diff --git a/MANIFEST.json b/MANIFEST.json index e5949e5..c161894 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -75,6 +75,11 @@ "name": "cssa", "description": "The CSSA agreed sharing taxonomy." }, + { + "version": 1, + "name": "dcso-sharing", + "description": "DCSO Sharing Taxonomy to classify certain types of MISP events using the DCSO Event Guide" + }, { "version": 2, "name": "ddos", @@ -110,6 +115,11 @@ "name": "domain-abuse", "description": "Taxonomy to tag domain names used for cybercrime." }, + { + "version": 1, + "name": "drugs", + "description": "A taxonomy based on the superclass and class of drugs, based on https://www.drugbank.ca/releases/latest" + }, { "version": 1, "name": "ecsirt", @@ -301,7 +311,7 @@ "description": "Sectors and sub sectors as identified by the NIS Directive." }, { - "version": 1, + "version": 2, "name": "economical-impact", "description": "Economical impact is a taxonomy to describe the financial impact as positive or negative gain to the tagged information." }, @@ -406,14 +416,39 @@ "description": "The Use Case Applicability categories reflect standard resolution categories, to clearly display alerting rule configuration problems." }, { - "version": 2, + "version": 5, "name": "exercise", - "description": "Exercise is a taxonomy to describe if the information is part of one or more cyber or crisis exercise" + "description": "Exercise is a taxonomy to describe if the information is part of one or more cyber or crisis exercise." + }, + { + "version": 1, + "name": "data-classification", + "description": "Data classification for data potentially at risk of exfiltration based on table 2.1 of Solving Cyber Risk book." + }, + { + "version": 1, + "name": "type", + "description": "Taxonomy to describe different types of intelligence gathering discipline which can be described the origin of intelligence." + }, + { + "version": 1, + "name": "information-security-data-source", + "description": "Taxonomy to classify the information security data sources" + }, + { + "version": 1, + "name": "cryptocurrency-threat", + "description": "Threats targetting cryptocurrency, based on CipherTrace report." + }, + { + "version": 1, + "name": "flesch-reading-ease", + "description": "Flesch Reading Ease is a revised system for determining the comprehension difficulty of written material. The scoring of the flesh score can have a maximum of 121.22 and there is no limit on how low a score can be (negative score are valid)." } ], "path": "machinetag.json", "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/", "description": "Manifest file of MISP taxonomies available.", "license": "CC-0", - "version": "20181127" + "version": "20190315" } diff --git a/README.md b/README.md index d685ab7..d8cd93c 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,7 @@ The following taxonomies are described: - [Cyber Kill Chain](./kill-chain) from Lockheed Martin - [The Cyber Threat Framework](./cyber-threat-framework) was developed by the US Government to enable consistent characterization and categorization of cyber threat events, and to identify trends or changes in the activities of cyber adversaries. - DE German (DE) [Government classification markings (VS)](./de-vs) +- [DCSO Sharing Taxonomy](./dcso-sharing) - DCSO Sharing Taxonomy to classify certain types of MISP events using the DCSO Event Guide - [DHS CIIP Sectors](./dhs-ciip-sectors) - [Diamond Model for Intrusion Analysis](./diamond-model) - [Detection Maturity Level](./DML) diff --git a/cryptocurrency-threat/machinetag.json b/cryptocurrency-threat/machinetag.json index 10ade27..8bba8fa 100644 --- a/cryptocurrency-threat/machinetag.json +++ b/cryptocurrency-threat/machinetag.json @@ -46,5 +46,5 @@ ], "refs": [ "https://ciphertrace.com/wp-content/uploads/2019/01/crypto_aml_report_2018q4.pdf" - ], + ] } diff --git a/data-classification/machinetag.json b/data-classification/machinetag.json new file mode 100644 index 0000000..fd9ddcf --- /dev/null +++ b/data-classification/machinetag.json @@ -0,0 +1,36 @@ +{ + "predicates": [ + { + "description": "Data which is regulated under a specific regulation or law such as PII, SPD, PCI or PHI.", + "expanded": "Regulated data", + "value": "regulated-data" + }, + { + "description": "Data which represents a specific commercial value and is confidential to an organisation such as trade secrets, customer accounts.", + "expanded": "Commercially confidential information (CCI)", + "value": "commercially-confidential-information" + }, + { + "description": "Data which represents a specific financial value to an organisation such as payroll, investment information.", + "expanded": "Financially sensitive information (FSI)", + "value": "financially-sensitive-information" + }, + { + "description": "Data which is sensitive to the valuation of an organisation such as inside information (as defined by a Financial Services Authority).", + "expanded": "Valuation sensitive information (VSI)", + "value": "valuation-sensitive-information" + }, + { + "description": "Data which is sensitive such as email or letters.", + "expanded": "Sensitive information", + "value": "sensitive-information" + } + ], + "refs": [ + "https://www.wiley.com/en-be/Solving+Cyber+Risk:+Protecting+Your+Company+and+Society-p-9781119490920" + ], + "version": 1, + "description": "Data classification for data potentially at risk of exfiltration based on table 2.1 of Solving Cyber Risk book.", + "expanded": "Data Classification", + "namespace": "data-classification" +} diff --git a/dcso-sharing/machinetag.json b/dcso-sharing/machinetag.json new file mode 100644 index 0000000..49a9c8c --- /dev/null +++ b/dcso-sharing/machinetag.json @@ -0,0 +1,42 @@ +{ + "namespace": "dcso-sharing", + "description": "Taxonomy defined in the DCSO MISP Event Guide. It provides guidance for the creation and consumption of MISP events in a way that minimises the extra effort for the sending party, while enhancing the usefulness for receiving parties.", + "version": 1, + "predicates": [ + { + "value": "event-type" + } + ], + "values": [ + { + "predicate": "event-type", + "entry": [ + { + "value": "Observation", + "expanded": "This event describes traits and indicators closely related to a single entity, like an email campaign or sighting of a reference sample on VirusTotal. Events of this type are typically created by CSOC staff and may be verified by analysts. Observed and verified indicators would be consumed by automated filtering systems in order to support near-time threat prevention. In retrospect, observations could be correlated with reports and analysis events in order to help understand the motivation for an attack and to reassess the associated risk.", + "colour": "#00233e" + }, + { + "value": "Incident", + "expanded": "This event describes traits and indicators related to a security incident. As such, the event may refer to multiple entities like organizations, bank account numbers, files, and URLs. Events of this type contain first-hand information, that is, the reporting organization took part in the analysis of the incident. Use event type \"Report\" for second-hand information. Events of this type are typically created and consumed by analysts.", + "colour": "#005d81" + }, + { + "value": "Report", + "expanded": "Traceability of indicators can be essential to document compliance of processes with legal obligations or company regulations. This event preserves a report to document the origin and context of indicators. Events of this type need to be checked by a human to ensure correct reproduction of indicators and context. Intended consumers are automated processes. Events may also serve as a basis for analysis reports or to justify preventive measures. If your organization is or was directly involved in an incident and you want to provide a first-hand account, then please use event type \"Incident\" instead.", + "colour": "#3f97b8" + }, + { + "value": "Analysis", + "expanded": "This event builds on \"observation\", \"incident\", and \"report\" events; adds enrichments; and provides context. Events of this type will be created by analysts with support by automated tools. Analysts are also the main consumers.", + "colour": "#5a8915" + }, + { + "value": "Collection", + "expanded": "This event collects unrelated IoCs. For example, an event could combine all network IoCs that were learned of during a day or a week from events of other types.", + "colour": "#94a850" + } + ] + } + ] +} diff --git a/drugs/machinetag.json b/drugs/machinetag.json new file mode 100644 index 0000000..ca85436 --- /dev/null +++ b/drugs/machinetag.json @@ -0,0 +1,1384 @@ +{ + "namespace": "drugs", + "description": "A taxonomy based on the superclass and class of drugs. Based on https://www.drugbank.ca/releases/latest", + "version": 2, + "predicates": [ + { + "value": "alkaloids-and-derivatives", + "expanded": "Alkaloids and derivatives" + }, + { + "value": "benzenoids", + "expanded": "Benzenoids" + }, + { + "value": "homogeneous-metal-compounds", + "expanded": "Homogeneous metal compounds" + }, + { + "value": "homogeneous-non-metal-compounds", + "expanded": "Homogeneous non-metal compounds" + }, + { + "value": "hydrocarbons", + "expanded": "Hydrocarbons" + }, + { + "value": "hydrocarbon-derivatives", + "expanded": "Hydrocarbon derivatives" + }, + { + "value": "lignans,-neolignans-and-related-compounds", + "expanded": "Lignans, neolignans and related compounds" + }, + { + "value": "lipids-and-lipid-like-molecules", + "expanded": "Lipids and lipid-like molecules" + }, + { + "value": "mixed-metal/non-metal-compounds", + "expanded": "Mixed metal/non-metal compounds" + }, + { + "value": "nucleosides,-nucleotides,-and-analogues", + "expanded": "Nucleosides, nucleotides, and analogues" + }, + { + "value": "organic-1,3-dipolar-compounds", + "expanded": "Organic 1,3-dipolar compounds" + }, + { + "value": "organic-acids-and-derivatives", + "expanded": "Organic acids and derivatives" + }, + { + "value": "organic-acids", + "expanded": "Organic Acids" + }, + { + "value": "organic-nitrogen-compounds", + "expanded": "Organic nitrogen compounds" + }, + { + "value": "organic-oxygen-compounds", + "expanded": "Organic oxygen compounds" + }, + { + "value": "organic-polymers", + "expanded": "Organic Polymers" + }, + { + "value": "organic-salts", + "expanded": "Organic salts" + }, + { + "value": "organohalogen-compounds", + "expanded": "Organohalogen compounds" + }, + { + "value": "organoheterocyclic-compounds", + "expanded": "Organoheterocyclic compounds" + }, + { + "value": "organometallic-compounds", + "expanded": "Organometallic compounds" + }, + { + "value": "organophosphorus-compounds", + "expanded": "Organophosphorus compounds" + }, + { + "value": "organosulfur-compounds", + "expanded": "Organosulfur compounds" + }, + { + "value": "phenylpropanoids-and-polyketides", + "expanded": "Phenylpropanoids and polyketides" + } + ], + "values": [ + { + "predicate": "alkaloids-and-derivatives", + "entry": [ + { + "value": "ajmaline-sarpagine-alkaloids", + "expanded": "Ajmaline-sarpagine alkaloids" + }, + { + "value": " allocolchicine-alkaloids", + "expanded": " Allocolchicine alkaloids" + }, + { + "value": " Amaryllidaceae alkaloids", + "expanded": " Amaryllidaceae alkaloids" + }, + { + "value": "aporphines", + "expanded": "Aporphines" + }, + { + "value": "camptothecins", + "expanded": "Camptothecins" + }, + { + "value": "cephalotaxus-alkaloids", + "expanded": "Cephalotaxus alkaloids" + }, + { + "value": "cinchona-alkaloids", + "expanded": "Cinchona alkaloids" + }, + { + "value": "eburnan-type-alkaloids", + "expanded": "Eburnan-type alkaloids" + }, + { + "value": "epibatidine-analogues", + "expanded": "Epibatidine analogues" + }, + { + "value": "ergoline-and-derivatives", + "expanded": "Ergoline and derivatives" + }, + { + "value": "harmala-alkaloids", + "expanded": "Harmala alkaloids" + }, + { + "value": "ibogan-type-alkaloids", + "expanded": "Ibogan-type alkaloids" + }, + { + "value": "lupin-alkaloids", + "expanded": "Lupin alkaloids" + }, + { + "value": "morphinans", + "expanded": "Morphinans" + }, + { + "value": "phthalide-isoquinolines", + "expanded": "Phthalide isoquinolines" + }, + { + "value": "protoberberine-alkaloids-and-derivatives", + "expanded": "Protoberberine alkaloids and derivatives" + }, + { + "value": "tropane-alkaloids", + "expanded": "Tropane alkaloids" + }, + { + "value": "vinca-alkaloids", + "expanded": "Vinca alkaloids" + }, + { + "value": "yohimbine-alkaloids", + "expanded": "Yohimbine alkaloids" + } + ] + }, + { + "predicate": "benzenoids", + "entry": [ + { + "value": "anthracenes", + "expanded": "Anthracenes" + }, + { + "value": "benzene-and-substituted-derivatives", + "expanded": "Benzene and substituted derivatives" + }, + { + "value": "dibenzocycloheptenes", + "expanded": "Dibenzocycloheptenes" + }, + { + "value": "fluorenes", + "expanded": "Fluorenes" + }, + { + "value": "indanes", + "expanded": "Indanes" + }, + { + "value": "indenes-and-isoindenes", + "expanded": "Indenes and isoindenes" + }, + { + "value": "naphthacenes", + "expanded": "Naphthacenes" + }, + { + "value": "phenanthrenes-and-derivatives", + "expanded": "Phenanthrenes and derivatives" + }, + { + "value": "phenol-esters", + "expanded": "Phenol esters" + }, + { + "value": "phenol-ethers", + "expanded": "Phenol ethers" + }, + { + "value": "phenols", + "expanded": "Phenols" + }, + { + "value": "pyrenes", + "expanded": "Pyrenes" + }, + { + "value": "tetralins", + "expanded": "Tetralins" + }, + { + "value": "triphenyl-compounds", + "expanded": "Triphenyl compounds" + } + ] + }, + { + "predicate": "homogeneous-metal-compounds", + "entry": [ + { + "value": "homogeneous-actinide-compounds", + "expanded": "Homogeneous actinide compounds" + }, + { + "value": "homogeneous-alkali-metal-compounds", + "expanded": "Homogeneous alkali metal compounds" + }, + { + "value": "homogeneous-alkaline-earth-metal-compounds", + "expanded": "Homogeneous alkaline earth metal compounds" + }, + { + "value": "homogeneous-lanthanide-compounds", + "expanded": "Homogeneous lanthanide compounds" + }, + { + "value": "homogeneous-metalloid-compounds", + "expanded": "Homogeneous metalloid compounds" + }, + { + "value": "homogeneous-post-transition-metal-compounds", + "expanded": "Homogeneous post-transition metal compounds" + }, + { + "value": "homogeneous-transition-metal-compounds", + "expanded": "Homogeneous transition metal compounds" + } + ] + }, + { + "predicate": "homogeneous-non-metal-compounds", + "entry": [ + { + "value": "halogen-organides", + "expanded": "Halogen organides" + }, + { + "value": "homogeneous-halogens", + "expanded": "Homogeneous halogens" + }, + { + "value": "homogeneous-noble-gases", + "expanded": "Homogeneous noble gases" + }, + { + "value": "homogeneous-other-non-metal-compounds", + "expanded": "Homogeneous other non-metal compounds" + }, + { + "value": "non-metal-oxoanionic-compounds", + "expanded": "Non-metal oxoanionic compounds" + }, + { + "value": "other-non-metal-halides", + "expanded": "Other non-metal halides" + }, + { + "value": "other-non-metal-organides", + "expanded": "Other non-metal organides" + } + ] + }, + { + "predicate": "hydrocarbons", + "entry": [ + { + "value": "polycyclic-hydrocarbons", + "expanded": "Polycyclic hydrocarbons" + } + ] + }, + { + "predicate": "hydrocarbon-derivatives", + "entry": [ + { + "value": "tropones", + "expanded": "Tropones" + } + ] + }, + { + "predicate": "lignans,-neolignans-and-related-compounds", + "entry": [ + { + "value": "aryltetralin-lignans", + "expanded": "Aryltetralin lignans" + }, + { + "value": "dibenzylbutane-lignans", + "expanded": "Dibenzylbutane lignans" + }, + { + "value": "flavonolignans", + "expanded": "Flavonolignans" + }, + { + "value": "furanoid-lignans", + "expanded": "Furanoid lignans" + }, + { + "value": "lignan-lactones", + "expanded": "Lignan lactones" + } + ] + }, + { + "predicate": "lipids-and-lipid-like-molecules", + "entry": [ + { + "value": "fatty-acyls", + "expanded": "Fatty Acyls" + }, + { + "value": "glycero-3-dithiophosphocholines", + "expanded": "Glycero-3-dithiophosphocholines" + }, + { + "value": "glycerolipids", + "expanded": "Glycerolipids" + }, + { + "value": "glycerophospholipids", + "expanded": "Glycerophospholipids" + }, + { + "value": "prenol-lipids", + "expanded": "Prenol lipids" + }, + { + "value": "saccharolipids", + "expanded": "Saccharolipids" + }, + { + "value": "s-alkyl-coas", + "expanded": "S-alkyl-CoAs" + }, + { + "value": "sphingolipids", + "expanded": "Sphingolipids" + }, + { + "value": "steroids-and-steroid-derivatives", + "expanded": "Steroids and steroid derivatives" + } + ] + }, + { + "predicate": "mixed-metal/non-metal-compounds", + "entry": [ + { + "value": "alkali-metal-organides", + "expanded": "Alkali metal organides" + }, + { + "value": "alkali-metal-oxoanionic-compounds", + "expanded": "Alkali metal oxoanionic compounds" + }, + { + "value": "alkali-metal-salts", + "expanded": "Alkali metal salts" + }, + { + "value": "alkaline-earth-metal-organides", + "expanded": "Alkaline earth metal organides" + }, + { + "value": "alkaline-earth-metal-oxoanionic-compounds", + "expanded": "Alkaline earth metal oxoanionic compounds" + }, + { + "value": "alkaline-earth-metal-salts", + "expanded": "Alkaline earth metal salts" + }, + { + "value": "metalloid-organides", + "expanded": "Metalloid organides" + }, + { + "value": "metalloid-oxoanionic-compounds", + "expanded": "Metalloid oxoanionic compounds" + }, + { + "value": "miscellaneous-mixed-metal/non-metals", + "expanded": "Miscellaneous mixed metal/non-metals" + }, + { + "value": "other-mixed-metal/non-metal-oxoanionic-compounds", + "expanded": "Other mixed metal/non-metal oxoanionic compounds" + }, + { + "value": "post-transition-metal-organides", + "expanded": "Post-transition metal organides" + }, + { + "value": "post-transition-metal-oxoanionic-compounds", + "expanded": "Post-transition metal oxoanionic compounds" + }, + { + "value": "post-transition-metal-salts", + "expanded": "Post-transition metal salts" + }, + { + "value": "transition-metal-organides", + "expanded": "Transition metal organides" + }, + { + "value": "transition-metal-oxoanionic-compounds", + "expanded": "Transition metal oxoanionic compounds" + }, + { + "value": "transition-metal-salts", + "expanded": "Transition metal salts" + } + ] + }, + { + "predicate": "nucleosides,-nucleotides,-and-analogues", + "entry": [ + { + "value": "2',3'-dideoxy-3'-thionucleoside-monophosphates", + "expanded": "2',3'-dideoxy-3'-thionucleoside monophosphates" + }, + { + "value": "2',5'-dideoxyribonucleosides", + "expanded": "2',5'-dideoxyribonucleosides" + }, + { + "value": "(3'->5')-dinucleotides-and-analogues", + "expanded": "(3'->5')-dinucleotides and analogues" + }, + { + "value": "5'-deoxyribonucleosides", + "expanded": "5'-deoxyribonucleosides" + }, + { + "value": "(5'->5')-dinucleotides", + "expanded": "(5'->5')-dinucleotides" + }, + { + "value": "benzimidazole-ribonucleosides-and-ribonucleotides", + "expanded": "Benzimidazole ribonucleosides and ribonucleotides" + }, + { + "value": "flavin-nucleotides", + "expanded": "Flavin nucleotides" + }, + { + "value": "glycinamide-ribonucleotides", + "expanded": "Glycinamide ribonucleotides" + }, + { + "value": "imidazole[4,5-c]pyridine-ribonucleosides-and-ribonucleotides", + "expanded": "Imidazole[4,5-c]pyridine ribonucleosides and ribonucleotides" + }, + { + "value": "imidazole-ribonucleosides-and-ribonucleotides", + "expanded": "Imidazole ribonucleosides and ribonucleotides" + }, + { + "value": "molybdopterin-dinucleotides", + "expanded": "Molybdopterin dinucleotides" + }, + { + "value": "nucleoside-and-nucleotide-analogues", + "expanded": "Nucleoside and nucleotide analogues" + }, + { + "value": "purine-nucleosides", + "expanded": "Purine nucleosides" + }, + { + "value": "pyrazolo[3,4-d]pyrimidine-glycosides", + "expanded": "Pyrazolo[3,4-d]pyrimidine glycosides" + }, + { + "value": "pyridine-nucleotides", + "expanded": "Pyridine nucleotides" + }, + { + "value": "pyrimidine-nucleosides", + "expanded": "Pyrimidine nucleosides" + }, + { + "value": "pyrimidine-nucleotides", + "expanded": "Pyrimidine nucleotides" + }, + { + "value": "pyrrolopyrimidine-nucleosides-and-nucleotides", + "expanded": "Pyrrolopyrimidine nucleosides and nucleotides" + }, + { + "value": "ribonucleoside-3'-phosphates", + "expanded": "Ribonucleoside 3'-phosphates" + }, + { + "value": "triazole-ribonucleosides-and-ribonucleotides", + "expanded": "Triazole ribonucleosides and ribonucleotides" + } + ] + }, + { + "predicate": "organic-1,3-dipolar-compounds", + "entry": [ + { + "value": "allyl-type-1,3-dipolar-organic-compounds", + "expanded": "Allyl-type 1,3-dipolar organic compounds" + } + ] + }, + { + "predicate": "organic-acids-and-derivatives", + "entry": [ + { + "value": "boronic-acid-derivatives", + "expanded": "Boronic acid derivatives" + }, + { + "value": "carboximidic-acids-and-derivatives", + "expanded": "Carboximidic acids and derivatives" + }, + { + "value": "carboxylic-acids-and-derivatives", + "expanded": "Carboxylic acids and derivatives" + }, + { + "value": "hydroxy-acids-and-derivatives", + "expanded": "Hydroxy acids and derivatives" + }, + { + "value": "keto-acids-and-derivatives", + "expanded": "Keto acids and derivatives" + }, + { + "value": "organic-carbonic-acids-and-derivatives", + "expanded": "Organic carbonic acids and derivatives" + }, + { + "value": "organic-phosphonic-acids-and-derivatives", + "expanded": "Organic phosphonic acids and derivatives" + }, + { + "value": "organic-phosphoric-acids-and-derivatives", + "expanded": "Organic phosphoric acids and derivatives" + }, + { + "value": "organic-sulfonic-acids-and-derivatives", + "expanded": "Organic sulfonic acids and derivatives" + }, + { + "value": "organic-sulfuric-acids-and-derivatives", + "expanded": "Organic sulfuric acids and derivatives" + }, + { + "value": "organic-thiophosphoric-acids-and-derivatives", + "expanded": "Organic thiophosphoric acids and derivatives" + }, + { + "value": "orthocarboxylic-acid-derivatives", + "expanded": "Orthocarboxylic acid derivatives" + }, + { + "value": "peptidomimetics", + "expanded": "Peptidomimetics" + }, + { + "value": "thiosulfinic-acid-esters", + "expanded": "Thiosulfinic acid esters" + } + ] + }, + { + "predicate": "organic-acids", + "entry": [ + { + "value": "carboxylic-acids-and-derivatives", + "expanded": "Carboxylic Acids and Derivatives" + } + ] + }, + { + "predicate": "organic-nitrogen-compounds", + "entry": [ + { + "value": "organonitrogen-compounds", + "expanded": "Organonitrogen compounds" + } + ] + }, + { + "predicate": "organic-oxygen-compounds", + "entry": [ + { + "value": "organic-oxides", + "expanded": "Organic oxides" + }, + { + "value": "organic-oxoanionic-compounds", + "expanded": "Organic oxoanionic compounds" + }, + { + "value": "organooxygen-compounds", + "expanded": "Organooxygen compounds" + } + ] + }, + { + "predicate": "organic-polymers", + "entry": [ + { + "value": "phosphorothioate-polynucleotides", + "expanded": "Phosphorothioate polynucleotides" + }, + { + "value": "polypeptides", + "expanded": "Polypeptides" + }, + { + "value": "polysaccharides", + "expanded": "Polysaccharides" + } + ] + }, + { + "predicate": "organic-salts", + "entry": [ + { + "value": "organic-metal-salts", + "expanded": "Organic metal salts" + } + ] + }, + { + "predicate": "organohalogen-compounds", + "entry": [ + { + "value": "acyl-halides", + "expanded": "Acyl halides" + }, + { + "value": "alkyl-halides", + "expanded": "Alkyl halides" + }, + { + "value": "aryl-halides", + "expanded": "Aryl halides" + }, + { + "value": "halohydrins", + "expanded": "Halohydrins" + }, + { + "value": "organochlorides", + "expanded": "Organochlorides" + }, + { + "value": "organofluorides", + "expanded": "Organofluorides" + }, + { + "value": "sulfonyl-halides", + "expanded": "Sulfonyl halides" + }, + { + "value": "vinyl-halides", + "expanded": "Vinyl halides" + } + ] + }, + { + "predicate": "organoheterocyclic-compounds", + "entry": [ + { + "value": "azaspirodecane-derivatives", + "expanded": "Azaspirodecane derivatives" + }, + { + "value": "azepanes", + "expanded": "Azepanes" + }, + { + "value": "azobenzenes", + "expanded": "Azobenzenes" + }, + { + "value": "azoles", + "expanded": "Azoles" + }, + { + "value": "azolidines", + "expanded": "Azolidines" + }, + { + "value": "azolines", + "expanded": "Azolines" + }, + { + "value": "benzazepines", + "expanded": "Benzazepines" + }, + { + "value": "benzimidazoles", + "expanded": "Benzimidazoles" + }, + { + "value": "benzisoxazoles", + "expanded": "Benzisoxazoles" + }, + { + "value": "benzocycloheptapyridines", + "expanded": "Benzocycloheptapyridines" + }, + { + "value": "benzodiazepines", + "expanded": "Benzodiazepines" + }, + { + "value": "benzodioxanes", + "expanded": "Benzodioxanes" + }, + { + "value": "benzodioxoles", + "expanded": "Benzodioxoles" + }, + { + "value": "benzofurans", + "expanded": "Benzofurans" + }, + { + "value": "benzopyrans", + "expanded": "Benzopyrans" + }, + { + "value": "benzopyrazoles", + "expanded": "Benzopyrazoles" + }, + { + "value": "benzothiadiazoles", + "expanded": "Benzothiadiazoles" + }, + { + "value": "benzothiazepines", + "expanded": "Benzothiazepines" + }, + { + "value": "benzothiazines", + "expanded": "Benzothiazines" + }, + { + "value": "benzothiazoles", + "expanded": "Benzothiazoles" + }, + { + "value": "benzothiepins", + "expanded": "Benzothiepins" + }, + { + "value": "benzothiophenes", + "expanded": "Benzothiophenes" + }, + { + "value": "benzothiopyrans", + "expanded": "Benzothiopyrans" + }, + { + "value": "benzotriazoles", + "expanded": "Benzotriazoles" + }, + { + "value": "benzoxadiazoles", + "expanded": "Benzoxadiazoles" + }, + { + "value": "benzoxazepines", + "expanded": "Benzoxazepines" + }, + { + "value": "benzoxazines", + "expanded": "Benzoxazines" + }, + { + "value": "benzoxazoles", + "expanded": "Benzoxazoles" + }, + { + "value": "benzoxepines", + "expanded": "Benzoxepines" + }, + { + "value": "bi--and-oligothiophenes", + "expanded": "Bi- and oligothiophenes" + }, + { + "value": "biotin-and-derivatives", + "expanded": "Biotin and derivatives" + }, + { + "value": "coumarans", + "expanded": "Coumarans" + }, + { + "value": "cycloheptapyrans", + "expanded": "Cycloheptapyrans" + }, + { + "value": "cycloheptathiophenes", + "expanded": "Cycloheptathiophenes" + }, + { + "value": "diazanaphthalenes", + "expanded": "Diazanaphthalenes" + }, + { + "value": "diazepanes", + "expanded": "Diazepanes" + }, + { + "value": "diazinanes", + "expanded": "Diazinanes" + }, + { + "value": "diazines", + "expanded": "Diazines" + }, + { + "value": "dihydrofurans", + "expanded": "Dihydrofurans" + }, + { + "value": "dihydroisoquinolines", + "expanded": "Dihydroisoquinolines" + }, + { + "value": "dihydrothiophenes", + "expanded": "Dihydrothiophenes" + }, + { + "value": "dioxaborolanes", + "expanded": "Dioxaborolanes" + }, + { + "value": "dioxanes", + "expanded": "Dioxanes" + }, + { + "value": "dioxolopyrans", + "expanded": "Dioxolopyrans" + }, + { + "value": "dithianes", + "expanded": "Dithianes" + }, + { + "value": "dithiolanes", + "expanded": "Dithiolanes" + }, + { + "value": "epoxides", + "expanded": "Epoxides" + }, + { + "value": "furans", + "expanded": "Furans" + }, + { + "value": "furofurans", + "expanded": "Furofurans" + }, + { + "value": "furopyrans", + "expanded": "Furopyrans" + }, + { + "value": "furopyridines", + "expanded": "Furopyridines" + }, + { + "value": "furopyrroles", + "expanded": "Furopyrroles" + }, + { + "value": "heteroaromatic-compounds", + "expanded": "Heteroaromatic compounds" + }, + { + "value": "imidazo[1,5-a]pyrazines", + "expanded": "Imidazo[1,5-a]pyrazines" + }, + { + "value": "imidazodiazepines", + "expanded": "Imidazodiazepines" + }, + { + "value": "imidazopyrazines", + "expanded": "Imidazopyrazines" + }, + { + "value": "imidazopyridines", + "expanded": "Imidazopyridines" + }, + { + "value": "imidazopyrimidines", + "expanded": "Imidazopyrimidines" + }, + { + "value": "imidazotetrazines", + "expanded": "Imidazotetrazines" + }, + { + "value": "imidazothiazoles", + "expanded": "Imidazothiazoles" + }, + { + "value": "indoles-and-derivatives", + "expanded": "Indoles and derivatives" + }, + { + "value": "indolizidines", + "expanded": "Indolizidines" + }, + { + "value": "isocoumarans", + "expanded": "Isocoumarans" + }, + { + "value": "isoindoles-and-derivatives", + "expanded": "Isoindoles and derivatives" + }, + { + "value": "isoquinolines-and-derivatives", + "expanded": "Isoquinolines and derivatives" + }, + { + "value": "isoxazolopyridines", + "expanded": "Isoxazolopyridines" + }, + { + "value": "lactams", + "expanded": "Lactams" + }, + { + "value": "lactones", + "expanded": "Lactones" + }, + { + "value": "metalloheterocyclic-compounds", + "expanded": "Metalloheterocyclic compounds" + }, + { + "value": "naphthofurans", + "expanded": "Naphthofurans" + }, + { + "value": "naphthopyrans", + "expanded": "Naphthopyrans" + }, + { + "value": "oxanes", + "expanded": "Oxanes" + }, + { + "value": "oxazaphosphinanes", + "expanded": "Oxazaphosphinanes" + }, + { + "value": "oxazinanes", + "expanded": "Oxazinanes" + }, + { + "value": "oxepanes", + "expanded": "Oxepanes" + }, + { + "value": "phenanthrolines", + "expanded": "Phenanthrolines" + }, + { + "value": "piperazinoazepines", + "expanded": "Piperazinoazepines" + }, + { + "value": "piperidines", + "expanded": "Piperidines" + }, + { + "value": "pteridines-and-derivatives", + "expanded": "Pteridines and derivatives" + }, + { + "value": "pyranodioxins", + "expanded": "Pyranodioxins" + }, + { + "value": "pyranopyridines", + "expanded": "Pyranopyridines" + }, + { + "value": "pyranopyrimidines", + "expanded": "Pyranopyrimidines" + }, + { + "value": "pyrans", + "expanded": "Pyrans" + }, + { + "value": "pyrazolopyridines", + "expanded": "Pyrazolopyridines" + }, + { + "value": "pyrazolopyrimidines", + "expanded": "Pyrazolopyrimidines" + }, + { + "value": "pyrazolotriazines", + "expanded": "Pyrazolotriazines" + }, + { + "value": "pyridines-and-derivatives", + "expanded": "Pyridines and derivatives" + }, + { + "value": "pyridopyrimidines", + "expanded": "Pyridopyrimidines" + }, + { + "value": "pyrroles", + "expanded": "Pyrroles" + }, + { + "value": "pyrrolidines", + "expanded": "Pyrrolidines" + }, + { + "value": "pyrrolines", + "expanded": "Pyrrolines" + }, + { + "value": "pyrrolizines", + "expanded": "Pyrrolizines" + }, + { + "value": "pyrroloazepines", + "expanded": "Pyrroloazepines" + }, + { + "value": "pyrrolopyrazines", + "expanded": "Pyrrolopyrazines" + }, + { + "value": "pyrrolopyrazoles", + "expanded": "Pyrrolopyrazoles" + }, + { + "value": "pyrrolopyridines", + "expanded": "Pyrrolopyridines" + }, + { + "value": "pyrrolopyrimidines", + "expanded": "Pyrrolopyrimidines" + }, + { + "value": "pyrrolotriazines", + "expanded": "Pyrrolotriazines" + }, + { + "value": "quinolines-and-derivatives", + "expanded": "Quinolines and derivatives" + }, + { + "value": "quinuclidines", + "expanded": "Quinuclidines" + }, + { + "value": "selenazoles", + "expanded": "Selenazoles" + }, + { + "value": "tetrahydrofurans", + "expanded": "Tetrahydrofurans" + }, + { + "value": "tetrahydroisoquinolines", + "expanded": "Tetrahydroisoquinolines" + }, + { + "value": "tetrapyrroles-and-derivatives", + "expanded": "Tetrapyrroles and derivatives" + }, + { + "value": "thiadiazinanes", + "expanded": "Thiadiazinanes" + }, + { + "value": "thiadiazines", + "expanded": "Thiadiazines" + }, + { + "value": "thianes", + "expanded": "Thianes" + }, + { + "value": "thiazepines", + "expanded": "Thiazepines" + }, + { + "value": "thiazinanes", + "expanded": "Thiazinanes" + }, + { + "value": "thiazines", + "expanded": "Thiazines" + }, + { + "value": "thienodiazepines", + "expanded": "Thienodiazepines" + }, + { + "value": "thienoimidazolidines", + "expanded": "Thienoimidazolidines" + }, + { + "value": "thienopyridines", + "expanded": "Thienopyridines" + }, + { + "value": "thienopyrimidines", + "expanded": "Thienopyrimidines" + }, + { + "value": "thienopyrroles", + "expanded": "Thienopyrroles" + }, + { + "value": "thienothiazines", + "expanded": "Thienothiazines" + }, + { + "value": "thiochromanes", + "expanded": "Thiochromanes" + }, + { + "value": "thiochromenes", + "expanded": "Thiochromenes" + }, + { + "value": "thiolanes", + "expanded": "Thiolanes" + }, + { + "value": "thiophenes", + "expanded": "Thiophenes" + }, + { + "value": "triazinanes", + "expanded": "Triazinanes" + }, + { + "value": "triazines", + "expanded": "Triazines" + }, + { + "value": "triazolopyrazines", + "expanded": "Triazolopyrazines" + }, + { + "value": "triazolopyridines", + "expanded": "Triazolopyridines" + }, + { + "value": "triazolopyrimidines", + "expanded": "Triazolopyrimidines" + }, + { + "value": "trioxanes", + "expanded": "Trioxanes" + } + ] + }, + { + "predicate": "organometallic-compounds", + "entry": [ + { + "value": "organometalloid-compounds", + "expanded": "Organometalloid compounds" + }, + { + "value": "organo-post-transition-metal-compounds", + "expanded": "Organo-post-transition metal compounds" + } + ] + }, + { + "predicate": "organophosphorus-compounds", + "entry": [ + { + "value": "organic-phosphines-and-derivatives", + "expanded": "Organic phosphines and derivatives" + }, + { + "value": "organophosphinic-acids-and-derivatives", + "expanded": "Organophosphinic acids and derivatives" + }, + { + "value": "organothiophosphorus-compounds", + "expanded": "Organothiophosphorus compounds" + } + ] + }, + { + "predicate": "organosulfur-compounds", + "entry": [ + { + "value": "isothioureas", + "expanded": "Isothioureas" + }, + { + "value": "organic-disulfides", + "expanded": "Organic disulfides" + }, + { + "value": "sulfonyls", + "expanded": "Sulfonyls" + }, + { + "value": "sulfoxides", + "expanded": "Sulfoxides" + }, + { + "value": "thiocarbonyl-compounds", + "expanded": "Thiocarbonyl compounds" + }, + { + "value": "thioethers", + "expanded": "Thioethers" + }, + { + "value": "thiols", + "expanded": "Thiols" + }, + { + "value": "thioureas", + "expanded": "Thioureas" + } + ] + }, + { + "predicate": "phenylpropanoids-and-polyketides", + "entry": [ + { + "value": "2-arylbenzofuran-flavonoids", + "expanded": "2-arylbenzofuran flavonoids" + }, + { + "value": "anthracyclines", + "expanded": "Anthracyclines" + }, + { + "value": "aurone-flavonoids", + "expanded": "Aurone flavonoids" + }, + { + "value": "cinnamic-acids-and-derivatives", + "expanded": "Cinnamic acids and derivatives" + }, + { + "value": "cinnamyl-alcohols", + "expanded": "Cinnamyl alcohols" + }, + { + "value": "coumarins-and-derivatives", + "expanded": "Coumarins and derivatives" + }, + { + "value": "depsides-and-depsidones", + "expanded": "Depsides and depsidones" + }, + { + "value": "diarylheptanoids", + "expanded": "Diarylheptanoids" + }, + { + "value": "flavonoids", + "expanded": "Flavonoids" + }, + { + "value": "isochromanequinones", + "expanded": "Isochromanequinones" + }, + { + "value": "isocoumarins-and-derivatives", + "expanded": "Isocoumarins and derivatives" + }, + { + "value": "isoflavonoids", + "expanded": "Isoflavonoids" + }, + { + "value": "linear-1,3-diarylpropanoids", + "expanded": "Linear 1,3-diarylpropanoids" + }, + { + "value": "macrolactams", + "expanded": "Macrolactams" + }, + { + "value": "macrolide-lactams", + "expanded": "Macrolide lactams" + }, + { + "value": "macrolides-and-analogues", + "expanded": "Macrolides and analogues" + }, + { + "value": "neoflavonoids", + "expanded": "Neoflavonoids" + }, + { + "value": "phenylpropanoic-acids", + "expanded": "Phenylpropanoic acids" + }, + { + "value": "saxitoxins,-gonyautoxins,-and-derivatives", + "expanded": "Saxitoxins, gonyautoxins, and derivatives" + }, + { + "value": "stilbenes", + "expanded": "Stilbenes" + }, + { + "value": "tannins", + "expanded": "Tannins" + }, + { + "value": "tetracyclines", + "expanded": "Tetracyclines" + } + ] + } + ] +} diff --git a/economical-impact/machinetag.json b/economical-impact/machinetag.json index 0ef663b..2150dc8 100644 --- a/economical-impact/machinetag.json +++ b/economical-impact/machinetag.json @@ -1,8 +1,8 @@ { "namespace": "economical-impact", "expanded": " Economical Impact", - "description": "Economical impact is a taxonomy to describe the financial impact as positive or negative gain to the tagged information.", - "version": 1, + "description": "Economical impact is a taxonomy to describe the financial impact as positive or negative gain to the tagged information (e.g. data exfiltration loss, a positive gain for an adversary).", + "version": 2, "refs": [ "https://www.misp-project.org/" ], @@ -28,7 +28,23 @@ }, { "value": "less-than-1M-euro", - "expanded": "Less than EUR 1 000 000" + "expanded": "Less than 1 million EUR" + }, + { + "value": "less-than-10M-euro", + "expanded": "Less than 10 million EUR" + }, + { + "value": "less-than-100M-euro", + "expanded": "Less than 100 million EUR" + }, + { + "value": "less-than-1B-euro", + "expanded": "Less than 1 billion EUR" + }, + { + "value": "more-than-1B-euro", + "expanded": "More than 1 billion EUR" } ] }, @@ -53,7 +69,23 @@ }, { "value": "less-than-1M-euro", - "expanded": "Less than EUR 1 000 000" + "expanded": "Less than 1 million EUR" + }, + { + "value": "less-than-10M-euro", + "expanded": "Less than 10 million EUR" + }, + { + "value": "less-than-100M-euro", + "expanded": "Less than 100 million EUR" + }, + { + "value": "less-than-1B-euro", + "expanded": "Less than 1 billion EUR" + }, + { + "value": "more-than-1B-euro", + "expanded": "More than 1 billion EUR" } ] } diff --git a/exercise/machinetag.json b/exercise/machinetag.json index be5ec65..bb40057 100644 --- a/exercise/machinetag.json +++ b/exercise/machinetag.json @@ -29,6 +29,11 @@ "description": "NATO-EU Parallel and Coordinated Exercise. PACE focuses on four key areas, namely situational awareness, effectiveness of our instruments to counter cyber threats at EU level, speed of reaction and appropriate reactivity of our crisis response mechanisms, as well as our capacity to communicate fast and in a coordinated way.", "expanded": "PACE", "value": "pace" + }, + { + "description": "Cyber SOPEx (formerly known as EuroSOPEx) is the first step in a series of ENISA exercises focusing on training the participants on situational awareness, information sharing, understanding roles and responsibilities and utilising related tools, as agreed by the CSIRTs Network", + "expanded": "Cyber SOPEx", + "value": "cyber-sopex" } ], "values": [ @@ -69,6 +74,11 @@ "value": "2018", "expanded": "2018", "description": "Locked Shields 2018" + }, + { + "value": "2019", + "expanded": "2019", + "description": "Locked Shields 2019" } ] }, @@ -110,9 +120,22 @@ "expanded": "2018" } ] + }, + { + "predicate": "cyber-sopex", + "entry": [ + { + "value": "2019", + "expanded": "2019" + }, + { + "value": "2018", + "expanded": "2018" + } + ] } ], - "version": 3, + "version": 5, "description": "Exercise is a taxonomy to describe if the information is part of one or more cyber or crisis exercise.", "expanded": "Exercise", "namespace": "exercise" diff --git a/flesch-reading-ease/machinetag.json b/flesch-reading-ease/machinetag.json new file mode 100644 index 0000000..b91afb9 --- /dev/null +++ b/flesch-reading-ease/machinetag.json @@ -0,0 +1,60 @@ +{ + "namespace": "flesch-reading-ease", + "description": "Flesch Reading Ease is a revised system for determining the comprehension difficulty of written material. The scoring of the flesh score can have a maximum of 121.22 and there is no limit on how low a score can be (negative score are valid).", + "version": 1, + "predicates": [ + { + "value": "score", + "expanded": "Score" + } + ], + "values": [ + { + "predicate": "score", + "entry": [ + { + "value": "90-100", + "expanded": "Very Easy", + "description": "Very easy to read. Easily understood by an average 11-year-old student.", + "numerical_value": 100 + }, + { + "value": "80-89", + "expanded": "Easy", + "description": "Easy to read. Conversational English for consumers.", + "numerical_value": 89 + }, + { + "value": "70-79", + "expanded": "Fairly Easy", + "description": "Fairly easy to read.", + "numerical_value": 79 + }, + { + "value": "60-69", + "expanded": "Standard", + "description": "Plain English. Easily understood by 13- to 15-year-old students.", + "numerical_value": 69 + }, + { + "value": "50-59", + "expanded": "Fairly Difficult", + "description": "Fairly difficult to read.", + "numerical_value": 59 + }, + { + "value": "30-49", + "expanded": "Difficult", + "description": "Difficult to read.", + "numerical_value": 49 + }, + { + "value": "0-29", + "expanded": "Very Confusing", + "description": "Very difficult to read. Best understood by university graduates.", + "numerical_value": 29 + } + ] + } + ] +} diff --git a/information-security-data-source/machinetag.json b/information-security-data-source/machinetag.json new file mode 100644 index 0000000..e989507 --- /dev/null +++ b/information-security-data-source/machinetag.json @@ -0,0 +1,258 @@ +{ + "namespace": "information-security-data-source", + "description": "Taxonomy to classify the information security data sources.", + "refs": [ + "https://www.sciencedirect.com/science/article/pii/S0167404818304978" + ], + "version": 1, + "predicates": [ + { + "value": "type-of-information", + "expanded": "Type of information", + "description": "Type of provided information" + }, + { + "value": "originality", + "expanded": "Originality", + "description": "Originality and novelty of the provided information" + }, + { + "value": "timeliness-sharing-behavior", + "expanded": "Timeliness sharing behavior", + "description": "Timeliness of the provided information" + }, + { + "value": "integrability-format", + "expanded": "Integrability format", + "description": "Level of integrability format for the provided information" + }, + { + "value": "integrability-interface", + "expanded": "Integrability interface", + "description": "Level of integrability interface for the provided information" + }, + { + "value": "trustworthiness-creditabilily", + "expanded": "Trustworthiness creditability", + "description": "Source of the creditability" + }, + { + "value": "trustworthiness-traceability", + "expanded": "Trustworthiness traceability", + "description": "Traceability of the provided information" + }, + { + "value": "trustworthiness-feedback-mechanism", + "expanded": "Trustworthiness feedback mechanism", + "description": "Feedback such as user ratings or comments regarding the usefulness of the provided information" + }, + { + "value": "type-of-source", + "expanded": "Type of source", + "description": "Types of information security data source" + } + ], + "values": [ + { + "predicate": "type-of-information", + "entry": [ + { + "value": "vulnerability", + "expanded": "Vulnerability", + "description": "Information regarding a weakness of an asset which might be exploited by a threat" + }, + { + "value": "threat", + "expanded": "Threat", + "description": "Information regarding the potential cause on an unwanted incident" + }, + { + "value": "countermeasure", + "expanded": "Countermeasure", + "description": "Information regarding any administrative, managerial, technical or legal control that is used to counteract an information security risk" + }, + { + "value": "attack", + "expanded": "Attack", + "description": "Information regarding any unauthorized attempt to access, alter or destroy an asset" + }, + { + "value": "risk", + "expanded": "Risk", + "description": "Information describing the consequences of a potential event, such as an attack" + }, + { + "value": "asset", + "expanded": "Asset", + "description": "Information regarding any object or characteristic that has value to an organization" + } + ] + }, + { + "predicate": "originality", + "entry": [ + { + "value": "original-source", + "expanded": "Original source", + "description": "Information originates from the data sources which publish their own information" + }, + { + "value": "secondary-source", + "expanded": "Secondary source", + "description": "Information is integrated or copied from another information security data source" + } + ] + }, + { + "predicate": "timeliness-sharing-behavior", + "entry": [ + { + "value": "routine-sharing", + "expanded": "Routine sharing", + "description": "Information is published at a specific point in time on a regular basis, such as daily, weakly or monthly reports" + }, + { + "value": "incident-specific", + "expanded": "Incident specific", + "description": "Information is published whenever news are available or a new incident occurs" + } + ] + }, + { + "predicate": "integrability-format", + "entry": [ + { + "value": "structured", + "expanded": "Structured", + "description": "The provided security information is available in an standardized and structured data format such as MISP core format" + }, + { + "value": "unstructured", + "expanded": "Unstructured", + "description": "The provided security information is available in unstructured form without following a common data representation format" + } + ] + }, + { + "predicate": "integrability-interface", + "entry": [ + { + "value": "no-interface", + "expanded": "No interface", + "description": "The information security data source doesn’t provide any interface to access the information" + }, + { + "value": "api", + "expanded": "API", + "description": "The information security data source provides an application programming interface (APIs) to obtain the provided information" + }, + { + "value": "rss-feeds", + "expanded": "RSS Feeds", + "description": "The information security data source provides an RSS Feed to keep track of the provided information" + }, + { + "value": "export", + "expanded": "Export", + "description": "The information security data source provides an interface to export contents as XML, JSON or plain text" + } + ] + }, + { + "predicate": "trustworthiness-creditabilily", + "entry": [ + { + "value": "vendor", + "expanded": "Vendor", + "description": "The publisher of the information is a vendor" + }, + { + "value": "government", + "expanded": "Government", + "description": "The publisher of the information is a government" + }, + { + "value": "security-expert", + "expanded": "Security expert", + "description": "The publisher of the information is a security expert" + }, + { + "value": "normal-user", + "expanded": "Normal user", + "description": "The publisher of the information is a normal user" + } + ] + }, + { + "predicate": "trustworthiness-traceability", + "entry": [ + { + "value": "yes", + "expanded": "Yes", + "description": "The provided information is classified as traceable if it can be traced back, based on meta-data, to a specific publisher and a publishing date" + }, + { + "value": "no", + "expanded": "No", + "description": "The provided information cannot be traced back (meta-data are not provided)" + } + ] + }, + { + "predicate": "trustworthiness-feedback-mechanism", + "entry": [ + { + "value": "yes", + "expanded": "Yes", + "description": "The provided information is validated by including user rating, comments or additional analysis" + }, + { + "value": "no", + "expanded": "No", + "description": "The provided information is not validated (a user rating, comments is not available)" + } + ] + }, + { + "predicate": "type-of-source", + "entry": [ + { + "value": "news-website", + "expanded": "News website" + }, + { + "value": "expert-blog", + "expanded": "Expert blog" + }, + { + "value": "security-product-vendor-website", + "expanded": "(Security product) vendor website" + }, + { + "value": "vulnerability-database", + "expanded": "Vulnerability database" + }, + { + "value": "mailing-list-archive", + "expanded": "Mailing list archive" + }, + { + "value": "social-network", + "expanded": "Social network" + }, + { + "value": "streaming-portal", + "expanded": "Streaming portal" + }, + { + "value": "forum", + "expanded": "Forum" + }, + { + "value": "other", + "expanded": "Other" + } + ] + } + ] +} diff --git a/passivetotal/machinetag.json b/passivetotal/machinetag.json index 58217c2..0138045 100644 --- a/passivetotal/machinetag.json +++ b/passivetotal/machinetag.json @@ -2,15 +2,15 @@ "namespace": "passivetotal", "expanded": "PassiveTotal", "description": "Tags from RiskIQ's PassiveTotal service", - "version": 1, + "version": 2, "predicates": [ { "value": "sinkholed", "expanded": "Sinkhole Status" }, { - "value": "ever-comprimised", - "expanded": "Ever Comprimised?" + "value": "ever-compromised", + "expanded": "Ever Compromised?" }, { "value": "dynamic-dns", @@ -36,7 +36,7 @@ ] }, { - "predicate": "ever-comprimised", + "predicate": "ever-compromised", "entry": [ { "value": "yes", diff --git a/tools/website-genlist.py b/tools/website-genlist.py new file mode 100644 index 0000000..4b5577c --- /dev/null +++ b/tools/website-genlist.py @@ -0,0 +1,9 @@ +import json +import os +import re +filename = os.path.join("../", "MANIFEST.json") +with open(filename) as fp: + t = json.load(fp) + +for taxo in sorted(t['taxonomies'], key=lambda k: k['name']): + print ("[{}](https://github.com/MISP/misp-taxonomies/tree/master/{}):\n: {}[HTML](https://www.misp-project.org/taxonomies.html#_{})\n".format(taxo['name'], taxo['name'], taxo['description'], re.sub(r'-', '_',taxo['name']))) diff --git a/type/machinetag.json b/type/machinetag.json index 6faf96f..38cb797 100644 --- a/type/machinetag.json +++ b/type/machinetag.json @@ -2,10 +2,61 @@ "predicates": [ { "expanded": "Open Source Intelligence", + "description": "gathered from open sources", "value": "OSINT" + }, + { + "expanded": "Signal Intelligence", + "description": "gathered from interception of signals", + "value": "SIGINT" + }, + { + "expanded": "Technical Intelligence", + "description": "gathered from analysis of weapons and equipment used by the armed forces of foreign nations, or environmental conditions", + "value": "TECHINT" + }, + { + "expanded": "Cyberspace Intelligence", + "description": "gathered from active or passive exploitation (CNE) in the cyberspace", + "value": "CYBINT" + }, + { + "expanded": "Digital Network Intelligence", + "description": "gathered from active or passive expoilation (CNE) in the digital network.", + "value": "DNINT" + }, + { + "expanded": "Human Intelligence", + "description": "gathered from a person in the location in question", + "value": "HUMINT" + }, + { + "expanded": "Medical Intelligence", + "description": "gathered from analysis of medical records and/or actual physiological examinations to determine health and/or particular ailments/allergetic conditions for consideration", + "value": "MEDINT" + }, + { + "expanded": "Geospatial Intelligence", + "description": "gathered from satellite, aerial photography, mapping/terrain data", + "value": "GEOINT" + }, + { + "expanded": "Imagery Intelligence", + "description": "gathered from satellite and aerial photography", + "value": "IMINT" + }, + { + "expanded": "Measurement and signature intelligence", + "description": "gathered from electro-optical, nuclear survey, geophysical measurements, radar, materials analysis", + "value": "MASINT" + }, + { + "expanded": "Financial Intelligence", + "description": "gathered from analysis of monetary or financial transactions", + "value": "FININT" } ], "version": 1, - "description": "Taxonomy to describe different types of data", + "description": "Taxonomy to describe different types of intelligence gathering discipline which can be described the origin of intelligence.", "namespace": "type" }