JQ all the things
parent
94290cfaa9
commit
3099290e4c
|
@ -166,9 +166,9 @@
|
||||||
"version": 1
|
"version": 1
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"description" : "Tags for RiskIQ's passivetotal service",
|
"description": "Tags for RiskIQ's passivetotal service",
|
||||||
"name" : "passivetotal",
|
"name": "passivetotal",
|
||||||
"version" : 1
|
"version": 1
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -102,4 +102,3 @@
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,63 +2,85 @@
|
||||||
"namespace": "dhs-ciip-sectors",
|
"namespace": "dhs-ciip-sectors",
|
||||||
"description": "DHS critical sectors as in https://www.dhs.gov/critical-infrastructure-sectors",
|
"description": "DHS critical sectors as in https://www.dhs.gov/critical-infrastructure-sectors",
|
||||||
"version": 2,
|
"version": 2,
|
||||||
"predicates": [{
|
"predicates": [
|
||||||
|
{
|
||||||
"value": "DHS-critical-sectors",
|
"value": "DHS-critical-sectors",
|
||||||
"expanded": "DHS critical sectors"
|
"expanded": "DHS critical sectors"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "sector",
|
"value": "sector",
|
||||||
"expanded": "Sector"
|
"expanded": "Sector"
|
||||||
}],
|
}
|
||||||
"values": [{
|
],
|
||||||
|
"values": [
|
||||||
|
{
|
||||||
"predicate": "DHS-critical-sectors",
|
"predicate": "DHS-critical-sectors",
|
||||||
"entry": [{
|
"entry": [
|
||||||
|
{
|
||||||
"value": "chemical",
|
"value": "chemical",
|
||||||
"expanded": "Chemical"
|
"expanded": "Chemical"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "commercial-facilities",
|
"value": "commercial-facilities",
|
||||||
"expanded": "Commercial Facilities"
|
"expanded": "Commercial Facilities"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "communications",
|
"value": "communications",
|
||||||
"expanded": "Communications"
|
"expanded": "Communications"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "critical-manufacturing",
|
"value": "critical-manufacturing",
|
||||||
"expanded": "Critical Manufacturing"
|
"expanded": "Critical Manufacturing"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "dams",
|
"value": "dams",
|
||||||
"expanded": "Dams"
|
"expanded": "Dams"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "dib",
|
"value": "dib",
|
||||||
"expanded": "Defense Industrial Base"
|
"expanded": "Defense Industrial Base"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "emergency-services",
|
"value": "emergency-services",
|
||||||
"expanded": "Emergency services"
|
"expanded": "Emergency services"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "energy",
|
"value": "energy",
|
||||||
"expanded": "energy"
|
"expanded": "energy"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "financial-services",
|
"value": "financial-services",
|
||||||
"expanded": "Financial Services"
|
"expanded": "Financial Services"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "food-agriculture",
|
"value": "food-agriculture",
|
||||||
"expanded": "Food and Agriculture"
|
"expanded": "Food and Agriculture"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "government-facilities",
|
"value": "government-facilities",
|
||||||
"expanded": "Government Facilities"
|
"expanded": "Government Facilities"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "healthcare-public",
|
"value": "healthcare-public",
|
||||||
"expanded": "Healthcare and Public Health"
|
"expanded": "Healthcare and Public Health"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "it",
|
"value": "it",
|
||||||
"expanded": "Information Technology"
|
"expanded": "Information Technology"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "nuclear",
|
"value": "nuclear",
|
||||||
"expanded": "Nuclear"
|
"expanded": "Nuclear"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "transport",
|
"value": "transport",
|
||||||
"expanded": "Transportation Systems"
|
"expanded": "Transportation Systems"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "water",
|
"value": "water",
|
||||||
"expanded": "Water and water systems"
|
"expanded": "Water and water systems"
|
||||||
}]
|
}
|
||||||
}]
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,9 @@
|
||||||
"expanded": "Diamond Model for Intrusion Analysis",
|
"expanded": "Diamond Model for Intrusion Analysis",
|
||||||
"description": "The Diamond Model for Intrusion Analysis, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack.",
|
"description": "The Diamond Model for Intrusion Analysis, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack.",
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"ref": ["http://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf"],
|
"ref": [
|
||||||
|
"http://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf"
|
||||||
|
],
|
||||||
"predicates": [
|
"predicates": [
|
||||||
{
|
{
|
||||||
"value": "Adversary",
|
"value": "Adversary",
|
||||||
|
|
|
@ -307,7 +307,6 @@
|
||||||
"value": "failure-or-disruption-of-communication-links-communication networks",
|
"value": "failure-or-disruption-of-communication-links-communication networks",
|
||||||
"expanded": "Failure or disruption of communication links (communication networks)",
|
"expanded": "Failure or disruption of communication links (communication networks)",
|
||||||
"description": "Threat of failure or malfunction of communications links."
|
"description": "Threat of failure or malfunction of communications links."
|
||||||
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "failure-of-cable-networks",
|
"value": "failure-of-cable-networks",
|
||||||
|
|
|
@ -2,61 +2,83 @@
|
||||||
"namespace": "eu-marketop-and-publicadmin",
|
"namespace": "eu-marketop-and-publicadmin",
|
||||||
"description": "Market operators and public administrations that must comply to some notifications requirements under EU NIS directive",
|
"description": "Market operators and public administrations that must comply to some notifications requirements under EU NIS directive",
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"predicates": [{
|
"predicates": [
|
||||||
|
{
|
||||||
"value": "critical-infra-operators",
|
"value": "critical-infra-operators",
|
||||||
"expanded": "Critical Infrastructure Operators"
|
"expanded": "Critical Infrastructure Operators"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "info-services",
|
"value": "info-services",
|
||||||
"expanded": "Information Society services enablers"
|
"expanded": "Information Society services enablers"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "public-admin",
|
"value": "public-admin",
|
||||||
"expanded": "Public administration"
|
"expanded": "Public administration"
|
||||||
}],
|
}
|
||||||
"values": [{
|
],
|
||||||
|
"values": [
|
||||||
|
{
|
||||||
"predicate": "critical-infra-operators",
|
"predicate": "critical-infra-operators",
|
||||||
"entry": [{
|
"entry": [
|
||||||
|
{
|
||||||
"value": "transport",
|
"value": "transport",
|
||||||
"expanded": "Transport"
|
"expanded": "Transport"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "energy",
|
"value": "energy",
|
||||||
"expanded": "Energy"
|
"expanded": "Energy"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "health",
|
"value": "health",
|
||||||
"expanded": "Health"
|
"expanded": "Health"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "financial",
|
"value": "financial",
|
||||||
"expanded": "Financial market operators"
|
"expanded": "Financial market operators"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "banking",
|
"value": "banking",
|
||||||
"expanded": "Banking"
|
"expanded": "Banking"
|
||||||
}]
|
}
|
||||||
}, {
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
"predicate": "info-services",
|
"predicate": "info-services",
|
||||||
"entry": [{
|
"entry": [
|
||||||
|
{
|
||||||
"value": "e-commerce",
|
"value": "e-commerce",
|
||||||
"expanded": "e-commerce platforms"
|
"expanded": "e-commerce platforms"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "internet-payment",
|
"value": "internet-payment",
|
||||||
"expanded": "Internet payment"
|
"expanded": "Internet payment"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "cloud",
|
"value": "cloud",
|
||||||
"expanded": "cloud computing"
|
"expanded": "cloud computing"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "search-engines",
|
"value": "search-engines",
|
||||||
"expanded": "search engines"
|
"expanded": "search engines"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "socnet",
|
"value": "socnet",
|
||||||
"expanded": "social networks"
|
"expanded": "social networks"
|
||||||
}, {
|
},
|
||||||
|
{
|
||||||
"value": "app-stores",
|
"value": "app-stores",
|
||||||
"expanded": "application stores"
|
"expanded": "application stores"
|
||||||
}]
|
}
|
||||||
}, {
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
"predicate": "public-admin",
|
"predicate": "public-admin",
|
||||||
"entry": [{
|
"entry": [
|
||||||
|
{
|
||||||
"value": "public-admin",
|
"value": "public-admin",
|
||||||
"expanded": "Public Administrations"
|
"expanded": "Public Administrations"
|
||||||
}]
|
}
|
||||||
}]
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -139,7 +139,8 @@
|
||||||
"description": "This indicator measures illicit entrance of individuals into security perimeter."
|
"description": "This indicator measures illicit entrance of individuals into security perimeter."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},{
|
},
|
||||||
|
{
|
||||||
"predicate": "IMF",
|
"predicate": "IMF",
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
|
@ -188,7 +189,8 @@
|
||||||
"description": "This indicator primarily relates to Personal Identifiable Information (PII) protected by privacy laws, to information falling under the PCI-DSS regulation, to information falling under European regulation in the area of breach notification (Telcos and ISPs to begin with), and to information about electronic exchanges between employees and the exterior (electronic messaging and Internet connection). This indicator does not include possible difficulties pertaining to proof forwarding from field operations to governance (state-of-the-art unavailable). This indicator is a sub-set of indicator IMF_LOG.1, but can be identical to this one in advanced organizations."
|
"description": "This indicator primarily relates to Personal Identifiable Information (PII) protected by privacy laws, to information falling under the PCI-DSS regulation, to information falling under European regulation in the area of breach notification (Telcos and ISPs to begin with), and to information about electronic exchanges between employees and the exterior (electronic messaging and Internet connection). This indicator does not include possible difficulties pertaining to proof forwarding from field operations to governance (state-of-the-art unavailable). This indicator is a sub-set of indicator IMF_LOG.1, but can be identical to this one in advanced organizations."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},{
|
},
|
||||||
|
{
|
||||||
"predicate": "IDB",
|
"predicate": "IDB",
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
|
@ -247,7 +249,8 @@
|
||||||
"description": "This event is generally decided and deployed by an administrator in order to improve performance of the system under his/her responsibility (illicit voluntary stoppage). This indicator is a reduced subset of indicator IUS_RGH.5"
|
"description": "This event is generally decided and deployed by an administrator in order to improve performance of the system under his/her responsibility (illicit voluntary stoppage). This indicator is a reduced subset of indicator IUS_RGH.5"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},{
|
},
|
||||||
|
{
|
||||||
"predicate": "IWH",
|
"predicate": "IWH",
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
|
@ -281,7 +284,8 @@
|
||||||
"description": "This indicator measures security incidents tied to assets (on servers) non-inventoried and not managed by appointed teams. It is a key indicator insofar as a high percentage of incidents corresponds with this indicator on average in the profession (according to some public surveys)."
|
"description": "This indicator measures security incidents tied to assets (on servers) non-inventoried and not managed by appointed teams. It is a key indicator insofar as a high percentage of incidents corresponds with this indicator on average in the profession (according to some public surveys)."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},{
|
},
|
||||||
|
{
|
||||||
"predicate": "VBH",
|
"predicate": "VBH",
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
|
@ -400,7 +404,8 @@
|
||||||
"description": "This vulnerability applies to discussions through on-line media leading to leakage of personal identifiable information (PII) or various business details to be used later (notably for identity usurpation) "
|
"description": "This vulnerability applies to discussions through on-line media leading to leakage of personal identifiable information (PII) or various business details to be used later (notably for identity usurpation) "
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},{
|
},
|
||||||
|
{
|
||||||
"predicate": "VSW",
|
"predicate": "VSW",
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
|
@ -419,7 +424,8 @@
|
||||||
"description": "This indicators measures software vulnerabilities detected in Web browsers running on workstations."
|
"description": "This indicators measures software vulnerabilities detected in Web browsers running on workstations."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},{
|
},
|
||||||
|
{
|
||||||
"predicate": "VCF",
|
"predicate": "VCF",
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
|
@ -473,7 +479,8 @@
|
||||||
"description": "This indicator measures accounts inactive for at least 2 months that have not been disabled. These accounts are not used by their users due to prolonged but not definitive absence (long term illness, maternity, etc.), with the exclusion of messaging accounts (which should remain accessible to users from their home)."
|
"description": "This indicator measures accounts inactive for at least 2 months that have not been disabled. These accounts are not used by their users due to prolonged but not definitive absence (long term illness, maternity, etc.), with the exclusion of messaging accounts (which should remain accessible to users from their home)."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},{
|
},
|
||||||
|
{
|
||||||
"predicate": "VTC",
|
"predicate": "VTC",
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
|
@ -507,7 +514,8 @@
|
||||||
"description": "This indicator includes access to protected internal areas. The 1st cause is the lack of effective control of users at software level. The 2nd cause is hardware breakdown of a component in the chain."
|
"description": "This indicator includes access to protected internal areas. The 1st cause is the lack of effective control of users at software level. The 2nd cause is hardware breakdown of a component in the chain."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},{
|
},
|
||||||
|
{
|
||||||
"predicate": "VOR",
|
"predicate": "VOR",
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
|
@ -556,7 +564,8 @@
|
||||||
"description": "This indicator measures the launch of new IT projects of a standard type without identification of vulnerabilities and threats and of related security measures. For these IT projects, potential implementation of a simplified risk analysis method or of pre-defined security profiles can be applied."
|
"description": "This indicator measures the launch of new IT projects of a standard type without identification of vulnerabilities and threats and of related security measures. For these IT projects, potential implementation of a simplified risk analysis method or of pre-defined security profiles can be applied."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},{
|
},
|
||||||
|
{
|
||||||
"predicate": "IMP",
|
"predicate": "IMP",
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
|
|
|
@ -5,7 +5,7 @@ set -x
|
||||||
|
|
||||||
# Seeds sponge, from moreutils
|
# Seeds sponge, from moreutils
|
||||||
|
|
||||||
for dir in ./*/list.json
|
for dir in ./*/machinetag.json
|
||||||
do
|
do
|
||||||
cat ${dir} | jq . | sponge ${dir}
|
cat ${dir} | jq . | sponge ${dir}
|
||||||
done
|
done
|
||||||
|
|
|
@ -163,4 +163,3 @@
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,75 +1,75 @@
|
||||||
{
|
{
|
||||||
"namespace" : "passivetotal",
|
"namespace": "passivetotal",
|
||||||
"expanded" : "PassiveTotal",
|
"expanded": "PassiveTotal",
|
||||||
"description": "Tags from RiskIQ's PassiveTotal service",
|
"description": "Tags from RiskIQ's PassiveTotal service",
|
||||||
"version" : 1,
|
"version": 1,
|
||||||
"predicates": [
|
"predicates": [
|
||||||
{
|
{
|
||||||
"value" : "sinkholed",
|
"value": "sinkholed",
|
||||||
"expanded": "Sinkhole Status"
|
"expanded": "Sinkhole Status"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value" : "ever-comprimised",
|
"value": "ever-comprimised",
|
||||||
"expanded" : "Ever Comprimised?"
|
"expanded": "Ever Comprimised?"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value" : "class",
|
"value": "class",
|
||||||
"expanded" : "Classification"
|
"expanded": "Classification"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value" : "dynamic-dns",
|
"value": "dynamic-dns",
|
||||||
"expanded": "Dynamic DNS"
|
"expanded": "Dynamic DNS"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"values" : [
|
"values": [
|
||||||
{
|
{
|
||||||
"predicate" : "sinkholed",
|
"predicate": "sinkholed",
|
||||||
"entry" : [
|
"entry": [
|
||||||
{
|
{
|
||||||
"value" : "yes",
|
"value": "yes",
|
||||||
"expanded": "Yes"
|
"expanded": "Yes"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value" : "no",
|
"value": "no",
|
||||||
"expanded" : "No"
|
"expanded": "No"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"predicate" : "ever-comprimised",
|
"predicate": "ever-comprimised",
|
||||||
"entry" : [
|
"entry": [
|
||||||
{
|
{
|
||||||
"value" : "yes",
|
"value": "yes",
|
||||||
"expanded": "Yes"
|
"expanded": "Yes"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value" : "no",
|
"value": "no",
|
||||||
"expanded" : "No"
|
"expanded": "No"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"predicate" : "dynamic-dns",
|
"predicate": "dynamic-dns",
|
||||||
"entry" : [
|
"entry": [
|
||||||
{
|
{
|
||||||
"value" : "yes",
|
"value": "yes",
|
||||||
"expanded": "Yes"
|
"expanded": "Yes"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value" : "no",
|
"value": "no",
|
||||||
"expanded" : "No"
|
"expanded": "No"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"predicate" : "class",
|
"predicate": "class",
|
||||||
"entry" : [
|
"entry": [
|
||||||
{
|
{
|
||||||
"value" : "malicious",
|
"value": "malicious",
|
||||||
"expanded" : "Malicious"
|
"expanded": "Malicious"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value" : "suspicious",
|
"value": "suspicious",
|
||||||
"expanded": "Malicious"
|
"expanded": "Malicious"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -77,8 +77,8 @@
|
||||||
"expanded": "Non Malicious"
|
"expanded": "Non Malicious"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value" : "unknown",
|
"value": "unknown",
|
||||||
"expanded" : "Unknown"
|
"expanded": "Unknown"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -76,7 +76,6 @@
|
||||||
"value": "other-sector",
|
"value": "other-sector",
|
||||||
"expanded": "Other Sector"
|
"expanded": "Other Sector"
|
||||||
},
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
"value": "corporate-employee-information",
|
"value": "corporate-employee-information",
|
||||||
"expanded": "Corporate Employee Information"
|
"expanded": "Corporate Employee Information"
|
||||||
|
|
Loading…
Reference in New Issue