diff --git a/cssa b/cssa deleted file mode 100644 index 1ef9c26..0000000 --- a/cssa +++ /dev/null @@ -1,79 +0,0 @@ -{ - "namespace": "cssa", - "description": "The CSSA agreed sharing taxonomy.", - "version": 1.3, - - "predicates": [ - { - "value": "sharing-class", - "expanded": "Sharing Class" - }, - { - "value": "origin", - "expanded": "Origin" - } - ], - - "values": [ - { - "predicate": "sharing-class", - "entry": [ - { - "value": "high_profile", - "expanded": "Generated within the company during incident/case related investigations or forensic analysis or via malware reversing, validated by humans and highly contextualized.", - "colour": "#007695" - }, - { - "value": "vetted", - "expanded": "Generated within the company, validated by a human prior to sharing, data points have been contextualized (to a degree) e.g. IPs are related to C2 or drop site.", - "colour": "#008aaf" - }, - { - "value": "unvetted", - "expanded": "Generated within the company by automated means without human interaction e.g., by malware sandbox, honeypots, IDS, etc.", - "colour": "#00b3e2" - } - ] -}, - { - "predicate": "origin", - "entry": [ - { - "value": "manual_investigation", - "expanded": "Information gathered by an analyst/incident responder/forensic expert/etc.", - "colour": "#29775d" - }, - { - "value": "honeypot", - "expanded": "Information coming out of honeypots.", - "colour": "#2f8a6c" - }, - { - "value": "sandbox", - "expanded": "Information coming out of sandboxes.", - "colour": "#369d7b" - }, - { - "value": "email", - "expanded": "Information coming out of email infrastructure.", - "colour": "#3cb08a" - }, - { - "value": "3rd-party", - "expanded": "Information from outside the company.", - "colour": "#46c098" - }, - { - "value": "other", - "expanded": "If none of the other origins applies.", - "colour": "#59c6a2" - }, - { - "value": "unknown", - "expanded": "Origin of the data unknown.", - "colour": "#6ccdad" - } - ] -} -] -}