Merge pull request #174 from MISP/feature-exclusive

Feature `exclusive` and `numerical_value`
pull/176/head
Alexandre Dulaunoy 2019-11-05 14:41:46 +01:00 committed by GitHub
commit 519d1f45b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
31 changed files with 2079 additions and 684 deletions

File diff suppressed because it is too large Load Diff

View File

@ -2,7 +2,8 @@
"namespace": "PAP", "namespace": "PAP",
"expanded": "Permissible Actions Protocol", "expanded": "Permissible Actions Protocol",
"description": "The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.", "description": "The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.",
"version": 1, "version": 2,
"exclusive": true,
"predicates": [ "predicates": [
{ {
"value": "RED", "value": "RED",

1156
Summary.md Normal file

File diff suppressed because it is too large Load Diff

View File

@ -1,15 +1,17 @@
{ {
"namespace": "admiralty-scale", "namespace": "admiralty-scale",
"description": "The Admiralty Scale or Ranking (also called the NATO System) is used to rank the reliability of a source and the credibility of an information. Reference based on FM 2-22.3 (FM 34-52) HUMAN INTELLIGENCE COLLECTOR OPERATIONS and NATO documents.", "description": "The Admiralty Scale or Ranking (also called the NATO System) is used to rank the reliability of a source and the credibility of an information. Reference based on FM 2-22.3 (FM 34-52) HUMAN INTELLIGENCE COLLECTOR OPERATIONS and NATO documents.",
"version": 4, "version": 5,
"predicates": [ "predicates": [
{ {
"value": "source-reliability", "value": "source-reliability",
"expanded": "Source Reliability" "expanded": "Source Reliability",
"exclusive": true
}, },
{ {
"value": "information-credibility", "value": "information-credibility",
"expanded": "Information Credibility" "expanded": "Information Credibility",
"exclusive": true
} }
], ],
"values": [ "values": [

View File

@ -1,23 +1,27 @@
{ {
"namespace": "ais-marking", "namespace": "ais-marking",
"description": "The AIS Marking Schema implementation is maintained by the National Cybersecurity and Communication Integration Center (NCCIC) of the U.S. Department of Homeland Security (DHS)", "description": "The AIS Marking Schema implementation is maintained by the National Cybersecurity and Communication Integration Center (NCCIC) of the U.S. Department of Homeland Security (DHS)",
"version": 1, "version": 2,
"predicates": [ "predicates": [
{ {
"value": "TLPMarking", "value": "TLPMarking",
"expanded": "TLP Marking" "expanded": "TLP Marking",
"exclusive": true
}, },
{ {
"value": "AISConsent", "value": "AISConsent",
"expanded": "AIS Consent" "expanded": "AIS Consent",
"exclusive": true
}, },
{ {
"value": "CISA_Proprietary", "value": "CISA_Proprietary",
"expanded": "CISA Proprietary" "expanded": "CISA Proprietary",
"exclusive": true
}, },
{ {
"value": "AISMarking", "value": "AISMarking",
"expanded": "AIS Marking" "expanded": "AIS Marking",
"exclusive": true
} }
], ],
"values": [ "values": [

View File

@ -229,7 +229,7 @@
"org", "org",
"user" "user"
], ],
"version": 3, "version": 4,
"description": "A series of assessment predicates describing the analyst capabilities to perform analysis. These assessment can be assigned by the analyst him/herself or by another party evaluating the analyst.", "description": "A series of assessment predicates describing the analyst capabilities to perform analysis. These assessment can be assigned by the analyst him/herself or by another party evaluating the analyst.",
"expanded": "Analyst (Self) Assessment", "expanded": "Analyst (Self) Assessment",
"namespace": "analyst-assessment" "namespace": "analyst-assessment"

View File

@ -1,7 +1,8 @@
{ {
"namespace": "binary-class", "namespace": "binary-class",
"description": "Custom taxonomy for types of binary file.", "description": "Custom taxonomy for types of binary file.",
"version": 1, "exclusive": true,
"version": 2,
"predicates": [ "predicates": [
{ {
"value": "type", "value": "type",

View File

@ -55,7 +55,7 @@
"https://en.wikipedia.org/wiki/COPINE_scale", "https://en.wikipedia.org/wiki/COPINE_scale",
"http://journals.sagepub.com/doi/pdf/10.1177/1079063217724768" "http://journals.sagepub.com/doi/pdf/10.1177/1079063217724768"
], ],
"version": 2, "version": 3,
"description": "The COPINE Scale is a rating system created in Ireland and used in the United Kingdom to categorise the severity of images of child sex abuse. The scale was developed by staff at the COPINE (Combating Paedophile Information Networks in Europe) project. The COPINE Project was founded in 1997, and is based in the Department of Applied Psychology, University College Cork, Ireland.", "description": "The COPINE Scale is a rating system created in Ireland and used in the United Kingdom to categorise the severity of images of child sex abuse. The scale was developed by staff at the COPINE (Combating Paedophile Information Networks in Europe) project. The COPINE Project was founded in 1997, and is based in the Department of Applied Psychology, University College Cork, Ireland.",
"expanded": "COPINE Scale", "expanded": "COPINE Scale",
"namespace": "copine-scale", "namespace": "copine-scale",

View File

@ -1,7 +1,7 @@
{ {
"namespace": "cssa", "namespace": "cssa",
"description": "The CSSA agreed sharing taxonomy.", "description": "The CSSA agreed sharing taxonomy.",
"version": 6, "version": 7,
"predicates": [ "predicates": [
{ {
"value": "sharing-class", "value": "sharing-class",

View File

@ -2,7 +2,7 @@
"namespace": "cyber-threat-framework", "namespace": "cyber-threat-framework",
"expanded": "Cyber Threat Framework", "expanded": "Cyber Threat Framework",
"description": "Cyber Threat Framework was developed by the US Government to enable consistent characterization and categorization of cyber threat events, and to identify trends or changes in the activities of cyber adversaries. https://www.dni.gov/index.php/cyber-threat-framework", "description": "Cyber Threat Framework was developed by the US Government to enable consistent characterization and categorization of cyber threat events, and to identify trends or changes in the activities of cyber adversaries. https://www.dni.gov/index.php/cyber-threat-framework",
"version": 1, "version": 2,
"predicates": [ "predicates": [
{ {
"value": "Preparation", "value": "Preparation",

View File

@ -2,7 +2,7 @@
"namespace": "economical-impact", "namespace": "economical-impact",
"expanded": " Economical Impact", "expanded": " Economical Impact",
"description": "Economical impact is a taxonomy to describe the financial impact as positive or negative gain to the tagged information (e.g. data exfiltration loss, a positive gain for an adversary).", "description": "Economical impact is a taxonomy to describe the financial impact as positive or negative gain to the tagged information (e.g. data exfiltration loss, a positive gain for an adversary).",
"version": 3, "version": 4,
"refs": [ "refs": [
"https://www.misp-project.org/" "https://www.misp-project.org/"
], ],
@ -112,12 +112,14 @@
{ {
"value": "loss", "value": "loss",
"expanded": "Loss", "expanded": "Loss",
"description": "A financial impact evaluated as a casuality." "description": "A financial impact evaluated as a casuality.",
"exclusive": true
}, },
{ {
"value": "gain", "value": "gain",
"expanded": "Gain", "expanded": "Gain",
"description": "A financial impact evaluated as a benefit." "description": "A financial impact evaluated as a benefit.",
"exclusive": true
} }
] ]
} }

View File

@ -2,17 +2,19 @@
"namespace": "estimative-language", "namespace": "estimative-language",
"expanded": "Estimative languages", "expanded": "Estimative languages",
"description": "Estimative language to describe quality and credibility of underlying sources, data, and methodologies based Intelligence Community Directive 203 (ICD 203) and JP 2-0, Joint Intelligence", "description": "Estimative language to describe quality and credibility of underlying sources, data, and methodologies based Intelligence Community Directive 203 (ICD 203) and JP 2-0, Joint Intelligence",
"version": 4, "version": 5,
"predicates": [ "predicates": [
{ {
"value": "likelihood-probability", "value": "likelihood-probability",
"expanded": "Likelihood or probability", "expanded": "Likelihood or probability",
"description": "Properly expresses and explains uncertainties associated with major analytic judgments: Analytic products should indicate and explain the basis for the uncertainties associated with major analytic judgments, specifically the likelihood of occurrence of an event or development, and the analyst's confidence in the basis for this judgment. Degrees of likelihood encompass a full spectrum from remote to nearly certain. Analysts' confidence in an assessment or judgment may be based on the logic and evidentiary base that underpin it, including the quantity and quality of source material, and their understanding of the topic. Analytic products should note causes of uncertainty (e.g., type, currency, and amount of information, knowledge gaps, and the nature of the issue) and explain how uncertainties affect analysis (e.g., to what degree and how a judgment depends on assumptions). As appropriate, products should identify indicators that would alter the levels of uncertainty for major analytic judgments. Consistency in the terms used and the supporting information and logic advanced is critical to success in expressing uncertainty, regardless of whether likelihood or confidence expressions are used." "description": "Properly expresses and explains uncertainties associated with major analytic judgments: Analytic products should indicate and explain the basis for the uncertainties associated with major analytic judgments, specifically the likelihood of occurrence of an event or development, and the analyst's confidence in the basis for this judgment. Degrees of likelihood encompass a full spectrum from remote to nearly certain. Analysts' confidence in an assessment or judgment may be based on the logic and evidentiary base that underpin it, including the quantity and quality of source material, and their understanding of the topic. Analytic products should note causes of uncertainty (e.g., type, currency, and amount of information, knowledge gaps, and the nature of the issue) and explain how uncertainties affect analysis (e.g., to what degree and how a judgment depends on assumptions). As appropriate, products should identify indicators that would alter the levels of uncertainty for major analytic judgments. Consistency in the terms used and the supporting information and logic advanced is critical to success in expressing uncertainty, regardless of whether likelihood or confidence expressions are used.",
"exclusive": true
}, },
{ {
"value": "confidence-in-analytic-judgment", "value": "confidence-in-analytic-judgment",
"expanded": "Confidence in analytic judgment", "expanded": "Confidence in analytic judgment",
"description": "Confidence in a judgment is based on three factors: number of key assumptions required, the credibility and diversity of sourcing in the knowledge base, and the strength of argumentation. Each factor should be assessed independently and then in concert with the other factors to determine the confidence level. Multiple judgments in a product may contain varying levels of confidence. Confidence levels are stated as Low, Moderate, and High." "description": "Confidence in a judgment is based on three factors: number of key assumptions required, the credibility and diversity of sourcing in the knowledge base, and the strength of argumentation. Each factor should be assessed independently and then in concert with the other factors to determine the confidence level. Multiple judgments in a product may contain varying levels of confidence. Confidence levels are stated as Low, Moderate, and High.",
"exclusive": true
} }
], ],
"values": [ "values": [

View File

@ -1,7 +1,8 @@
{ {
"namespace": "euci", "namespace": "euci",
"description": "EU classified information (EUCI) means any information or material designated by a EU security classification, the unauthorised disclosure of which could cause varying degrees of prejudice to the interests of the European Union or of one or more of the Member States.", "description": "EU classified information (EUCI) means any information or material designated by a EU security classification, the unauthorised disclosure of which could cause varying degrees of prejudice to the interests of the European Union or of one or more of the Member States.",
"version": 2, "version": 3,
"exclusive": true,
"predicates": [ "predicates": [
{ {
"value": "TS-UE/EU-TS", "value": "TS-UE/EU-TS",

View File

@ -1,18 +1,20 @@
{ {
"namespace": "false-positive", "namespace": "false-positive",
"description": "This taxonomy aims to ballpark the expected amount of false positives.", "description": "This taxonomy aims to ballpark the expected amount of false positives.",
"version": 3, "version": 4,
"expanded": "False positive", "expanded": "False positive",
"predicates": [ "predicates": [
{ {
"value": "risk", "value": "risk",
"expanded": "Risk", "expanded": "Risk",
"description": "Risk of having false positives in the tagged value." "description": "Risk of having false positives in the tagged value.",
"exclusive": true
}, },
{ {
"value": "confirmed", "value": "confirmed",
"expanded": "Confirmed", "expanded": "Confirmed",
"description": "Confirmed false positives in the tagged value." "description": "Confirmed false positives in the tagged value.",
"exclusive": true
} }
], ],
"values": [ "values": [
@ -38,6 +40,21 @@
"numerical_value": 25 "numerical_value": 25
} }
] ]
},
{
"predicate": "confirmed",
"entry": [
{
"value": "true",
"description": "The false positive is confirmed.",
"numerical_value": 0
},
{
"value": "false",
"description": "The flase positive is not confirmed.",
"numerical_value": 50
}
]
} }
] ]
} }

View File

@ -1,7 +1,8 @@
{ {
"namespace": "flesch-reading-ease", "namespace": "flesch-reading-ease",
"description": "Flesch Reading Ease is a revised system for determining the comprehension difficulty of written material. The scoring of the flesh score can have a maximum of 121.22 and there is no limit on how low a score can be (negative score are valid).", "description": "Flesch Reading Ease is a revised system for determining the comprehension difficulty of written material. The scoring of the flesh score can have a maximum of 121.22 and there is no limit on how low a score can be (negative score are valid).",
"version": 1, "version": 2,
"exclusive": true,
"predicates": [ "predicates": [
{ {
"value": "score", "value": "score",

View File

@ -61,8 +61,7 @@
"exclusive": true "exclusive": true
} }
], ],
"version": 2, "version": 3,
"description": "French gov information classification system", "description": "French gov information classification system",
"namespace": "fr-classif", "namespace": "fr-classif"
"exclusive": true
} }

View File

@ -1,15 +1,17 @@
{ {
"namespace": "ifx-vetting", "namespace": "ifx-vetting",
"description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process", "description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process",
"version": 2, "version": 3,
"predicates": [ "predicates": [
{ {
"value": "vetted", "value": "vetted",
"expanded": "state of the vetted intelligence" "expanded": "state of the vetted intelligence",
"exclusive": true
}, },
{ {
"value": "score", "value": "score",
"expanded": "A numerical score added by a scoring algorithm of choice. The score can either be considered by an analyst or in combination with other tags be used for automatic processing of the data." "expanded": "A numerical score added by a scoring algorithm of choice. The score can either be considered by an analyst or in combination with other tags be used for automatic processing of the data.",
"exclusive": true
} }
], ],
"values": [ "values": [
@ -59,407 +61,508 @@
"entry": [ "entry": [
{ {
"value": "0", "value": "0",
"expanded": "0" "expanded": "0",
"numerical_value": 0
}, },
{ {
"value": "1", "value": "1",
"expanded": "1" "expanded": "1",
"numerical_value": 1
}, },
{ {
"value": "2", "value": "2",
"expanded": "2" "expanded": "2",
"numerical_value": 2
}, },
{ {
"value": "3", "value": "3",
"expanded": "3" "expanded": "3",
"numerical_value": 3
}, },
{ {
"value": "4", "value": "4",
"expanded": "4" "expanded": "4",
"numerical_value": 4
}, },
{ {
"value": "5", "value": "5",
"expanded": "5" "expanded": "5",
"numerical_value": 5
}, },
{ {
"value": "6", "value": "6",
"expanded": "6" "expanded": "6",
"numerical_value": 6
}, },
{ {
"value": "7", "value": "7",
"expanded": "7" "expanded": "7",
"numerical_value": 7
}, },
{ {
"value": "8", "value": "8",
"expanded": "8" "expanded": "8",
"numerical_value": 8
}, },
{ {
"value": "9", "value": "9",
"expanded": "9" "expanded": "9",
"numerical_value": 9
}, },
{ {
"value": "10", "value": "10",
"expanded": "10" "expanded": "10",
"numerical_value": 10
}, },
{ {
"value": "11", "value": "11",
"expanded": "11" "expanded": "11",
"numerical_value": 11
}, },
{ {
"value": "12", "value": "12",
"expanded": "12" "expanded": "12",
"numerical_value": 12
}, },
{ {
"value": "13", "value": "13",
"expanded": "13" "expanded": "13",
"numerical_value": 13
}, },
{ {
"value": "14", "value": "14",
"expanded": "14" "expanded": "14",
"numerical_value": 14
}, },
{ {
"value": "15", "value": "15",
"expanded": "15" "expanded": "15",
"numerical_value": 15
}, },
{ {
"value": "16", "value": "16",
"expanded": "16" "expanded": "16",
"numerical_value": 16
}, },
{ {
"value": "17", "value": "17",
"expanded": "17" "expanded": "17",
"numerical_value": 17
}, },
{ {
"value": "18", "value": "18",
"expanded": "18" "expanded": "18",
"numerical_value": 18
}, },
{ {
"value": "19", "value": "19",
"expanded": "19" "expanded": "19",
"numerical_value": 19
}, },
{ {
"value": "20", "value": "20",
"expanded": "20" "expanded": "20",
"numerical_value": 20
}, },
{ {
"value": "21", "value": "21",
"expanded": "21" "expanded": "21",
"numerical_value": 21
}, },
{ {
"value": "22", "value": "22",
"expanded": "22" "expanded": "22",
"numerical_value": 22
}, },
{ {
"value": "23", "value": "23",
"expanded": "23" "expanded": "23",
"numerical_value": 23
}, },
{ {
"value": "24", "value": "24",
"expanded": "24" "expanded": "24",
"numerical_value": 24
}, },
{ {
"value": "25", "value": "25",
"expanded": "25" "expanded": "25",
"numerical_value": 25
}, },
{ {
"value": "26", "value": "26",
"expanded": "26" "expanded": "26",
"numerical_value": 26
}, },
{ {
"value": "27", "value": "27",
"expanded": "27" "expanded": "27",
"numerical_value": 27
}, },
{ {
"value": "28", "value": "28",
"expanded": "28" "expanded": "28",
"numerical_value": 28
}, },
{ {
"value": "29", "value": "29",
"expanded": "29" "expanded": "29",
"numerical_value": 29
}, },
{ {
"value": "30", "value": "30",
"expanded": "30" "expanded": "30",
"numerical_value": 30
}, },
{ {
"value": "31", "value": "31",
"expanded": "31" "expanded": "31",
"numerical_value": 31
}, },
{ {
"value": "32", "value": "32",
"expanded": "32" "expanded": "32",
"numerical_value": 32
}, },
{ {
"value": "33", "value": "33",
"expanded": "33" "expanded": "33",
"numerical_value": 33
}, },
{ {
"value": "34", "value": "34",
"expanded": "34" "expanded": "34",
"numerical_value": 34
}, },
{ {
"value": "35", "value": "35",
"expanded": "35" "expanded": "35",
"numerical_value": 35
}, },
{ {
"value": "36", "value": "36",
"expanded": "36" "expanded": "36",
"numerical_value": 36
}, },
{ {
"value": "37", "value": "37",
"expanded": "37" "expanded": "37",
"numerical_value": 37
}, },
{ {
"value": "38", "value": "38",
"expanded": "38" "expanded": "38",
"numerical_value": 38
}, },
{ {
"value": "39", "value": "39",
"expanded": "39" "expanded": "39",
"numerical_value": 39
}, },
{ {
"value": "40", "value": "40",
"expanded": "40" "expanded": "40",
"numerical_value": 40
}, },
{ {
"value": "41", "value": "41",
"expanded": "41" "expanded": "41",
"numerical_value": 41
}, },
{ {
"value": "42", "value": "42",
"expanded": "42" "expanded": "42",
"numerical_value": 42
}, },
{ {
"value": "43", "value": "43",
"expanded": "43" "expanded": "43",
"numerical_value": 43
}, },
{ {
"value": "44", "value": "44",
"expanded": "44" "expanded": "44",
"numerical_value": 44
}, },
{ {
"value": "45", "value": "45",
"expanded": "45" "expanded": "45",
"numerical_value": 45
}, },
{ {
"value": "46", "value": "46",
"expanded": "46" "expanded": "46",
"numerical_value": 46
}, },
{ {
"value": "47", "value": "47",
"expanded": "47" "expanded": "47",
"numerical_value": 47
}, },
{ {
"value": "48", "value": "48",
"expanded": "48" "expanded": "48",
"numerical_value": 48
}, },
{ {
"value": "49", "value": "49",
"expanded": "49" "expanded": "49",
"numerical_value": 49
}, },
{ {
"value": "50", "value": "50",
"expanded": "50" "expanded": "50",
"numerical_value": 50
}, },
{ {
"value": "51", "value": "51",
"expanded": "51" "expanded": "51",
"numerical_value": 51
}, },
{ {
"value": "52", "value": "52",
"expanded": "52" "expanded": "52",
"numerical_value": 52
}, },
{ {
"value": "53", "value": "53",
"expanded": "53" "expanded": "53",
"numerical_value": 53
}, },
{ {
"value": "54", "value": "54",
"expanded": "54" "expanded": "54",
"numerical_value": 54
}, },
{ {
"value": "55", "value": "55",
"expanded": "55" "expanded": "55",
"numerical_value": 55
}, },
{ {
"value": "56", "value": "56",
"expanded": "56" "expanded": "56",
"numerical_value": 56
}, },
{ {
"value": "57", "value": "57",
"expanded": "57" "expanded": "57",
"numerical_value": 57
}, },
{ {
"value": "58", "value": "58",
"expanded": "58" "expanded": "58",
"numerical_value": 58
}, },
{ {
"value": "59", "value": "59",
"expanded": "59" "expanded": "59",
"numerical_value": 59
}, },
{ {
"value": "60", "value": "60",
"expanded": "60" "expanded": "60",
"numerical_value": 60
}, },
{ {
"value": "61", "value": "61",
"expanded": "61" "expanded": "61",
"numerical_value": 61
}, },
{ {
"value": "62", "value": "62",
"expanded": "62" "expanded": "62",
"numerical_value": 62
}, },
{ {
"value": "63", "value": "63",
"expanded": "63" "expanded": "63",
"numerical_value": 63
}, },
{ {
"value": "64", "value": "64",
"expanded": "64" "expanded": "64",
"numerical_value": 64
}, },
{ {
"value": "65", "value": "65",
"expanded": "65" "expanded": "65",
"numerical_value": 65
}, },
{ {
"value": "66", "value": "66",
"expanded": "66" "expanded": "66",
"numerical_value": 66
}, },
{ {
"value": "67", "value": "67",
"expanded": "67" "expanded": "67",
"numerical_value": 67
}, },
{ {
"value": "68", "value": "68",
"expanded": "68" "expanded": "68",
"numerical_value": 68
}, },
{ {
"value": "69", "value": "69",
"expanded": "69" "expanded": "69",
"numerical_value": 69
}, },
{ {
"value": "70", "value": "70",
"expanded": "70" "expanded": "70",
"numerical_value": 70
}, },
{ {
"value": "71", "value": "71",
"expanded": "71" "expanded": "71",
"numerical_value": 71
}, },
{ {
"value": "72", "value": "72",
"expanded": "72" "expanded": "72",
"numerical_value": 72
}, },
{ {
"value": "73", "value": "73",
"expanded": "73" "expanded": "73",
"numerical_value": 73
}, },
{ {
"value": "74", "value": "74",
"expanded": "74" "expanded": "74",
"numerical_value": 74
}, },
{ {
"value": "75", "value": "75",
"expanded": "75" "expanded": "75",
"numerical_value": 75
}, },
{ {
"value": "76", "value": "76",
"expanded": "76" "expanded": "76",
"numerical_value": 76
}, },
{ {
"value": "77", "value": "77",
"expanded": "77" "expanded": "77",
"numerical_value": 77
}, },
{ {
"value": "78", "value": "78",
"expanded": "78" "expanded": "78",
"numerical_value": 78
}, },
{ {
"value": "79", "value": "79",
"expanded": "79" "expanded": "79",
"numerical_value": 79
}, },
{ {
"value": "80", "value": "80",
"expanded": "80" "expanded": "80",
"numerical_value": 80
}, },
{ {
"value": "81", "value": "81",
"expanded": "81" "expanded": "81",
"numerical_value": 81
}, },
{ {
"value": "82", "value": "82",
"expanded": "82" "expanded": "82",
"numerical_value": 82
}, },
{ {
"value": "83", "value": "83",
"expanded": "83" "expanded": "83",
"numerical_value": 83
}, },
{ {
"value": "84", "value": "84",
"expanded": "84" "expanded": "84",
"numerical_value": 84
}, },
{ {
"value": "85", "value": "85",
"expanded": "85" "expanded": "85",
"numerical_value": 85
}, },
{ {
"value": "86", "value": "86",
"expanded": "86" "expanded": "86",
"numerical_value": 86
}, },
{ {
"value": "87", "value": "87",
"expanded": "87" "expanded": "87",
"numerical_value": 87
}, },
{ {
"value": "88", "value": "88",
"expanded": "88" "expanded": "88",
"numerical_value": 88
}, },
{ {
"value": "89", "value": "89",
"expanded": "89" "expanded": "89",
"numerical_value": 89
}, },
{ {
"value": "90", "value": "90",
"expanded": "90" "expanded": "90",
"numerical_value": 90
}, },
{ {
"value": "91", "value": "91",
"expanded": "91" "expanded": "91",
"numerical_value": 91
}, },
{ {
"value": "92", "value": "92",
"expanded": "92" "expanded": "92",
"numerical_value": 92
}, },
{ {
"value": "93", "value": "93",
"expanded": "93" "expanded": "93",
"numerical_value": 93
}, },
{ {
"value": "94", "value": "94",
"expanded": "94" "expanded": "94",
"numerical_value": 94
}, },
{ {
"value": "95", "value": "95",
"expanded": "95" "expanded": "95",
"numerical_value": 95
}, },
{ {
"value": "96", "value": "96",
"expanded": "96" "expanded": "96",
"numerical_value": 96
}, },
{ {
"value": "97", "value": "97",
"expanded": "97" "expanded": "97",
"numerical_value": 97
}, },
{ {
"value": "98", "value": "98",
"expanded": "98" "expanded": "98",
"numerical_value": 98
}, },
{ {
"value": "99", "value": "99",
"expanded": "99" "expanded": "99",
"numerical_value": 99
}, },
{ {
"value": "100", "value": "100",
"expanded": "100" "expanded": "100",
"numerical_value": 100
} }
] ]
} }

View File

@ -1,7 +1,7 @@
{ {
"namespace": "incident-disposition", "namespace": "incident-disposition",
"description": "How an incident is classified in its process to be resolved. The taxonomy is inspired from NASA Incident Response and Management Handbook. https://www.nasa.gov/pdf/589502main_ITS-HBK-2810.09-02%20%5bNASA%20Information%20Security%20Incident%20Management%5d.pdf#page=9", "description": "How an incident is classified in its process to be resolved. The taxonomy is inspired from NASA Incident Response and Management Handbook. https://www.nasa.gov/pdf/589502main_ITS-HBK-2810.09-02%20%5bNASA%20Information%20Security%20Incident%20Management%5d.pdf#page=9",
"version": 1, "version": 2,
"predicates": [ "predicates": [
{ {
"value": "incident", "value": "incident",
@ -93,7 +93,7 @@
{ {
"value": "duplicate", "value": "duplicate",
"expanded": "Duplicate", "expanded": "Duplicate",
"description": "An incident may be a Dup l icate of another record in the Incident Management System, and should be merged with the existing workflow." "description": "An incident may be a Duplicate of another record in the Incident Management System, and should be merged with the existing workflow."
} }
] ]
} }

View File

@ -10,7 +10,8 @@
}, },
{ {
"value": "confirmed", "value": "confirmed",
"expanded": "Confirmed information leak or not" "expanded": "Confirmed information leak or not",
"exclusive": true
}, },
{ {
"expanded": "Source of the information leak", "expanded": "Source of the information leak",
@ -22,18 +23,16 @@
}, },
{ {
"expanded": "Output format", "expanded": "Output format",
"value": "output-format" "value": "output-format",
"exclusive": true
}, },
{ {
"value": "certainty", "value": "certainty",
"expanded": "Certainty of the information to be a leak" "expanded": "Certainty of the information to be a leak",
}, "exclusive": true
{
"value": "test",
"expanded": "Test"
} }
], ],
"version": 6, "version": 7,
"description": "A taxonomy describing information leaks and especially information classified as being potentially leaked. The taxonomy is based on the work by CIRCL on the AIL framework. The taxonomy aim is to be used at large to improve classification of leaked information.", "description": "A taxonomy describing information leaks and especially information classified as being potentially leaked. The taxonomy is based on the work by CIRCL on the AIL framework. The taxonomy aim is to be used at large to improve classification of leaked information.",
"namespace": "infoleak", "namespace": "infoleak",
"values": [ "values": [

View File

@ -175,11 +175,13 @@
}, },
{ {
"expanded": "Confidence level", "expanded": "Confidence level",
"value": "confidence-level" "value": "confidence-level",
"exclusive": true
}, },
{ {
"expanded": "Cyberthreat Effect Universal Scale - MISP's internal threat level taxonomy", "expanded": "Cyberthreat Effect Universal Scale - MISP's internal threat level taxonomy",
"value": "threat-level" "value": "threat-level",
"exclusive": true
}, },
{ {
"expanded": "Automation level", "expanded": "Automation level",
@ -198,10 +200,11 @@
}, },
{ {
"expanded": "misp2yara export tool", "expanded": "misp2yara export tool",
"value": "misp2yara" "value": "misp2yara",
"exclusive": true
} }
], ],
"version": 9, "version": 10,
"description": "MISP taxonomy to infer with MISP behavior or operation.", "description": "MISP taxonomy to infer with MISP behavior or operation.",
"expanded": "MISP", "expanded": "MISP",
"namespace": "misp" "namespace": "misp"

View File

@ -48,7 +48,8 @@
"value": "classification" "value": "classification"
} }
], ],
"version": 1, "version": 2,
"description": "NATO classification markings.", "description": "NATO classification markings.",
"namespace": "nato" "namespace": "nato",
"exclusive": true
} }

View File

@ -13,7 +13,7 @@
"value": "certainty" "value": "certainty"
} }
], ],
"version": 10, "version": 11,
"description": "Open Source Intelligence - Classification (MISP taxonomies)", "description": "Open Source Intelligence - Classification (MISP taxonomies)",
"namespace": "osint", "namespace": "osint",
"values": [ "values": [

View File

@ -1,7 +1,7 @@
{ {
"namespace": "phishing", "namespace": "phishing",
"description": "Taxonomy to classify phishing attacks including techniques, collection mechanisms and analysis status.", "description": "Taxonomy to classify phishing attacks including techniques, collection mechanisms and analysis status.",
"version": 3, "version": 4,
"predicates": [ "predicates": [
{ {
"value": "techniques", "value": "techniques",
@ -31,12 +31,14 @@
{ {
"value": "state", "value": "state",
"expanded": "State", "expanded": "State",
"description": "State of the phishing." "description": "State of the phishing.",
"exclusive": true
}, },
{ {
"value": "psychological-acceptability", "value": "psychological-acceptability",
"expanded": "Psychological acceptability", "expanded": "Psychological acceptability",
"description": "Quality of the phishing by its level of acceptance by the target." "description": "Quality of the phishing by its level of acceptance by the target.",
"exclusive": true
}, },
{ {
"value": "principle-of-persuasion", "value": "principle-of-persuasion",

View File

@ -50,7 +50,7 @@
"numerical_value": 0 "numerical_value": 0
} }
], ],
"version": 1, "version": 2,
"description": "After an incident is scored, it is assigned a priority level. The six levels listed below are aligned with NCCIC, DHS, and the CISS to help provide a common lexicon when discussing incidents. This priority assignment drives NCCIC urgency, pre-approved incident response offerings, reporting requirements, and recommendations for leadership escalation. Generally, incident priority distribution should follow a similar pattern to the graph below. Based on https://www.us-cert.gov/NCCIC-Cyber-Incident-Scoring-System.", "description": "After an incident is scored, it is assigned a priority level. The six levels listed below are aligned with NCCIC, DHS, and the CISS to help provide a common lexicon when discussing incidents. This priority assignment drives NCCIC urgency, pre-approved incident response offerings, reporting requirements, and recommendations for leadership escalation. Generally, incident priority distribution should follow a similar pattern to the graph below. Based on https://www.us-cert.gov/NCCIC-Cyber-Incident-Scoring-System.",
"namespace": "priority-level", "namespace": "priority-level",
"exclusive": true "exclusive": true

View File

@ -2,7 +2,8 @@
"namespace": "retention", "namespace": "retention",
"expanded": "retention", "expanded": "retention",
"description": "Add a retenion time to events to automatically remove the IDS-flag on ip-dst or ip-src attributes. We calculate the time elapsed based on the date of the event. Supported time units are: d(ays), w(eeks), m(onths), y(ears). The numerical_value is just for sorting in the web-interface and is not used for calculations.", "description": "Add a retenion time to events to automatically remove the IDS-flag on ip-dst or ip-src attributes. We calculate the time elapsed based on the date of the event. Supported time units are: d(ays), w(eeks), m(onths), y(ears). The numerical_value is just for sorting in the web-interface and is not used for calculations.",
"version": 2, "version": 3,
"exclusive": true,
"refs": [ "refs": [
"https://en.wikipedia.org/wiki/Retention_period" "https://en.wikipedia.org/wiki/Retention_period"
], ],

View File

@ -1,7 +1,8 @@
{ {
"namespace": "rt_event_status", "namespace": "rt_event_status",
"description": "Status of events used in Request Tracker.", "description": "Status of events used in Request Tracker.",
"version": 1, "version": 2,
"exclusive": true,
"predicates": [ "predicates": [
{ {
"value": "event-status", "value": "event-status",

View File

@ -78,7 +78,7 @@
"value": "technical-sophistication-multiplier" "value": "technical-sophistication-multiplier"
} }
], ],
"version": 2, "version": 3,
"refs": [ "refs": [
"https://citizenlab.org/2013/10/targeted-threat-index/", "https://citizenlab.org/2013/10/targeted-threat-index/",
"https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-hardy.pdf" "https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-hardy.pdf"

48
tools/gen_manifest.py Executable file
View File

@ -0,0 +1,48 @@
#!/usr/bin/env python3
import json
from pathlib import Path
from datetime import datetime
TAXONOMY_ROOT_PATH = Path(__file__).resolve().parent.parent
def fetchTaxonomies():
taxonomiesFolder = TAXONOMY_ROOT_PATH
taxonomies = []
for taxonomyFile in taxonomiesFolder.glob('./*/machinetag.json'):
with open(taxonomyFile) as f:
taxonomy = json.load(f)
taxonomies.append(taxonomy)
return taxonomies
def generateManifest(taxonomies):
manifest = {}
manifest['taxonomies'] = []
manifest['path'] = 'machinetag.json'
manifest['url'] = 'https://raw.githubusercontent.com/MISP/misp-taxonomies/master/'
manifest['description'] = 'Manifest file of MISP taxonomies available.'
manifest['license'] = 'CC-0'
now = datetime.now()
manifest['version'] = '{}{:02}{:02}'.format(now.year, now.month, now.day)
for taxonomy in taxonomies:
taxObj = {
'name': taxonomy['namespace'],
'description': taxonomy['description'],
'version': taxonomy['version']
}
manifest['taxonomies'].append(taxObj)
return manifest
def saveManifest(manifest):
with open(TAXONOMY_ROOT_PATH / 'MANIFEST.json', 'w') as f:
json.dump(manifest, f, indent=2, sort_keys=True)
def awesomePrint(text):
print('\033[1;32m{}\033[0;39m'.format(text))
if __name__ == "__main__":
taxonomies = fetchTaxonomies()
manifest = generateManifest(taxonomies)
saveManifest(manifest)
awesomePrint('> Manifest saved!')

49
tools/gen_markdown.py Executable file
View File

@ -0,0 +1,49 @@
#!/usr/bin/env python3
import json
from pathlib import Path
from datetime import datetime
TAXONOMY_ROOT_PATH = Path(__file__).resolve().parent.parent
def fetchTaxonomies():
taxonomiesFolder = TAXONOMY_ROOT_PATH
taxonomies = []
for taxonomyFile in taxonomiesFolder.glob('./*/machinetag.json'):
with open(taxonomyFile) as f:
taxonomy = json.load(f)
taxonomies.append(taxonomy)
return taxonomies
def generateMarkdown(taxonomies):
markdown_line_array = []
markdown_line_array.append("# Taxonomies")
markdown_line_array.append("- Generation date: %s" % datetime.now().isoformat().split('T')[0])
markdown_line_array.append("- license: %s" % 'CC-0')
markdown_line_array.append("- description: %s" % 'Manifest file of MISP taxonomies available.')
markdown_line_array.append("")
markdown_line_array.append("## Taxonomies")
markdown_line_array.append("")
for taxonomy in taxonomies:
markdown_line_array.append("### %s" % taxonomy['namespace'])
markdown_line_array.append("- description: %s" % taxonomy['description'])
markdown_line_array.append("- version: %s" % taxonomy['version'])
markdown_line_array.append("- Predicates")
markdown_line_array = markdown_line_array + [' - '+p['value'] for p in taxonomy['predicates']]
markdown = '\n'.join(markdown_line_array)
return markdown
def saveMarkdown(markdown):
with open(TAXONOMY_ROOT_PATH / 'Summary.md', 'w') as f:
f.write(markdown)
def awesomePrint(text):
print('\033[1;32m{}\033[0;39m'.format(text))
if __name__ == "__main__":
taxonomies = fetchTaxonomies()
markdown = generateMarkdown(taxonomies)
saveMarkdown(markdown)
awesomePrint('> Markdown saved!')

View File

@ -38,10 +38,11 @@
"value": "degré-de-probabilité" "value": "degré-de-probabilité"
} }
], ],
"version": 2, "version": 3,
"description": "Ce vocabulaire attribue des valeurs en pourcentage à certains énoncés de probabilité", "description": "Ce vocabulaire attribue des valeurs en pourcentage à certains énoncés de probabilité",
"expanded": "Vocabulaire des probabilités estimatives", "expanded": "Vocabulaire des probabilités estimatives",
"namespace": "vocabulaire-des-probabilites-estimatives", "namespace": "vocabulaire-des-probabilites-estimatives",
"exclusive": true,
"refs": [ "refs": [
"http://publications.gc.ca/collections/collection_2013/sp-ps/PS64-106-2007-fra.pdf" "http://publications.gc.ca/collections/collection_2013/sp-ps/PS64-106-2007-fra.pdf"
] ]

View File

@ -2,7 +2,7 @@
"namespace": "workflow", "namespace": "workflow",
"expanded": "workflow to support analysis", "expanded": "workflow to support analysis",
"description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.", "description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.",
"version": 9, "version": 10,
"predicates": [ "predicates": [
{ {
"value": "todo", "value": "todo",
@ -12,7 +12,8 @@
{ {
"value": "state", "value": "state",
"expanded": "State", "expanded": "State",
"description": "State are the different states of the information or data being tagged." "description": "State are the different states of the information or data being tagged.",
"exclusive": true
} }
], ],
"values": [ "values": [