Merge pull request #189 from stricaud/trust

Trust Taxonomy
pull/190/head
Alexandre Dulaunoy 2020-04-14 08:29:54 +02:00 committed by GitHub
commit 25469f1a29
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 99 additions and 0 deletions

View File

@ -543,6 +543,11 @@
"name": "tlp", "name": "tlp",
"version": 5 "version": 5
}, },
{
"description": "The Indicators of Trust provide insight on data about what can be trusted",
"name": "trust",
"version": 1
},
{ {
"description": "Taxonomy to describe Tor network infrastructure", "description": "Taxonomy to describe Tor network infrastructure",
"name": "tor", "name": "tor",

View File

@ -58,6 +58,7 @@ bfuscation techniques. This taxonomy lists all the known or official packer used
- [The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.](./PAP) - [The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.](./PAP)
- [Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victims computer.](./targeted-threat-index) - [Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victims computer.](./targeted-threat-index)
- [TLP - Traffic Light Protocol](./tlp) - [TLP - Traffic Light Protocol](./tlp)
- [Trust - Indicators of Trust](./trust)
- [Type](./type) - [Type](./type)
- [Vocabulaire des probabilités estimatives](./vocabulaire-des-probabilites-estimatives) - [Vocabulaire des probabilités estimatives](./vocabulaire-des-probabilites-estimatives)
- Vocabulary for Event Recording and Incident Sharing [VERIS](./veris) - Vocabulary for Event Recording and Incident Sharing [VERIS](./veris)
@ -180,6 +181,10 @@ The Permissible Actions Protocol - or short: PAP - was designed to indicate how
The Traffic Light Protocol - or short: TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time. The Traffic Light Protocol - or short: TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time.
### [Trust - Indicators of Trust](./trust)
The Trust Taxonomy provides a way to use Indicators of Trust within MISP to get insight on data about what can be trusted. Similar to a whitelist but on steroids, leveraging MISP features one would use with Inidicators of Compromise, but to filter out what is known to be good.
### Vocabulary for Event Recording and Incident Sharing [VERIS](./veris) ### Vocabulary for Event Recording and Incident Sharing [VERIS](./veris)
Vocabulary for Event Recording and Incident Sharing is a format created by the [VERIS community](http://veriscommunity.net/). Vocabulary for Event Recording and Incident Sharing is a format created by the [VERIS community](http://veriscommunity.net/).

89
trust/machinetag.json Normal file
View File

@ -0,0 +1,89 @@
{
"version": 1,
"description": "The Indicator of Trust provides insight about data on what can be trusted and known as a good actor. Similar to a whitelist but on steroids, reusing features one would use with Indicators of Compromise, but to filter out what is known to be good.",
"expanded": "Indicators of Trust",
"namespace": "trust",
"exclusive": true,
"predicates": [
{
"value": "trust",
"expanded": "How much trust the analyst has with this indicator."
},
{
"value": "frequency",
"expanded": "Recency/count of occurence at which the indicator occurs in data."
},
{
"value": "valid",
"expanded": "Whether this indicator was pushed as trusted but cannot be trusted (ie. MD5 cannot be valid because it is cryptographically broken)."
}
],
"values": [
{
"predicate": "trust",
"entry": [
{
"value": "unknown",
"expanded": "Unknown Confidence State"
},
{
"value": "none",
"expanded": "Cannot Trust, no confidence"
},
{
"value": "partial",
"expanded": "Low confidence"
},
{
"value": "relationship",
"expanded": "Inherited Full Trust by a third party that we trust"
},
{
"value": "full",
"expanded": "We fully trust it"
}
]
},
{
"predicate": "frequency",
"entry": [
{
"value": "hourly",
"expanded": "This attribute is likely to happen at an hourly interval"
},
{
"value": "daily",
"expanded": "This attribute is likely to happen at a daily interval"
},
{
"value": "weekly",
"expanded": "This attribute is likely to happen at a weekly interval"
},
{
"value": "monthly",
"expanded": "This attribute is likely to happen at a monthly interval"
},
{
"value": "yearly",
"expanded": "Thie attribute is likely to happen at a yearly interval"
}
]
},
{
"predicate": "valid",
"entry": [
{
"value": "true",
"expanded": "This Trust is valid"
},
{
"value": "false",
"expanded": "This trust is invalid. Such as a MD5 Hash etc."
}
]
}
],
"refs": [
"https://trust.fyi/"
]
}