MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #258 from cudeso/main 

Sentinel indicator threat types
pull/259/head v2.4.165
Alexandre Dulaunoy 2022-11-05 07:51:27 +01:00 committed by GitHub
parent d67923e466 80c44735cc
commit 3564a85d6f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 62 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
MANIFEST.json
View File

@ -628,6 +628,11 @@
"name": "scrippsco2-sampling-stations",
"version": 1
},
{
"description": "Sentinel indicator threat types.",
"name": "sentinel-threattype",
"version": 1
},
{
"description": "Threat taxonomy in the scope of securing smart airports by ENISA. https://www.enisa.europa.eu/publications/securing-smart-airports",
"name": "smart-airports-threats",
@ -725,5 +730,5 @@
}
],
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/",
"version": "20221101"
"version": "20221104"
}

56
sentinel-threattype/machinetag.json Normal file
View File

@ -0,0 +1,56 @@
{
"namespace": "sentinel-threattype",
"expanded": "sentinel-threattype",
"description": "Sentinel indicator threat types.",
"version": 1,
"exclusive": true,
"refs": [
"https://learn.microsoft.com/en-us/graph/api/resources/tiindicator?view=graph-rest-beta#threattype-values"
],
"predicates": [
{
"value": "Botnet",
"expanded": "Indicator is detailing a botnet node/member."
},
{
"value": "C2",
"expanded": "Indicator is detailing a Command & Control node of a botnet."
},
{
"value": "CryptoMining",
"expanded": "Traffic involving this network address / URL is an indication of CyrptoMining / Resource abuse."
},
{
"value": "Darknet",
"expanded": "Indicator is that of a Darknet node/network."
},
{
"value": "DDoS",
"expanded": "Indicators relating to an active or upcoming DDoS campaign."
},
{
"value": "MaliciousUrl",
"expanded": "URL that is serving malware."
},
{
"value": "Malware",
"expanded": "Indicator describing a malicious file or files."
},
{
"value": "Phishing",
"expanded": "Indicators relating to a phishing campaign."
},
{
"value": "Proxy",
"expanded": "Indicator is that of a proxy service."
},
{
"value": "PUA",
"expanded": "Potentially Unwanted Application."
},
{
"value": "WatchList",
"expanded": "This is the generic bucket into which indicators are placed when it cannot be determined exactly what the threat is or will require manual interpretation. This should typically not be used by partners submitting data into the system."
}
]
}