MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #174 from MISP/feature-exclusive 

Feature `exclusive` and `numerical_value`
pull/176/head
Alexandre Dulaunoy 2019-11-05 14:41:46 +01:00 committed by GitHub
parent 47db7a9306 4e21962961
commit 519d1f45b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
31 changed files with 2079 additions and 684 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1048
MANIFEST.json
View File

File diff suppressed because it is too large Load Diff

3
PAP/machinetag.json
View File

@ -2,7 +2,8 @@
"namespace": "PAP",
"expanded": "Permissible Actions Protocol",
"description": "The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.",
"version": 1,
"version": 2,
"exclusive": true,
"predicates": [
{
"value": "RED",

1156
Summary.md Normal file
View File

File diff suppressed because it is too large Load Diff

8
admiralty-scale/machinetag.json
View File

@ -1,15 +1,17 @@
{
"namespace": "admiralty-scale",
"description": "The Admiralty Scale or Ranking (also called the NATO System) is used to rank the reliability of a source and the credibility of an information. Reference based on FM 2-22.3 (FM 34-52) HUMAN INTELLIGENCE COLLECTOR OPERATIONS and NATO documents.",
"version": 4,
"version": 5,
"predicates": [
{
"value": "source-reliability",
"expanded": "Source Reliability"
"expanded": "Source Reliability",
"exclusive": true
},
{
"value": "information-credibility",
"expanded": "Information Credibility"
"expanded": "Information Credibility",
"exclusive": true
}
],
"values": [

14
ais-marking/machinetag.json
View File

@ -1,23 +1,27 @@
{
"namespace": "ais-marking",
"description": "The AIS Marking Schema implementation is maintained by the National Cybersecurity and Communication Integration Center (NCCIC) of the U.S. Department of Homeland Security (DHS)",
"version": 1,
"version": 2,
"predicates": [
{
"value": "TLPMarking",
"expanded": "TLP Marking"
"expanded": "TLP Marking",
"exclusive": true
},
{
"value": "AISConsent",
"expanded": "AIS Consent"
"expanded": "AIS Consent",
"exclusive": true
},
{
"value": "CISA_Proprietary",
"expanded": "CISA Proprietary"
"expanded": "CISA Proprietary",
"exclusive": true
},
{
"value": "AISMarking",
"expanded": "AIS Marking"
"expanded": "AIS Marking",
"exclusive": true
}
],
"values": [

2
analyst-assessment/machinetag.json
View File

@ -229,7 +229,7 @@
"org",
"user"
],
"version": 3,
"version": 4,
"description": "A series of assessment predicates describing the analyst capabilities to perform analysis. These assessment can be assigned by the analyst him/herself or by another party evaluating the analyst.",
"expanded": "Analyst (Self) Assessment",
"namespace": "analyst-assessment"

3
binary-class/machinetag.json
View File

@ -1,7 +1,8 @@
{
"namespace": "binary-class",
"description": "Custom taxonomy for types of binary file.",
"version": 1,
"exclusive": true,
"version": 2,
"predicates": [
{
"value": "type",

2
copine-scale/machinetag.json
View File

@ -55,7 +55,7 @@
"https://en.wikipedia.org/wiki/COPINE_scale",
"http://journals.sagepub.com/doi/pdf/10.1177/1079063217724768"
],
"version": 2,
"version": 3,
"description": "The COPINE Scale is a rating system created in Ireland and used in the United Kingdom to categorise the severity of images of child sex abuse. The scale was developed by staff at the COPINE (Combating Paedophile Information Networks in Europe) project. The COPINE Project was founded in 1997, and is based in the Department of Applied Psychology, University College Cork, Ireland.",
"expanded": "COPINE Scale",
"namespace": "copine-scale",

2
cssa/machinetag.json
View File

@ -1,7 +1,7 @@
{
"namespace": "cssa",
"description": "The CSSA agreed sharing taxonomy.",
"version": 6,
"version": 7,
"predicates": [
{
"value": "sharing-class",

2
cyber-threat-framework/machinetag.json
View File

@ -2,7 +2,7 @@
"namespace": "cyber-threat-framework",
"expanded": "Cyber Threat Framework",
"description": "Cyber Threat Framework was developed by the US Government to enable consistent characterization and categorization of cyber threat events, and to identify trends or changes in the activities of cyber adversaries. https://www.dni.gov/index.php/cyber-threat-framework",
"version": 1,
"version": 2,
"predicates": [
{
"value": "Preparation",

8
economical-impact/machinetag.json
View File

@ -2,7 +2,7 @@
"namespace": "economical-impact",
"expanded": " Economical Impact",
"description": "Economical impact is a taxonomy to describe the financial impact as positive or negative gain to the tagged information (e.g. data exfiltration loss, a positive gain for an adversary).",
"version": 3,
"version": 4,
"refs": [
"https://www.misp-project.org/"
],
@ -112,12 +112,14 @@
{
"value": "loss",
"expanded": "Loss",
"description": "A financial impact evaluated as a casuality."
"description": "A financial impact evaluated as a casuality.",
"exclusive": true
},
{
"value": "gain",
"expanded": "Gain",
"description": "A financial impact evaluated as a benefit."
"description": "A financial impact evaluated as a benefit.",
"exclusive": true
}
]
}

8
estimative-language/machinetag.json
View File

@ -2,17 +2,19 @@
"namespace": "estimative-language",
"expanded": "Estimative languages",
"description": "Estimative language to describe quality and credibility of underlying sources, data, and methodologies based Intelligence Community Directive 203 (ICD 203) and JP 2-0, Joint Intelligence",
"version": 4,
"version": 5,
"predicates": [
{
"value": "likelihood-probability",
"expanded": "Likelihood or probability",
"description": "Properly expresses and explains uncertainties associated with major analytic judgments: Analytic products should indicate and explain the basis for the uncertainties associated with major analytic judgments, specifically the likelihood of occurrence of an event or development, and the analyst's confidence in the basis for this judgment. Degrees of likelihood encompass a full spectrum from remote to nearly certain. Analysts' confidence in an assessment or judgment may be based on the logic and evidentiary base that underpin it, including the quantity and quality of source material, and their understanding of the topic. Analytic products should note causes of uncertainty (e.g., type, currency, and amount of information, knowledge gaps, and the nature of the issue) and explain how uncertainties affect analysis (e.g., to what degree and how a judgment depends on assumptions). As appropriate, products should identify indicators that would alter the levels of uncertainty for major analytic judgments. Consistency in the terms used and the supporting information and logic advanced is critical to success in expressing uncertainty, regardless of whether likelihood or confidence expressions are used."
"description": "Properly expresses and explains uncertainties associated with major analytic judgments: Analytic products should indicate and explain the basis for the uncertainties associated with major analytic judgments, specifically the likelihood of occurrence of an event or development, and the analyst's confidence in the basis for this judgment. Degrees of likelihood encompass a full spectrum from remote to nearly certain. Analysts' confidence in an assessment or judgment may be based on the logic and evidentiary base that underpin it, including the quantity and quality of source material, and their understanding of the topic. Analytic products should note causes of uncertainty (e.g., type, currency, and amount of information, knowledge gaps, and the nature of the issue) and explain how uncertainties affect analysis (e.g., to what degree and how a judgment depends on assumptions). As appropriate, products should identify indicators that would alter the levels of uncertainty for major analytic judgments. Consistency in the terms used and the supporting information and logic advanced is critical to success in expressing uncertainty, regardless of whether likelihood or confidence expressions are used.",
"exclusive": true
},
{
"value": "confidence-in-analytic-judgment",
"expanded": "Confidence in analytic judgment",
"description": "Confidence in a judgment is based on three factors: number of key assumptions required, the credibility and diversity of sourcing in the knowledge base, and the strength of argumentation. Each factor should be assessed independently and then in concert with the other factors to determine the confidence level. Multiple judgments in a product may contain varying levels of confidence. Confidence levels are stated as Low, Moderate, and High."
"description": "Confidence in a judgment is based on three factors: number of key assumptions required, the credibility and diversity of sourcing in the knowledge base, and the strength of argumentation. Each factor should be assessed independently and then in concert with the other factors to determine the confidence level. Multiple judgments in a product may contain varying levels of confidence. Confidence levels are stated as Low, Moderate, and High.",
"exclusive": true
}
],
"values": [

3
euci/machinetag.json
View File

@ -1,7 +1,8 @@
{
"namespace": "euci",
"description": "EU classified information (EUCI) means any information or material designated by a EU security classification, the unauthorised disclosure of which could cause varying degrees of prejudice to the interests of the European Union or of one or more of the Member States.",
"version": 2,
"version": 3,
"exclusive": true,
"predicates": [
{
"value": "TS-UE/EU-TS",

23
false-positive/machinetag.json
View File

@ -1,18 +1,20 @@
{
"namespace": "false-positive",
"description": "This taxonomy aims to ballpark the expected amount of false positives.",
"version": 3,
"version": 4,
"expanded": "False positive",
"predicates": [
{
"value": "risk",
"expanded": "Risk",
"description": "Risk of having false positives in the tagged value."
"description": "Risk of having false positives in the tagged value.",
"exclusive": true
},
{
"value": "confirmed",
"expanded": "Confirmed",
"description": "Confirmed false positives in the tagged value."
"description": "Confirmed false positives in the tagged value.",
"exclusive": true
}
],
"values": [
@ -38,6 +40,21 @@
"numerical_value": 25
}
]
},
{
"predicate": "confirmed",
"entry": [
{
"value": "true",
"description": "The false positive is confirmed.",
"numerical_value": 0
},
{
"value": "false",
"description": "The flase positive is not confirmed.",
"numerical_value": 50
}
]
}
]
}

3
flesch-reading-ease/machinetag.json
View File

@ -1,7 +1,8 @@
{
"namespace": "flesch-reading-ease",
"description": "Flesch Reading Ease is a revised system for determining the comprehension difficulty of written material. The scoring of the flesh score can have a maximum of 121.22 and there is no limit on how low a score can be (negative score are valid).",
"version": 1,
"version": 2,
"exclusive": true,
"predicates": [
{
"value": "score",

5
fr-classif/machinetag.json
View File

@ -61,8 +61,7 @@
"exclusive": true
}
],
"version": 2,
"version": 3,
"description": "French gov information classification system",
"namespace": "fr-classif",
"exclusive": true
"namespace": "fr-classif"
}

311
ifx-vetting/machinetag.json
View File

@ -1,15 +1,17 @@
{
"namespace": "ifx-vetting",
"description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process",
"version": 2,
"version": 3,
"predicates": [
{
"value": "vetted",
"expanded": "state of the vetted intelligence"
"expanded": "state of the vetted intelligence",
"exclusive": true
},
{
"value": "score",
"expanded": "A numerical score added by a scoring algorithm of choice. The score can either be considered by an analyst or in combination with other tags be used for automatic processing of the data."
"expanded": "A numerical score added by a scoring algorithm of choice. The score can either be considered by an analyst or in combination with other tags be used for automatic processing of the data.",
"exclusive": true
}
],
"values": [
@ -59,407 +61,508 @@
"entry": [
{
"value": "0",
"expanded": "0"
"expanded": "0",
"numerical_value": 0
},
{
"value": "1",
"expanded": "1"
"expanded": "1",
"numerical_value": 1
},
{
"value": "2",
"expanded": "2"
"expanded": "2",
"numerical_value": 2
},
{
"value": "3",
"expanded": "3"
"expanded": "3",
"numerical_value": 3
},
{
"value": "4",
"expanded": "4"
"expanded": "4",
"numerical_value": 4
},
{
"value": "5",
"expanded": "5"
"expanded": "5",
"numerical_value": 5
},
{
"value": "6",
"expanded": "6"
"expanded": "6",
"numerical_value": 6
},
{
"value": "7",
"expanded": "7"
"expanded": "7",
"numerical_value": 7
},
{
"value": "8",
"expanded": "8"
"expanded": "8",
"numerical_value": 8
},
{
"value": "9",
"expanded": "9"
"expanded": "9",
"numerical_value": 9
},
{
"value": "10",
"expanded": "10"
"expanded": "10",
"numerical_value": 10
},
{
"value": "11",
"expanded": "11"
"expanded": "11",
"numerical_value": 11
},
{
"value": "12",
"expanded": "12"
"expanded": "12",
"numerical_value": 12
},
{
"value": "13",
"expanded": "13"
"expanded": "13",
"numerical_value": 13
},
{
"value": "14",
"expanded": "14"
"expanded": "14",
"numerical_value": 14
},
{
"value": "15",
"expanded": "15"
"expanded": "15",
"numerical_value": 15
},
{
"value": "16",
"expanded": "16"
"expanded": "16",
"numerical_value": 16
},
{
"value": "17",
"expanded": "17"
"expanded": "17",
"numerical_value": 17
},
{
"value": "18",
"expanded": "18"
"expanded": "18",
"numerical_value": 18
},
{
"value": "19",
"expanded": "19"
"expanded": "19",
"numerical_value": 19
},
{
"value": "20",
"expanded": "20"
"expanded": "20",
"numerical_value": 20
},
{
"value": "21",
"expanded": "21"
"expanded": "21",
"numerical_value": 21
},
{
"value": "22",
"expanded": "22"
"expanded": "22",
"numerical_value": 22
},
{
"value": "23",
"expanded": "23"
"expanded": "23",
"numerical_value": 23
},
{
"value": "24",
"expanded": "24"
"expanded": "24",
"numerical_value": 24
},
{
"value": "25",
"expanded": "25"
"expanded": "25",
"numerical_value": 25
},
{
"value": "26",
"expanded": "26"
"expanded": "26",
"numerical_value": 26
},
{
"value": "27",
"expanded": "27"
"expanded": "27",
"numerical_value": 27
},
{
"value": "28",
"expanded": "28"
"expanded": "28",
"numerical_value": 28
},
{
"value": "29",
"expanded": "29"
"expanded": "29",
"numerical_value": 29
},
{
"value": "30",
"expanded": "30"
"expanded": "30",
"numerical_value": 30
},
{
"value": "31",
"expanded": "31"
"expanded": "31",
"numerical_value": 31
},
{
"value": "32",
"expanded": "32"
"expanded": "32",
"numerical_value": 32
},
{
"value": "33",
"expanded": "33"
"expanded": "33",
"numerical_value": 33
},
{
"value": "34",
"expanded": "34"
"expanded": "34",
"numerical_value": 34
},
{
"value": "35",
"expanded": "35"
"expanded": "35",
"numerical_value": 35
},
{
"value": "36",
"expanded": "36"
"expanded": "36",
"numerical_value": 36
},
{
"value": "37",
"expanded": "37"
"expanded": "37",
"numerical_value": 37
},
{
"value": "38",
"expanded": "38"
"expanded": "38",
"numerical_value": 38
},
{
"value": "39",
"expanded": "39"
"expanded": "39",
"numerical_value": 39
},
{
"value": "40",
"expanded": "40"
"expanded": "40",
"numerical_value": 40
},
{
"value": "41",
"expanded": "41"
"expanded": "41",
"numerical_value": 41
},
{
"value": "42",
"expanded": "42"
"expanded": "42",
"numerical_value": 42
},
{
"value": "43",
"expanded": "43"
"expanded": "43",
"numerical_value": 43
},
{
"value": "44",
"expanded": "44"
"expanded": "44",
"numerical_value": 44
},
{
"value": "45",
"expanded": "45"
"expanded": "45",
"numerical_value": 45
},
{
"value": "46",
"expanded": "46"
"expanded": "46",
"numerical_value": 46
},
{
"value": "47",
"expanded": "47"
"expanded": "47",
"numerical_value": 47
},
{
"value": "48",
"expanded": "48"
"expanded": "48",
"numerical_value": 48
},
{
"value": "49",
"expanded": "49"
"expanded": "49",
"numerical_value": 49
},
{
"value": "50",
"expanded": "50"
"expanded": "50",
"numerical_value": 50
},
{
"value": "51",
"expanded": "51"
"expanded": "51",
"numerical_value": 51
},
{
"value": "52",
"expanded": "52"
"expanded": "52",
"numerical_value": 52
},
{
"value": "53",
"expanded": "53"
"expanded": "53",
"numerical_value": 53
},
{
"value": "54",
"expanded": "54"
"expanded": "54",
"numerical_value": 54
},
{
"value": "55",
"expanded": "55"
"expanded": "55",
"numerical_value": 55
},
{
"value": "56",
"expanded": "56"
"expanded": "56",
"numerical_value": 56
},
{
"value": "57",
"expanded": "57"
"expanded": "57",
"numerical_value": 57
},
{
"value": "58",
"expanded": "58"
"expanded": "58",
"numerical_value": 58
},
{
"value": "59",
"expanded": "59"
"expanded": "59",
"numerical_value": 59
},
{
"value": "60",
"expanded": "60"
"expanded": "60",
"numerical_value": 60
},
{
"value": "61",
"expanded": "61"
"expanded": "61",
"numerical_value": 61
},
{
"value": "62",
"expanded": "62"
"expanded": "62",
"numerical_value": 62
},
{
"value": "63",
"expanded": "63"
"expanded": "63",
"numerical_value": 63
},
{
"value": "64",
"expanded": "64"
"expanded": "64",
"numerical_value": 64
},
{
"value": "65",
"expanded": "65"
"expanded": "65",
"numerical_value": 65
},
{
"value": "66",
"expanded": "66"
"expanded": "66",
"numerical_value": 66
},
{
"value": "67",
"expanded": "67"
"expanded": "67",
"numerical_value": 67
},
{
"value": "68",
"expanded": "68"
"expanded": "68",
"numerical_value": 68
},
{
"value": "69",
"expanded": "69"
"expanded": "69",
"numerical_value": 69
},
{
"value": "70",
"expanded": "70"
"expanded": "70",
"numerical_value": 70
},
{
"value": "71",
"expanded": "71"
"expanded": "71",
"numerical_value": 71
},
{
"value": "72",
"expanded": "72"
"expanded": "72",
"numerical_value": 72
},
{
"value": "73",
"expanded": "73"
"expanded": "73",
"numerical_value": 73
},
{
"value": "74",
"expanded": "74"
"expanded": "74",
"numerical_value": 74
},
{
"value": "75",
"expanded": "75"
"expanded": "75",
"numerical_value": 75
},
{
"value": "76",
"expanded": "76"
"expanded": "76",
"numerical_value": 76
},
{
"value": "77",
"expanded": "77"
"expanded": "77",
"numerical_value": 77
},
{
"value": "78",
"expanded": "78"
"expanded": "78",
"numerical_value": 78
},
{
"value": "79",
"expanded": "79"
"expanded": "79",
"numerical_value": 79
},
{
"value": "80",
"expanded": "80"
"expanded": "80",
"numerical_value": 80
},
{
"value": "81",
"expanded": "81"
"expanded": "81",
"numerical_value": 81
},
{
"value": "82",
"expanded": "82"
"expanded": "82",
"numerical_value": 82
},
{
"value": "83",
"expanded": "83"
"expanded": "83",
"numerical_value": 83
},
{
"value": "84",
"expanded": "84"
"expanded": "84",
"numerical_value": 84
},
{
"value": "85",
"expanded": "85"
"expanded": "85",
"numerical_value": 85
},
{
"value": "86",
"expanded": "86"
"expanded": "86",
"numerical_value": 86
},
{
"value": "87",
"expanded": "87"
"expanded": "87",
"numerical_value": 87
},
{
"value": "88",
"expanded": "88"
"expanded": "88",
"numerical_value": 88
},
{
"value": "89",
"expanded": "89"
"expanded": "89",
"numerical_value": 89
},
{
"value": "90",
"expanded": "90"
"expanded": "90",
"numerical_value": 90
},
{
"value": "91",
"expanded": "91"
"expanded": "91",
"numerical_value": 91
},
{
"value": "92",
"expanded": "92"
"expanded": "92",
"numerical_value": 92
},
{
"value": "93",
"expanded": "93"
"expanded": "93",
"numerical_value": 93
},
{
"value": "94",
"expanded": "94"
"expanded": "94",
"numerical_value": 94
},
{
"value": "95",
"expanded": "95"
"expanded": "95",
"numerical_value": 95
},
{
"value": "96",
"expanded": "96"
"expanded": "96",
"numerical_value": 96
},
{
"value": "97",
"expanded": "97"
"expanded": "97",
"numerical_value": 97
},
{
"value": "98",
"expanded": "98"
"expanded": "98",
"numerical_value": 98
},
{
"value": "99",
"expanded": "99"
"expanded": "99",
"numerical_value": 99
},
{
"value": "100",
"expanded": "100"
"expanded": "100",
"numerical_value": 100
}
]
}

4
incident-disposition/machinetag.json
View File

@ -1,7 +1,7 @@
{
"namespace": "incident-disposition",
"description": "How an incident is classified in its process to be resolved. The taxonomy is inspired from NASA Incident Response and Management Handbook. https://www.nasa.gov/pdf/589502main_ITS-HBK-2810.09-02%20%5bNASA%20Information%20Security%20Incident%20Management%5d.pdf#page=9",
"version": 1,
"version": 2,
"predicates": [
{
"value": "incident",
@ -93,7 +93,7 @@
{
"value": "duplicate",
"expanded": "Duplicate",
"description": "An incident may be a Dup l icate of another record in the Incident Management System, and should be merged with the existing workflow."
"description": "An incident may be a Duplicate of another record in the Incident Management System, and should be merged with the existing workflow."
}
]
}

15
infoleak/machinetag.json
View File

@ -10,7 +10,8 @@
},
{
"value": "confirmed",
"expanded": "Confirmed information leak or not"
"expanded": "Confirmed information leak or not",
"exclusive": true
},
{
"expanded": "Source of the information leak",
@ -22,18 +23,16 @@
},
{
"expanded": "Output format",
"value": "output-format"
"value": "output-format",
"exclusive": true
},
{
"value": "certainty",
"expanded": "Certainty of the information to be a leak"
},
{
"value": "test",
"expanded": "Test"
"expanded": "Certainty of the information to be a leak",
"exclusive": true
}
],
"version": 6,
"version": 7,
"description": "A taxonomy describing information leaks and especially information classified as being potentially leaked. The taxonomy is based on the work by CIRCL on the AIL framework. The taxonomy aim is to be used at large to improve classification of leaked information.",
"namespace": "infoleak",
"values": [

11
misp/machinetag.json
View File

@ -175,11 +175,13 @@
},
{
"expanded": "Confidence level",
"value": "confidence-level"
"value": "confidence-level",
"exclusive": true
},
{
"expanded": "Cyberthreat Effect Universal Scale - MISP's internal threat level taxonomy",
"value": "threat-level"
"value": "threat-level",
"exclusive": true
},
{
"expanded": "Automation level",
@ -198,10 +200,11 @@
},
{
"expanded": "misp2yara export tool",
"value": "misp2yara"
"value": "misp2yara",
"exclusive": true
}
],
"version": 9,
"version": 10,
"description": "MISP taxonomy to infer with MISP behavior or operation.",
"expanded": "MISP",
"namespace": "misp"

5
nato/machinetag.json
View File

@ -48,7 +48,8 @@
"value": "classification"
}
],
"version": 1,
"version": 2,
"description": "NATO classification markings.",
"namespace": "nato"
"namespace": "nato",
"exclusive": true
}

2
osint/machinetag.json
View File

@ -13,7 +13,7 @@
"value": "certainty"
}
],
"version": 10,
"version": 11,
"description": "Open Source Intelligence - Classification (MISP taxonomies)",
"namespace": "osint",
"values": [

8
phishing/machinetag.json
View File

@ -1,7 +1,7 @@
{
"namespace": "phishing",
"description": "Taxonomy to classify phishing attacks including techniques, collection mechanisms and analysis status.",
"version": 3,
"version": 4,
"predicates": [
{
"value": "techniques",
@ -31,12 +31,14 @@
{
"value": "state",
"expanded": "State",
"description": "State of the phishing."
"description": "State of the phishing.",
"exclusive": true
},
{
"value": "psychological-acceptability",
"expanded": "Psychological acceptability",
"description": "Quality of the phishing by its level of acceptance by the target."
"description": "Quality of the phishing by its level of acceptance by the target.",
"exclusive": true
},
{
"value": "principle-of-persuasion",

2
priority-level/machinetag.json
View File

@ -50,7 +50,7 @@
"numerical_value": 0
}
],
"version": 1,
"version": 2,
"description": "After an incident is scored, it is assigned a priority level. The six levels listed below are aligned with NCCIC, DHS, and the CISS to help provide a common lexicon when discussing incidents. This priority assignment drives NCCIC urgency, pre-approved incident response offerings, reporting requirements, and recommendations for leadership escalation. Generally, incident priority distribution should follow a similar pattern to the graph below. Based on https://www.us-cert.gov/NCCIC-Cyber-Incident-Scoring-System.",
"namespace": "priority-level",
"exclusive": true

3
retention/machinetag.json
View File

@ -2,7 +2,8 @@
"namespace": "retention",
"expanded": "retention",
"description": "Add a retenion time to events to automatically remove the IDS-flag on ip-dst or ip-src attributes. We calculate the time elapsed based on the date of the event. Supported time units are: d(ays), w(eeks), m(onths), y(ears). The numerical_value is just for sorting in the web-interface and is not used for calculations.",
"version": 2,
"version": 3,
"exclusive": true,
"refs": [
"https://en.wikipedia.org/wiki/Retention_period"
],

3
rt_event_status/machinetag.json
View File

@ -1,7 +1,8 @@
{
"namespace": "rt_event_status",
"description": "Status of events used in Request Tracker.",
"version": 1,
"version": 2,
"exclusive": true,
"predicates": [
{
"value": "event-status",

2
targeted-threat-index/machinetag.json
View File

@ -78,7 +78,7 @@
"value": "technical-sophistication-multiplier"
}
],
"version": 2,
"version": 3,
"refs": [
"https://citizenlab.org/2013/10/targeted-threat-index/",
"https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-hardy.pdf"

48
tools/gen_manifest.py Executable file
View File

@ -0,0 +1,48 @@
#!/usr/bin/env python3
import json
from pathlib import Path
from datetime import datetime
TAXONOMY_ROOT_PATH = Path(__file__).resolve().parent.parent
def fetchTaxonomies():
taxonomiesFolder = TAXONOMY_ROOT_PATH
taxonomies = []
for taxonomyFile in taxonomiesFolder.glob('./*/machinetag.json'):
with open(taxonomyFile) as f:
taxonomy = json.load(f)
taxonomies.append(taxonomy)
return taxonomies
def generateManifest(taxonomies):
manifest = {}
manifest['taxonomies'] = []
manifest['path'] = 'machinetag.json'
manifest['url'] = 'https://raw.githubusercontent.com/MISP/misp-taxonomies/master/'
manifest['description'] = 'Manifest file of MISP taxonomies available.'
manifest['license'] = 'CC-0'
now = datetime.now()
manifest['version'] = '{}{:02}{:02}'.format(now.year, now.month, now.day)
for taxonomy in taxonomies:
taxObj = {
'name': taxonomy['namespace'],
'description': taxonomy['description'],
'version': taxonomy['version']
}
manifest['taxonomies'].append(taxObj)
return manifest
def saveManifest(manifest):
with open(TAXONOMY_ROOT_PATH / 'MANIFEST.json', 'w') as f:
json.dump(manifest, f, indent=2, sort_keys=True)
def awesomePrint(text):
print('\033[1;32m{}\033[0;39m'.format(text))
if __name__ == "__main__":
taxonomies = fetchTaxonomies()
manifest = generateManifest(taxonomies)
saveManifest(manifest)
awesomePrint('> Manifest saved!')

49
tools/gen_markdown.py Executable file
View File

@ -0,0 +1,49 @@
#!/usr/bin/env python3
import json
from pathlib import Path
from datetime import datetime
TAXONOMY_ROOT_PATH = Path(__file__).resolve().parent.parent
def fetchTaxonomies():
taxonomiesFolder = TAXONOMY_ROOT_PATH
taxonomies = []
for taxonomyFile in taxonomiesFolder.glob('./*/machinetag.json'):
with open(taxonomyFile) as f:
taxonomy = json.load(f)
taxonomies.append(taxonomy)
return taxonomies
def generateMarkdown(taxonomies):
markdown_line_array = []
markdown_line_array.append("# Taxonomies")
markdown_line_array.append("- Generation date: %s" % datetime.now().isoformat().split('T')[0])
markdown_line_array.append("- license: %s" % 'CC-0')
markdown_line_array.append("- description: %s" % 'Manifest file of MISP taxonomies available.')
markdown_line_array.append("")
markdown_line_array.append("## Taxonomies")
markdown_line_array.append("")
for taxonomy in taxonomies:
markdown_line_array.append("### %s" % taxonomy['namespace'])
markdown_line_array.append("- description: %s" % taxonomy['description'])
markdown_line_array.append("- version: %s" % taxonomy['version'])
markdown_line_array.append("- Predicates")
markdown_line_array = markdown_line_array + [' - '+p['value'] for p in taxonomy['predicates']]
markdown = '\n'.join(markdown_line_array)
return markdown
def saveMarkdown(markdown):
with open(TAXONOMY_ROOT_PATH / 'Summary.md', 'w') as f:
f.write(markdown)
def awesomePrint(text):
print('\033[1;32m{}\033[0;39m'.format(text))
if __name__ == "__main__":
taxonomies = fetchTaxonomies()
markdown = generateMarkdown(taxonomies)
saveMarkdown(markdown)
awesomePrint('> Markdown saved!')

3
vocabulaire-des-probabilites-estimatives/machinetag.json
View File

@ -38,10 +38,11 @@
"value": "degré-de-probabilité"
}
],
"version": 2,
"version": 3,
"description": "Ce vocabulaire attribue des valeurs en pourcentage à certains énoncés de probabilité",
"expanded": "Vocabulaire des probabilités estimatives",
"namespace": "vocabulaire-des-probabilites-estimatives",
"exclusive": true,
"refs": [
"http://publications.gc.ca/collections/collection_2013/sp-ps/PS64-106-2007-fra.pdf"
]

5
workflow/machinetag.json
View File

@ -2,7 +2,7 @@
"namespace": "workflow",
"expanded": "workflow to support analysis",
"description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.",
"version": 9,
"version": 10,
"predicates": [
{
"value": "todo",
@ -12,7 +12,8 @@
{
"value": "state",
"expanded": "State",
"description": "State are the different states of the information or data being tagged."
"description": "State are the different states of the information or data being tagged.",
"exclusive": true
}
],
"values": [