Added basic PassiveTotal tags, updated MANIFEST

2017-01-04 17:03:54 +00:00 · 2017-01-04 17:03:54 +00:00 · 0f1cc819b8
parent 0e320249de
commit 0f1cc819b8
2 changed files with 90 additions and 9 deletions
--- a/MANIFEST.json
+++ b/MANIFEST.json
@ -1,5 +1,5 @@
 {
-  "version": "20161219",
+  "version": "20170104",
  "license": "CC-0",
  "description": "Manifest file of MISP taxonomies available.",
  "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/",
@ -156,14 +156,9 @@
      "version": 1
    },
    {
-      "description": "The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman.",
+      "description": "Tags provided by RiskIQ's PassiveTotal service",
-      "name": "targeted-threat-index",
+      "name" : "passivetotal",
-      "version": 1
+      "version" : 1
    },
    {
      "description": "Representation of the behavior or modus operandi of cyber adversaries (a.k.a TTP) as normalized in STIX",
      "name": "stix-ttp",
      "version": 1
    }
  ]
 }
--- a/passivetotal/machinetag.json
+++ b/passivetotal/machinetag.json
@ -0,0 +1,86 @@
 {
    "namespace" : "passivetotal",
    "expanded"  : "PassiveTotal",
    "description": "Tags from RiskIQ's PassiveTotal service",
    "version"   : 1,
    "predicates": [
        {
            "value" : "sinkholed",
            "expanded": "Sinkhole Status"
        },
        {
            "value" : "ever-comprimised",
            "expanded" : "Ever Comprimised?"
        },
        {
            "value" : "class",
            "expanded" : "Classification"
        },
        {
            "value" : "dynamic-dns",
            "expanded": "Dynamic DNS"
        }
    ],
    "values" : [
        { 
            "predicate" : "sinkholed",
            "entry" : [
                { 
                    "value" : "yes",
                    "expanded": "Yes"
                },
                {
                    "value" : "no",
                    "expanded" : "No"
                }
            ]
        },
        {
            "predicate" : "ever-comprimised",
            "entry" : [
                { 
                    "value" : "yes",
                    "expanded": "Yes"
                },
                {
                    "value" : "no",
                    "expanded" : "No"
                }
            ]
        },
        {
            "predicate" : "dynamic-dns",
            "entry" : [
                {
                    "value" : "yes",
                    "expanded": "Yes"
                },
                {
                    "value" : "no",
                    "expanded" : "No"
                }
            ]
        },
        {
            "predicate" : "class",
            "entry" : [
                {
                    "value" : "malicious",
                    "expanded" : "Malicious"
                },
                {
                    "value" : "suspicious",
                    "expanded": "Malicious"
                },
                {
                    "value": "non-malicious",
                    "expanded": "Non Malicious"
                },
                {
                    "value" : "unknown",
                    "expanded" : "Unknown"
                }
            ]
        }
    ]
 }