Merge pull request #174 from MISP/feature-exclusive
Feature `exclusive` and `numerical_value`pull/176/head
commit
519d1f45b5
1050
MANIFEST.json
1050
MANIFEST.json
File diff suppressed because it is too large
Load Diff
|
@ -2,7 +2,8 @@
|
|||
"namespace": "PAP",
|
||||
"expanded": "Permissible Actions Protocol",
|
||||
"description": "The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.",
|
||||
"version": 1,
|
||||
"version": 2,
|
||||
"exclusive": true,
|
||||
"predicates": [
|
||||
{
|
||||
"value": "RED",
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,15 +1,17 @@
|
|||
{
|
||||
"namespace": "admiralty-scale",
|
||||
"description": "The Admiralty Scale or Ranking (also called the NATO System) is used to rank the reliability of a source and the credibility of an information. Reference based on FM 2-22.3 (FM 34-52) HUMAN INTELLIGENCE COLLECTOR OPERATIONS and NATO documents.",
|
||||
"version": 4,
|
||||
"version": 5,
|
||||
"predicates": [
|
||||
{
|
||||
"value": "source-reliability",
|
||||
"expanded": "Source Reliability"
|
||||
"expanded": "Source Reliability",
|
||||
"exclusive": true
|
||||
},
|
||||
{
|
||||
"value": "information-credibility",
|
||||
"expanded": "Information Credibility"
|
||||
"expanded": "Information Credibility",
|
||||
"exclusive": true
|
||||
}
|
||||
],
|
||||
"values": [
|
||||
|
|
|
@ -1,23 +1,27 @@
|
|||
{
|
||||
"namespace": "ais-marking",
|
||||
"description": "The AIS Marking Schema implementation is maintained by the National Cybersecurity and Communication Integration Center (NCCIC) of the U.S. Department of Homeland Security (DHS)",
|
||||
"version": 1,
|
||||
"version": 2,
|
||||
"predicates": [
|
||||
{
|
||||
"value": "TLPMarking",
|
||||
"expanded": "TLP Marking"
|
||||
"expanded": "TLP Marking",
|
||||
"exclusive": true
|
||||
},
|
||||
{
|
||||
"value": "AISConsent",
|
||||
"expanded": "AIS Consent"
|
||||
"expanded": "AIS Consent",
|
||||
"exclusive": true
|
||||
},
|
||||
{
|
||||
"value": "CISA_Proprietary",
|
||||
"expanded": "CISA Proprietary"
|
||||
"expanded": "CISA Proprietary",
|
||||
"exclusive": true
|
||||
},
|
||||
{
|
||||
"value": "AISMarking",
|
||||
"expanded": "AIS Marking"
|
||||
"expanded": "AIS Marking",
|
||||
"exclusive": true
|
||||
}
|
||||
],
|
||||
"values": [
|
||||
|
|
|
@ -229,7 +229,7 @@
|
|||
"org",
|
||||
"user"
|
||||
],
|
||||
"version": 3,
|
||||
"version": 4,
|
||||
"description": "A series of assessment predicates describing the analyst capabilities to perform analysis. These assessment can be assigned by the analyst him/herself or by another party evaluating the analyst.",
|
||||
"expanded": "Analyst (Self) Assessment",
|
||||
"namespace": "analyst-assessment"
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
{
|
||||
"namespace": "binary-class",
|
||||
"description": "Custom taxonomy for types of binary file.",
|
||||
"version": 1,
|
||||
"exclusive": true,
|
||||
"version": 2,
|
||||
"predicates": [
|
||||
{
|
||||
"value": "type",
|
||||
|
|
|
@ -55,7 +55,7 @@
|
|||
"https://en.wikipedia.org/wiki/COPINE_scale",
|
||||
"http://journals.sagepub.com/doi/pdf/10.1177/1079063217724768"
|
||||
],
|
||||
"version": 2,
|
||||
"version": 3,
|
||||
"description": "The COPINE Scale is a rating system created in Ireland and used in the United Kingdom to categorise the severity of images of child sex abuse. The scale was developed by staff at the COPINE (Combating Paedophile Information Networks in Europe) project. The COPINE Project was founded in 1997, and is based in the Department of Applied Psychology, University College Cork, Ireland.",
|
||||
"expanded": "COPINE Scale",
|
||||
"namespace": "copine-scale",
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"namespace": "cssa",
|
||||
"description": "The CSSA agreed sharing taxonomy.",
|
||||
"version": 6,
|
||||
"version": 7,
|
||||
"predicates": [
|
||||
{
|
||||
"value": "sharing-class",
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
"namespace": "cyber-threat-framework",
|
||||
"expanded": "Cyber Threat Framework",
|
||||
"description": "Cyber Threat Framework was developed by the US Government to enable consistent characterization and categorization of cyber threat events, and to identify trends or changes in the activities of cyber adversaries. https://www.dni.gov/index.php/cyber-threat-framework",
|
||||
"version": 1,
|
||||
"version": 2,
|
||||
"predicates": [
|
||||
{
|
||||
"value": "Preparation",
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
"namespace": "economical-impact",
|
||||
"expanded": " Economical Impact",
|
||||
"description": "Economical impact is a taxonomy to describe the financial impact as positive or negative gain to the tagged information (e.g. data exfiltration loss, a positive gain for an adversary).",
|
||||
"version": 3,
|
||||
"version": 4,
|
||||
"refs": [
|
||||
"https://www.misp-project.org/"
|
||||
],
|
||||
|
@ -112,12 +112,14 @@
|
|||
{
|
||||
"value": "loss",
|
||||
"expanded": "Loss",
|
||||
"description": "A financial impact evaluated as a casuality."
|
||||
"description": "A financial impact evaluated as a casuality.",
|
||||
"exclusive": true
|
||||
},
|
||||
{
|
||||
"value": "gain",
|
||||
"expanded": "Gain",
|
||||
"description": "A financial impact evaluated as a benefit."
|
||||
"description": "A financial impact evaluated as a benefit.",
|
||||
"exclusive": true
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
@ -2,17 +2,19 @@
|
|||
"namespace": "estimative-language",
|
||||
"expanded": "Estimative languages",
|
||||
"description": "Estimative language to describe quality and credibility of underlying sources, data, and methodologies based Intelligence Community Directive 203 (ICD 203) and JP 2-0, Joint Intelligence",
|
||||
"version": 4,
|
||||
"version": 5,
|
||||
"predicates": [
|
||||
{
|
||||
"value": "likelihood-probability",
|
||||
"expanded": "Likelihood or probability",
|
||||
"description": "Properly expresses and explains uncertainties associated with major analytic judgments: Analytic products should indicate and explain the basis for the uncertainties associated with major analytic judgments, specifically the likelihood of occurrence of an event or development, and the analyst's confidence in the basis for this judgment. Degrees of likelihood encompass a full spectrum from remote to nearly certain. Analysts' confidence in an assessment or judgment may be based on the logic and evidentiary base that underpin it, including the quantity and quality of source material, and their understanding of the topic. Analytic products should note causes of uncertainty (e.g., type, currency, and amount of information, knowledge gaps, and the nature of the issue) and explain how uncertainties affect analysis (e.g., to what degree and how a judgment depends on assumptions). As appropriate, products should identify indicators that would alter the levels of uncertainty for major analytic judgments. Consistency in the terms used and the supporting information and logic advanced is critical to success in expressing uncertainty, regardless of whether likelihood or confidence expressions are used."
|
||||
"description": "Properly expresses and explains uncertainties associated with major analytic judgments: Analytic products should indicate and explain the basis for the uncertainties associated with major analytic judgments, specifically the likelihood of occurrence of an event or development, and the analyst's confidence in the basis for this judgment. Degrees of likelihood encompass a full spectrum from remote to nearly certain. Analysts' confidence in an assessment or judgment may be based on the logic and evidentiary base that underpin it, including the quantity and quality of source material, and their understanding of the topic. Analytic products should note causes of uncertainty (e.g., type, currency, and amount of information, knowledge gaps, and the nature of the issue) and explain how uncertainties affect analysis (e.g., to what degree and how a judgment depends on assumptions). As appropriate, products should identify indicators that would alter the levels of uncertainty for major analytic judgments. Consistency in the terms used and the supporting information and logic advanced is critical to success in expressing uncertainty, regardless of whether likelihood or confidence expressions are used.",
|
||||
"exclusive": true
|
||||
},
|
||||
{
|
||||
"value": "confidence-in-analytic-judgment",
|
||||
"expanded": "Confidence in analytic judgment",
|
||||
"description": "Confidence in a judgment is based on three factors: number of key assumptions required, the credibility and diversity of sourcing in the knowledge base, and the strength of argumentation. Each factor should be assessed independently and then in concert with the other factors to determine the confidence level. Multiple judgments in a product may contain varying levels of confidence. Confidence levels are stated as Low, Moderate, and High."
|
||||
"description": "Confidence in a judgment is based on three factors: number of key assumptions required, the credibility and diversity of sourcing in the knowledge base, and the strength of argumentation. Each factor should be assessed independently and then in concert with the other factors to determine the confidence level. Multiple judgments in a product may contain varying levels of confidence. Confidence levels are stated as Low, Moderate, and High.",
|
||||
"exclusive": true
|
||||
}
|
||||
],
|
||||
"values": [
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
{
|
||||
"namespace": "euci",
|
||||
"description": "EU classified information (EUCI) means any information or material designated by a EU security classification, the unauthorised disclosure of which could cause varying degrees of prejudice to the interests of the European Union or of one or more of the Member States.",
|
||||
"version": 2,
|
||||
"version": 3,
|
||||
"exclusive": true,
|
||||
"predicates": [
|
||||
{
|
||||
"value": "TS-UE/EU-TS",
|
||||
|
|
|
@ -1,18 +1,20 @@
|
|||
{
|
||||
"namespace": "false-positive",
|
||||
"description": "This taxonomy aims to ballpark the expected amount of false positives.",
|
||||
"version": 3,
|
||||
"version": 4,
|
||||
"expanded": "False positive",
|
||||
"predicates": [
|
||||
{
|
||||
"value": "risk",
|
||||
"expanded": "Risk",
|
||||
"description": "Risk of having false positives in the tagged value."
|
||||
"description": "Risk of having false positives in the tagged value.",
|
||||
"exclusive": true
|
||||
},
|
||||
{
|
||||
"value": "confirmed",
|
||||
"expanded": "Confirmed",
|
||||
"description": "Confirmed false positives in the tagged value."
|
||||
"description": "Confirmed false positives in the tagged value.",
|
||||
"exclusive": true
|
||||
}
|
||||
],
|
||||
"values": [
|
||||
|
@ -38,6 +40,21 @@
|
|||
"numerical_value": 25
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"predicate": "confirmed",
|
||||
"entry": [
|
||||
{
|
||||
"value": "true",
|
||||
"description": "The false positive is confirmed.",
|
||||
"numerical_value": 0
|
||||
},
|
||||
{
|
||||
"value": "false",
|
||||
"description": "The flase positive is not confirmed.",
|
||||
"numerical_value": 50
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
{
|
||||
"namespace": "flesch-reading-ease",
|
||||
"description": "Flesch Reading Ease is a revised system for determining the comprehension difficulty of written material. The scoring of the flesh score can have a maximum of 121.22 and there is no limit on how low a score can be (negative score are valid).",
|
||||
"version": 1,
|
||||
"version": 2,
|
||||
"exclusive": true,
|
||||
"predicates": [
|
||||
{
|
||||
"value": "score",
|
||||
|
|
|
@ -61,8 +61,7 @@
|
|||
"exclusive": true
|
||||
}
|
||||
],
|
||||
"version": 2,
|
||||
"version": 3,
|
||||
"description": "French gov information classification system",
|
||||
"namespace": "fr-classif",
|
||||
"exclusive": true
|
||||
"namespace": "fr-classif"
|
||||
}
|
||||
|
|
|
@ -1,15 +1,17 @@
|
|||
{
|
||||
"namespace": "ifx-vetting",
|
||||
"description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process",
|
||||
"version": 2,
|
||||
"version": 3,
|
||||
"predicates": [
|
||||
{
|
||||
"value": "vetted",
|
||||
"expanded": "state of the vetted intelligence"
|
||||
"expanded": "state of the vetted intelligence",
|
||||
"exclusive": true
|
||||
},
|
||||
{
|
||||
"value": "score",
|
||||
"expanded": "A numerical score added by a scoring algorithm of choice. The score can either be considered by an analyst or in combination with other tags be used for automatic processing of the data."
|
||||
"expanded": "A numerical score added by a scoring algorithm of choice. The score can either be considered by an analyst or in combination with other tags be used for automatic processing of the data.",
|
||||
"exclusive": true
|
||||
}
|
||||
],
|
||||
"values": [
|
||||
|
@ -59,407 +61,508 @@
|
|||
"entry": [
|
||||
{
|
||||
"value": "0",
|
||||
"expanded": "0"
|
||||
"expanded": "0",
|
||||
"numerical_value": 0
|
||||
},
|
||||
{
|
||||
"value": "1",
|
||||
"expanded": "1"
|
||||
"expanded": "1",
|
||||
"numerical_value": 1
|
||||
},
|
||||
{
|
||||
"value": "2",
|
||||
"expanded": "2"
|
||||
"expanded": "2",
|
||||
"numerical_value": 2
|
||||
},
|
||||
{
|
||||
"value": "3",
|
||||
"expanded": "3"
|
||||
"expanded": "3",
|
||||
"numerical_value": 3
|
||||
},
|
||||
{
|
||||
"value": "4",
|
||||
"expanded": "4"
|
||||
"expanded": "4",
|
||||
"numerical_value": 4
|
||||
},
|
||||
{
|
||||
"value": "5",
|
||||
"expanded": "5"
|
||||
"expanded": "5",
|
||||
"numerical_value": 5
|
||||
},
|
||||
{
|
||||
"value": "6",
|
||||
"expanded": "6"
|
||||
"expanded": "6",
|
||||
"numerical_value": 6
|
||||
},
|
||||
{
|
||||
"value": "7",
|
||||
"expanded": "7"
|
||||
"expanded": "7",
|
||||
"numerical_value": 7
|
||||
},
|
||||
{
|
||||
"value": "8",
|
||||
"expanded": "8"
|
||||
"expanded": "8",
|
||||
"numerical_value": 8
|
||||
},
|
||||
{
|
||||
"value": "9",
|
||||
"expanded": "9"
|
||||
"expanded": "9",
|
||||
"numerical_value": 9
|
||||
},
|
||||
{
|
||||
"value": "10",
|
||||
"expanded": "10"
|
||||
"expanded": "10",
|
||||
"numerical_value": 10
|
||||
},
|
||||
{
|
||||
"value": "11",
|
||||
"expanded": "11"
|
||||
"expanded": "11",
|
||||
"numerical_value": 11
|
||||
},
|
||||
{
|
||||
"value": "12",
|
||||
"expanded": "12"
|
||||
"expanded": "12",
|
||||
"numerical_value": 12
|
||||
},
|
||||
{
|
||||
"value": "13",
|
||||
"expanded": "13"
|
||||
"expanded": "13",
|
||||
"numerical_value": 13
|
||||
},
|
||||
{
|
||||
"value": "14",
|
||||
"expanded": "14"
|
||||
"expanded": "14",
|
||||
"numerical_value": 14
|
||||
},
|
||||
{
|
||||
"value": "15",
|
||||
"expanded": "15"
|
||||
"expanded": "15",
|
||||
"numerical_value": 15
|
||||
},
|
||||
{
|
||||
"value": "16",
|
||||
"expanded": "16"
|
||||
"expanded": "16",
|
||||
"numerical_value": 16
|
||||
},
|
||||
{
|
||||
"value": "17",
|
||||
"expanded": "17"
|
||||
"expanded": "17",
|
||||
"numerical_value": 17
|
||||
},
|
||||
{
|
||||
"value": "18",
|
||||
"expanded": "18"
|
||||
"expanded": "18",
|
||||
"numerical_value": 18
|
||||
},
|
||||
{
|
||||
"value": "19",
|
||||
"expanded": "19"
|
||||
"expanded": "19",
|
||||
"numerical_value": 19
|
||||
},
|
||||
{
|
||||
"value": "20",
|
||||
"expanded": "20"
|
||||
"expanded": "20",
|
||||
"numerical_value": 20
|
||||
},
|
||||
{
|
||||
"value": "21",
|
||||
"expanded": "21"
|
||||
"expanded": "21",
|
||||
"numerical_value": 21
|
||||
},
|
||||
{
|
||||
"value": "22",
|
||||
"expanded": "22"
|
||||
"expanded": "22",
|
||||
"numerical_value": 22
|
||||
},
|
||||
{
|
||||
"value": "23",
|
||||
"expanded": "23"
|
||||
"expanded": "23",
|
||||
"numerical_value": 23
|
||||
},
|
||||
{
|
||||
"value": "24",
|
||||
"expanded": "24"
|
||||
"expanded": "24",
|
||||
"numerical_value": 24
|
||||
},
|
||||
{
|
||||
"value": "25",
|
||||
"expanded": "25"
|
||||
"expanded": "25",
|
||||
"numerical_value": 25
|
||||
},
|
||||
{
|
||||
"value": "26",
|
||||
"expanded": "26"
|
||||
"expanded": "26",
|
||||
"numerical_value": 26
|
||||
},
|
||||
{
|
||||
"value": "27",
|
||||
"expanded": "27"
|
||||
"expanded": "27",
|
||||
"numerical_value": 27
|
||||
},
|
||||
{
|
||||
"value": "28",
|
||||
"expanded": "28"
|
||||
"expanded": "28",
|
||||
"numerical_value": 28
|
||||
},
|
||||
{
|
||||
"value": "29",
|
||||
"expanded": "29"
|
||||
"expanded": "29",
|
||||
"numerical_value": 29
|
||||
},
|
||||
{
|
||||
"value": "30",
|
||||
"expanded": "30"
|
||||
"expanded": "30",
|
||||
"numerical_value": 30
|
||||
},
|
||||
{
|
||||
"value": "31",
|
||||
"expanded": "31"
|
||||
"expanded": "31",
|
||||
"numerical_value": 31
|
||||
},
|
||||
{
|
||||
"value": "32",
|
||||
"expanded": "32"
|
||||
"expanded": "32",
|
||||
"numerical_value": 32
|
||||
},
|
||||
{
|
||||
"value": "33",
|
||||
"expanded": "33"
|
||||
"expanded": "33",
|
||||
"numerical_value": 33
|
||||
},
|
||||
{
|
||||
"value": "34",
|
||||
"expanded": "34"
|
||||
"expanded": "34",
|
||||
"numerical_value": 34
|
||||
},
|
||||
{
|
||||
"value": "35",
|
||||
"expanded": "35"
|
||||
"expanded": "35",
|
||||
"numerical_value": 35
|
||||
},
|
||||
{
|
||||
"value": "36",
|
||||
"expanded": "36"
|
||||
"expanded": "36",
|
||||
"numerical_value": 36
|
||||
},
|
||||
{
|
||||
"value": "37",
|
||||
"expanded": "37"
|
||||
"expanded": "37",
|
||||
"numerical_value": 37
|
||||
},
|
||||
{
|
||||
"value": "38",
|
||||
"expanded": "38"
|
||||
"expanded": "38",
|
||||
"numerical_value": 38
|
||||
},
|
||||
{
|
||||
"value": "39",
|
||||
"expanded": "39"
|
||||
"expanded": "39",
|
||||
"numerical_value": 39
|
||||
},
|
||||
{
|
||||
"value": "40",
|
||||
"expanded": "40"
|
||||
"expanded": "40",
|
||||
"numerical_value": 40
|
||||
},
|
||||
{
|
||||
"value": "41",
|
||||
"expanded": "41"
|
||||
"expanded": "41",
|
||||
"numerical_value": 41
|
||||
},
|
||||
{
|
||||
"value": "42",
|
||||
"expanded": "42"
|
||||
"expanded": "42",
|
||||
"numerical_value": 42
|
||||
},
|
||||
{
|
||||
"value": "43",
|
||||
"expanded": "43"
|
||||
"expanded": "43",
|
||||
"numerical_value": 43
|
||||
},
|
||||
{
|
||||
"value": "44",
|
||||
"expanded": "44"
|
||||
"expanded": "44",
|
||||
"numerical_value": 44
|
||||
},
|
||||
{
|
||||
"value": "45",
|
||||
"expanded": "45"
|
||||
"expanded": "45",
|
||||
"numerical_value": 45
|
||||
},
|
||||
{
|
||||
"value": "46",
|
||||
"expanded": "46"
|
||||
"expanded": "46",
|
||||
"numerical_value": 46
|
||||
},
|
||||
{
|
||||
"value": "47",
|
||||
"expanded": "47"
|
||||
"expanded": "47",
|
||||
"numerical_value": 47
|
||||
},
|
||||
{
|
||||
"value": "48",
|
||||
"expanded": "48"
|
||||
"expanded": "48",
|
||||
"numerical_value": 48
|
||||
},
|
||||
{
|
||||
"value": "49",
|
||||
"expanded": "49"
|
||||
"expanded": "49",
|
||||
"numerical_value": 49
|
||||
},
|
||||
{
|
||||
"value": "50",
|
||||
"expanded": "50"
|
||||
"expanded": "50",
|
||||
"numerical_value": 50
|
||||
},
|
||||
{
|
||||
"value": "51",
|
||||
"expanded": "51"
|
||||
"expanded": "51",
|
||||
"numerical_value": 51
|
||||
},
|
||||
{
|
||||
"value": "52",
|
||||
"expanded": "52"
|
||||
"expanded": "52",
|
||||
"numerical_value": 52
|
||||
},
|
||||
{
|
||||
"value": "53",
|
||||
"expanded": "53"
|
||||
"expanded": "53",
|
||||
"numerical_value": 53
|
||||
},
|
||||
{
|
||||
"value": "54",
|
||||
"expanded": "54"
|
||||
"expanded": "54",
|
||||
"numerical_value": 54
|
||||
},
|
||||
{
|
||||
"value": "55",
|
||||
"expanded": "55"
|
||||
"expanded": "55",
|
||||
"numerical_value": 55
|
||||
},
|
||||
{
|
||||
"value": "56",
|
||||
"expanded": "56"
|
||||
"expanded": "56",
|
||||
"numerical_value": 56
|
||||
},
|
||||
{
|
||||
"value": "57",
|
||||
"expanded": "57"
|
||||
"expanded": "57",
|
||||
"numerical_value": 57
|
||||
},
|
||||
{
|
||||
"value": "58",
|
||||
"expanded": "58"
|
||||
"expanded": "58",
|
||||
"numerical_value": 58
|
||||
},
|
||||
{
|
||||
"value": "59",
|
||||
"expanded": "59"
|
||||
"expanded": "59",
|
||||
"numerical_value": 59
|
||||
},
|
||||
{
|
||||
"value": "60",
|
||||
"expanded": "60"
|
||||
"expanded": "60",
|
||||
"numerical_value": 60
|
||||
},
|
||||
{
|
||||
"value": "61",
|
||||
"expanded": "61"
|
||||
"expanded": "61",
|
||||
"numerical_value": 61
|
||||
},
|
||||
{
|
||||
"value": "62",
|
||||
"expanded": "62"
|
||||
"expanded": "62",
|
||||
"numerical_value": 62
|
||||
},
|
||||
{
|
||||
"value": "63",
|
||||
"expanded": "63"
|
||||
"expanded": "63",
|
||||
"numerical_value": 63
|
||||
},
|
||||
{
|
||||
"value": "64",
|
||||
"expanded": "64"
|
||||
"expanded": "64",
|
||||
"numerical_value": 64
|
||||
},
|
||||
{
|
||||
"value": "65",
|
||||
"expanded": "65"
|
||||
"expanded": "65",
|
||||
"numerical_value": 65
|
||||
},
|
||||
{
|
||||
"value": "66",
|
||||
"expanded": "66"
|
||||
"expanded": "66",
|
||||
"numerical_value": 66
|
||||
},
|
||||
{
|
||||
"value": "67",
|
||||
"expanded": "67"
|
||||
"expanded": "67",
|
||||
"numerical_value": 67
|
||||
},
|
||||
{
|
||||
"value": "68",
|
||||
"expanded": "68"
|
||||
"expanded": "68",
|
||||
"numerical_value": 68
|
||||
},
|
||||
{
|
||||
"value": "69",
|
||||
"expanded": "69"
|
||||
"expanded": "69",
|
||||
"numerical_value": 69
|
||||
},
|
||||
{
|
||||
"value": "70",
|
||||
"expanded": "70"
|
||||
"expanded": "70",
|
||||
"numerical_value": 70
|
||||
},
|
||||
{
|
||||
"value": "71",
|
||||
"expanded": "71"
|
||||
"expanded": "71",
|
||||
"numerical_value": 71
|
||||
},
|
||||
{
|
||||
"value": "72",
|
||||
"expanded": "72"
|
||||
"expanded": "72",
|
||||
"numerical_value": 72
|
||||
},
|
||||
{
|
||||
"value": "73",
|
||||
"expanded": "73"
|
||||
"expanded": "73",
|
||||
"numerical_value": 73
|
||||
},
|
||||
{
|
||||
"value": "74",
|
||||
"expanded": "74"
|
||||
"expanded": "74",
|
||||
"numerical_value": 74
|
||||
},
|
||||
{
|
||||
"value": "75",
|
||||
"expanded": "75"
|
||||
"expanded": "75",
|
||||
"numerical_value": 75
|
||||
},
|
||||
{
|
||||
"value": "76",
|
||||
"expanded": "76"
|
||||
"expanded": "76",
|
||||
"numerical_value": 76
|
||||
},
|
||||
{
|
||||
"value": "77",
|
||||
"expanded": "77"
|
||||
"expanded": "77",
|
||||
"numerical_value": 77
|
||||
},
|
||||
{
|
||||
"value": "78",
|
||||
"expanded": "78"
|
||||
"expanded": "78",
|
||||
"numerical_value": 78
|
||||
},
|
||||
{
|
||||
"value": "79",
|
||||
"expanded": "79"
|
||||
"expanded": "79",
|
||||
"numerical_value": 79
|
||||
},
|
||||
{
|
||||
"value": "80",
|
||||
"expanded": "80"
|
||||
"expanded": "80",
|
||||
"numerical_value": 80
|
||||
},
|
||||
{
|
||||
"value": "81",
|
||||
"expanded": "81"
|
||||
"expanded": "81",
|
||||
"numerical_value": 81
|
||||
},
|
||||
{
|
||||
"value": "82",
|
||||
"expanded": "82"
|
||||
"expanded": "82",
|
||||
"numerical_value": 82
|
||||
},
|
||||
{
|
||||
"value": "83",
|
||||
"expanded": "83"
|
||||
"expanded": "83",
|
||||
"numerical_value": 83
|
||||
},
|
||||
{
|
||||
"value": "84",
|
||||
"expanded": "84"
|
||||
"expanded": "84",
|
||||
"numerical_value": 84
|
||||
},
|
||||
{
|
||||
"value": "85",
|
||||
"expanded": "85"
|
||||
"expanded": "85",
|
||||
"numerical_value": 85
|
||||
},
|
||||
{
|
||||
"value": "86",
|
||||
"expanded": "86"
|
||||
"expanded": "86",
|
||||
"numerical_value": 86
|
||||
},
|
||||
{
|
||||
"value": "87",
|
||||
"expanded": "87"
|
||||
"expanded": "87",
|
||||
"numerical_value": 87
|
||||
},
|
||||
{
|
||||
"value": "88",
|
||||
"expanded": "88"
|
||||
"expanded": "88",
|
||||
"numerical_value": 88
|
||||
},
|
||||
{
|
||||
"value": "89",
|
||||
"expanded": "89"
|
||||
"expanded": "89",
|
||||
"numerical_value": 89
|
||||
},
|
||||
{
|
||||
"value": "90",
|
||||
"expanded": "90"
|
||||
"expanded": "90",
|
||||
"numerical_value": 90
|
||||
},
|
||||
{
|
||||
"value": "91",
|
||||
"expanded": "91"
|
||||
"expanded": "91",
|
||||
"numerical_value": 91
|
||||
},
|
||||
{
|
||||
"value": "92",
|
||||
"expanded": "92"
|
||||
"expanded": "92",
|
||||
"numerical_value": 92
|
||||
},
|
||||
{
|
||||
"value": "93",
|
||||
"expanded": "93"
|
||||
"expanded": "93",
|
||||
"numerical_value": 93
|
||||
},
|
||||
{
|
||||
"value": "94",
|
||||
"expanded": "94"
|
||||
"expanded": "94",
|
||||
"numerical_value": 94
|
||||
},
|
||||
{
|
||||
"value": "95",
|
||||
"expanded": "95"
|
||||
"expanded": "95",
|
||||
"numerical_value": 95
|
||||
},
|
||||
{
|
||||
"value": "96",
|
||||
"expanded": "96"
|
||||
"expanded": "96",
|
||||
"numerical_value": 96
|
||||
},
|
||||
{
|
||||
"value": "97",
|
||||
"expanded": "97"
|
||||
"expanded": "97",
|
||||
"numerical_value": 97
|
||||
},
|
||||
{
|
||||
"value": "98",
|
||||
"expanded": "98"
|
||||
"expanded": "98",
|
||||
"numerical_value": 98
|
||||
},
|
||||
{
|
||||
"value": "99",
|
||||
"expanded": "99"
|
||||
"expanded": "99",
|
||||
"numerical_value": 99
|
||||
},
|
||||
{
|
||||
"value": "100",
|
||||
"expanded": "100"
|
||||
"expanded": "100",
|
||||
"numerical_value": 100
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"namespace": "incident-disposition",
|
||||
"description": "How an incident is classified in its process to be resolved. The taxonomy is inspired from NASA Incident Response and Management Handbook. https://www.nasa.gov/pdf/589502main_ITS-HBK-2810.09-02%20%5bNASA%20Information%20Security%20Incident%20Management%5d.pdf#page=9",
|
||||
"version": 1,
|
||||
"version": 2,
|
||||
"predicates": [
|
||||
{
|
||||
"value": "incident",
|
||||
|
@ -93,7 +93,7 @@
|
|||
{
|
||||
"value": "duplicate",
|
||||
"expanded": "Duplicate",
|
||||
"description": "An incident may be a Dup l icate of another record in the Incident Management System, and should be merged with the existing workflow."
|
||||
"description": "An incident may be a Duplicate of another record in the Incident Management System, and should be merged with the existing workflow."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
@ -10,7 +10,8 @@
|
|||
},
|
||||
{
|
||||
"value": "confirmed",
|
||||
"expanded": "Confirmed information leak or not"
|
||||
"expanded": "Confirmed information leak or not",
|
||||
"exclusive": true
|
||||
},
|
||||
{
|
||||
"expanded": "Source of the information leak",
|
||||
|
@ -22,18 +23,16 @@
|
|||
},
|
||||
{
|
||||
"expanded": "Output format",
|
||||
"value": "output-format"
|
||||
"value": "output-format",
|
||||
"exclusive": true
|
||||
},
|
||||
{
|
||||
"value": "certainty",
|
||||
"expanded": "Certainty of the information to be a leak"
|
||||
},
|
||||
{
|
||||
"value": "test",
|
||||
"expanded": "Test"
|
||||
"expanded": "Certainty of the information to be a leak",
|
||||
"exclusive": true
|
||||
}
|
||||
],
|
||||
"version": 6,
|
||||
"version": 7,
|
||||
"description": "A taxonomy describing information leaks and especially information classified as being potentially leaked. The taxonomy is based on the work by CIRCL on the AIL framework. The taxonomy aim is to be used at large to improve classification of leaked information.",
|
||||
"namespace": "infoleak",
|
||||
"values": [
|
||||
|
|
|
@ -175,11 +175,13 @@
|
|||
},
|
||||
{
|
||||
"expanded": "Confidence level",
|
||||
"value": "confidence-level"
|
||||
"value": "confidence-level",
|
||||
"exclusive": true
|
||||
},
|
||||
{
|
||||
"expanded": "Cyberthreat Effect Universal Scale - MISP's internal threat level taxonomy",
|
||||
"value": "threat-level"
|
||||
"value": "threat-level",
|
||||
"exclusive": true
|
||||
},
|
||||
{
|
||||
"expanded": "Automation level",
|
||||
|
@ -198,10 +200,11 @@
|
|||
},
|
||||
{
|
||||
"expanded": "misp2yara export tool",
|
||||
"value": "misp2yara"
|
||||
"value": "misp2yara",
|
||||
"exclusive": true
|
||||
}
|
||||
],
|
||||
"version": 9,
|
||||
"version": 10,
|
||||
"description": "MISP taxonomy to infer with MISP behavior or operation.",
|
||||
"expanded": "MISP",
|
||||
"namespace": "misp"
|
||||
|
|
|
@ -48,7 +48,8 @@
|
|||
"value": "classification"
|
||||
}
|
||||
],
|
||||
"version": 1,
|
||||
"version": 2,
|
||||
"description": "NATO classification markings.",
|
||||
"namespace": "nato"
|
||||
"namespace": "nato",
|
||||
"exclusive": true
|
||||
}
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
"value": "certainty"
|
||||
}
|
||||
],
|
||||
"version": 10,
|
||||
"version": 11,
|
||||
"description": "Open Source Intelligence - Classification (MISP taxonomies)",
|
||||
"namespace": "osint",
|
||||
"values": [
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"namespace": "phishing",
|
||||
"description": "Taxonomy to classify phishing attacks including techniques, collection mechanisms and analysis status.",
|
||||
"version": 3,
|
||||
"version": 4,
|
||||
"predicates": [
|
||||
{
|
||||
"value": "techniques",
|
||||
|
@ -31,12 +31,14 @@
|
|||
{
|
||||
"value": "state",
|
||||
"expanded": "State",
|
||||
"description": "State of the phishing."
|
||||
"description": "State of the phishing.",
|
||||
"exclusive": true
|
||||
},
|
||||
{
|
||||
"value": "psychological-acceptability",
|
||||
"expanded": "Psychological acceptability",
|
||||
"description": "Quality of the phishing by its level of acceptance by the target."
|
||||
"description": "Quality of the phishing by its level of acceptance by the target.",
|
||||
"exclusive": true
|
||||
},
|
||||
{
|
||||
"value": "principle-of-persuasion",
|
||||
|
|
|
@ -50,7 +50,7 @@
|
|||
"numerical_value": 0
|
||||
}
|
||||
],
|
||||
"version": 1,
|
||||
"version": 2,
|
||||
"description": "After an incident is scored, it is assigned a priority level. The six levels listed below are aligned with NCCIC, DHS, and the CISS to help provide a common lexicon when discussing incidents. This priority assignment drives NCCIC urgency, pre-approved incident response offerings, reporting requirements, and recommendations for leadership escalation. Generally, incident priority distribution should follow a similar pattern to the graph below. Based on https://www.us-cert.gov/NCCIC-Cyber-Incident-Scoring-System.",
|
||||
"namespace": "priority-level",
|
||||
"exclusive": true
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
"namespace": "retention",
|
||||
"expanded": "retention",
|
||||
"description": "Add a retenion time to events to automatically remove the IDS-flag on ip-dst or ip-src attributes. We calculate the time elapsed based on the date of the event. Supported time units are: d(ays), w(eeks), m(onths), y(ears). The numerical_value is just for sorting in the web-interface and is not used for calculations.",
|
||||
"version": 2,
|
||||
"version": 3,
|
||||
"exclusive": true,
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Retention_period"
|
||||
],
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
{
|
||||
"namespace": "rt_event_status",
|
||||
"description": "Status of events used in Request Tracker.",
|
||||
"version": 1,
|
||||
"version": 2,
|
||||
"exclusive": true,
|
||||
"predicates": [
|
||||
{
|
||||
"value": "event-status",
|
||||
|
|
|
@ -78,7 +78,7 @@
|
|||
"value": "technical-sophistication-multiplier"
|
||||
}
|
||||
],
|
||||
"version": 2,
|
||||
"version": 3,
|
||||
"refs": [
|
||||
"https://citizenlab.org/2013/10/targeted-threat-index/",
|
||||
"https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-hardy.pdf"
|
||||
|
|
|
@ -0,0 +1,48 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
import json
|
||||
from pathlib import Path
|
||||
from datetime import datetime
|
||||
|
||||
TAXONOMY_ROOT_PATH = Path(__file__).resolve().parent.parent
|
||||
|
||||
|
||||
def fetchTaxonomies():
|
||||
taxonomiesFolder = TAXONOMY_ROOT_PATH
|
||||
taxonomies = []
|
||||
for taxonomyFile in taxonomiesFolder.glob('./*/machinetag.json'):
|
||||
with open(taxonomyFile) as f:
|
||||
taxonomy = json.load(f)
|
||||
taxonomies.append(taxonomy)
|
||||
return taxonomies
|
||||
|
||||
def generateManifest(taxonomies):
|
||||
manifest = {}
|
||||
manifest['taxonomies'] = []
|
||||
manifest['path'] = 'machinetag.json'
|
||||
manifest['url'] = 'https://raw.githubusercontent.com/MISP/misp-taxonomies/master/'
|
||||
manifest['description'] = 'Manifest file of MISP taxonomies available.'
|
||||
manifest['license'] = 'CC-0'
|
||||
now = datetime.now()
|
||||
manifest['version'] = '{}{:02}{:02}'.format(now.year, now.month, now.day)
|
||||
for taxonomy in taxonomies:
|
||||
taxObj = {
|
||||
'name': taxonomy['namespace'],
|
||||
'description': taxonomy['description'],
|
||||
'version': taxonomy['version']
|
||||
}
|
||||
manifest['taxonomies'].append(taxObj)
|
||||
return manifest
|
||||
|
||||
def saveManifest(manifest):
|
||||
with open(TAXONOMY_ROOT_PATH / 'MANIFEST.json', 'w') as f:
|
||||
json.dump(manifest, f, indent=2, sort_keys=True)
|
||||
|
||||
def awesomePrint(text):
|
||||
print('\033[1;32m{}\033[0;39m'.format(text))
|
||||
|
||||
if __name__ == "__main__":
|
||||
taxonomies = fetchTaxonomies()
|
||||
manifest = generateManifest(taxonomies)
|
||||
saveManifest(manifest)
|
||||
awesomePrint('> Manifest saved!')
|
|
@ -0,0 +1,49 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
import json
|
||||
from pathlib import Path
|
||||
from datetime import datetime
|
||||
|
||||
TAXONOMY_ROOT_PATH = Path(__file__).resolve().parent.parent
|
||||
|
||||
|
||||
def fetchTaxonomies():
|
||||
taxonomiesFolder = TAXONOMY_ROOT_PATH
|
||||
taxonomies = []
|
||||
for taxonomyFile in taxonomiesFolder.glob('./*/machinetag.json'):
|
||||
with open(taxonomyFile) as f:
|
||||
taxonomy = json.load(f)
|
||||
taxonomies.append(taxonomy)
|
||||
return taxonomies
|
||||
|
||||
def generateMarkdown(taxonomies):
|
||||
markdown_line_array = []
|
||||
markdown_line_array.append("# Taxonomies")
|
||||
markdown_line_array.append("- Generation date: %s" % datetime.now().isoformat().split('T')[0])
|
||||
markdown_line_array.append("- license: %s" % 'CC-0')
|
||||
markdown_line_array.append("- description: %s" % 'Manifest file of MISP taxonomies available.')
|
||||
markdown_line_array.append("")
|
||||
|
||||
markdown_line_array.append("## Taxonomies")
|
||||
markdown_line_array.append("")
|
||||
for taxonomy in taxonomies:
|
||||
markdown_line_array.append("### %s" % taxonomy['namespace'])
|
||||
markdown_line_array.append("- description: %s" % taxonomy['description'])
|
||||
markdown_line_array.append("- version: %s" % taxonomy['version'])
|
||||
markdown_line_array.append("- Predicates")
|
||||
markdown_line_array = markdown_line_array + [' - '+p['value'] for p in taxonomy['predicates']]
|
||||
markdown = '\n'.join(markdown_line_array)
|
||||
return markdown
|
||||
|
||||
def saveMarkdown(markdown):
|
||||
with open(TAXONOMY_ROOT_PATH / 'Summary.md', 'w') as f:
|
||||
f.write(markdown)
|
||||
|
||||
def awesomePrint(text):
|
||||
print('\033[1;32m{}\033[0;39m'.format(text))
|
||||
|
||||
if __name__ == "__main__":
|
||||
taxonomies = fetchTaxonomies()
|
||||
markdown = generateMarkdown(taxonomies)
|
||||
saveMarkdown(markdown)
|
||||
awesomePrint('> Markdown saved!')
|
|
@ -38,10 +38,11 @@
|
|||
"value": "degré-de-probabilité"
|
||||
}
|
||||
],
|
||||
"version": 2,
|
||||
"version": 3,
|
||||
"description": "Ce vocabulaire attribue des valeurs en pourcentage à certains énoncés de probabilité",
|
||||
"expanded": "Vocabulaire des probabilités estimatives",
|
||||
"namespace": "vocabulaire-des-probabilites-estimatives",
|
||||
"exclusive": true,
|
||||
"refs": [
|
||||
"http://publications.gc.ca/collections/collection_2013/sp-ps/PS64-106-2007-fra.pdf"
|
||||
]
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
"namespace": "workflow",
|
||||
"expanded": "workflow to support analysis",
|
||||
"description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.",
|
||||
"version": 9,
|
||||
"version": 10,
|
||||
"predicates": [
|
||||
{
|
||||
"value": "todo",
|
||||
|
@ -12,7 +12,8 @@
|
|||
{
|
||||
"value": "state",
|
||||
"expanded": "State",
|
||||
"description": "State are the different states of the information or data being tagged."
|
||||
"description": "State are the different states of the information or data being tagged.",
|
||||
"exclusive": true
|
||||
}
|
||||
],
|
||||
"values": [
|
||||
|
|
Loading…
Reference in New Issue