MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

Update schema, fix taxonomies accordingly.

pull/60/head
Raphaël Vinot 2017-02-13 16:39:06 +01:00
parent fcde7e1af8
commit 1c6ece2ae6
3 changed files with 82 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
diamond-model/machinetag.json
View File

@ -3,7 +3,7 @@
"expanded": "Diamond Model for Intrusion Analysis", "expanded": "Diamond Model for Intrusion Analysis",
"description": "The Diamond Model for Intrusion Analysis, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack.", "description": "The Diamond Model for Intrusion Analysis, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack.",
"version": 1, "version": 1,
"ref": [ "refs": [
"http://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf" "http://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf"
], ],
"predicates": [ "predicates": [

6
malware_classification/machinetag.json
View File

@ -1,7 +1,7 @@
{ {
"namespace": "malware_classification", "namespace": "malware_classification",
"description": "Classification based on different categories. Based on https://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848", "description": "Classification based on different categories. Based on https://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848",
"version": 1, "version": 2,
"predicates": [ "predicates": [
{ {
"value": "malware-category", "value": "malware-category",
@ -89,10 +89,6 @@
"value": "armouring", "value": "armouring",
"expanded": "armouring" "expanded": "armouring"
}, },
{
"value": "encryption",
"expanded": "encryption"
},
{ {
"value": "tunneling", "value": "tunneling",
"expanded": "tunneling" "expanded": "tunneling"

83
schema.json
View File

@ -2,11 +2,78 @@
"$schema": "http://json-schema.org/schema#", "$schema": "http://json-schema.org/schema#",
"title": "Validator for misp-taxonomies", "title": "Validator for misp-taxonomies",
"id": "https://www.github.com/MISP/misp-taxonomies/schema.json", "id": "https://www.github.com/MISP/misp-taxonomies/schema.json",
"defs": {
"predicate": {
"type": "object",
"additionalProperties": false,
"properties": {
"value": {
"type": "string"
},
"colour": {
"type": "string"
},
"description": {
"type": "string"
},
"numerical_value": {
"type": "number"
},
"expanded": {
"type": "string"
}
},
"required": [
"value"
]
},
"entry": {
"type": "object",
"additionalProperties": false,
"properties": {
"predicate": {
"type": "string"
},
"entry": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"value": {
"type": "string"
},
"description": {
"type": "string"
},
"expanded": {
"type": "string"
},
"numerical_value": {
"type": "number"
}
},
"required": [
"value"
]
}
}
}
},
"required": [
"predicate"
]
},
"type": "object", "type": "object",
"additionalProperties": false,
"properties": { "properties": {
"namespace": { "namespace": {
"type": "string" "type": "string"
}, },
"expanded": {
"type": "string"
},
"description": { "description": {
"type": "string" "type": "string"
}, },
@ -17,20 +84,30 @@
"type": "array", "type": "array",
"uniqueItems": true, "uniqueItems": true,
"items": { "items": {
"type": "object" "type": "object",
"$ref": "#/defs/predicate"
} }
}, },
"values": { "values": {
"type": "array", "type": "array",
"uniqueItems": true, "uniqueItems": true,
"items": { "items": {
"type": "object" "type": "object",
"$ref": "#/defs/entry"
}
},
"refs": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "string"
} }
} }
}, },
"required": [ "required": [
"namespace", "namespace",
"description", "description",
"version" "version",
"predicates"
] ]
} }