MANIFEST

pull/56/head
Hannah Ward 2017-01-04 17:03:54 +00:00
parent 0e320249de
commit 0f1cc819b8
No known key found for this signature in database
GPG Key ID: 6F3BAD60DE190290
2 changed files with 90 additions and 9 deletions

View File

@ -1,5 +1,5 @@
{ {
"version": "20161219", "version": "20170104",
"license": "CC-0", "license": "CC-0",
"description": "Manifest file of MISP taxonomies available.", "description": "Manifest file of MISP taxonomies available.",
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/", "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/",
@ -156,13 +156,8 @@
"version": 1 "version": 1
}, },
{ {
"description": "The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victims computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman.", "description": "Tags provided by RiskIQ's PassiveTotal service",
"name": "targeted-threat-index", "name" : "passivetotal",
"version": 1
},
{
"description": "Representation of the behavior or modus operandi of cyber adversaries (a.k.a TTP) as normalized in STIX",
"name": "stix-ttp",
"version" : 1 "version" : 1
} }
] ]

View File

@ -0,0 +1,86 @@
{
"namespace" : "passivetotal",
"expanded" : "PassiveTotal",
"description": "Tags from RiskIQ's PassiveTotal service",
"version" : 1,
"predicates": [
{
"value" : "sinkholed",
"expanded": "Sinkhole Status"
},
{
"value" : "ever-comprimised",
"expanded" : "Ever Comprimised?"
},
{
"value" : "class",
"expanded" : "Classification"
},
{
"value" : "dynamic-dns",
"expanded": "Dynamic DNS"
}
],
"values" : [
{
"predicate" : "sinkholed",
"entry" : [
{
"value" : "yes",
"expanded": "Yes"
},
{
"value" : "no",
"expanded" : "No"
}
]
},
{
"predicate" : "ever-comprimised",
"entry" : [
{
"value" : "yes",
"expanded": "Yes"
},
{
"value" : "no",
"expanded" : "No"
}
]
},
{
"predicate" : "dynamic-dns",
"entry" : [
{
"value" : "yes",
"expanded": "Yes"
},
{
"value" : "no",
"expanded" : "No"
}
]
},
{
"predicate" : "class",
"entry" : [
{
"value" : "malicious",
"expanded" : "Malicious"
},
{
"value" : "suspicious",
"expanded": "Malicious"
},
{
"value": "non-malicious",
"expanded": "Non Malicious"
},
{
"value" : "unknown",
"expanded" : "Unknown"
}
]
}
]
}