CSSA Taxonomy

Used by CSSA e.V. members to add the Class (quality of the data: High_class, Vetted, Unvetted) anbd the Origin of the data.
2017-08-15 15:30:24 +02:00 · 2017-08-15 15:30:24 +02:00 · 5743e9a7a1
parent 4859ea6318
commit 5743e9a7a1
1 changed files with 79 additions and 0 deletions
--- a/79
+++ b/79
@ -0,0 +1,79 @@
+{
+  "namespace": "cssa",
+  "description": "The CSSA agreed sharing taxonomy.",
+  "version": 1.3,
+
+  "predicates": [
+    {
+      "value": "sharing-class",
+      "expanded": "Sharing Class"
+    },
+    {
+      "value": "origin",
+      "expanded": "Origin"
+    }
+  ],
+
+ "values": [
+    {
+  "predicate": "sharing-class",
+  "entry": [
+    {
+      "value": "high_profile",
+      "expanded": "Generated within the company during incident/case related investigations or forensic analysis or via malware reversing, validated by humans and highly contextualized.",
+      "colour": "#007695"
+    },
+    {
+      "value": "vetted",
+      "expanded": "Generated within the company, validated by a human prior to sharing, data points have been contextualized (to a degree) e.g. IPs are related to C2 or drop site.",
+      "colour": "#008aaf"
+    },
+    {
+      "value": "unvetted",
+      "expanded": "Generated within the company by automated means without human interaction e.g., by malware sandbox, honeypots, IDS, etc.",
+      "colour": "#00b3e2"
+    }
+  ]
+},
+    {
+  "predicate": "origin",
+  "entry": [
+    {
+      "value": "manual_investigation",
+      "expanded": "Information gathered by an analyst/incident responder/forensic expert/etc.",
+      "colour": "#29775d"
+    },
+    {
+      "value": "honeypot",
+      "expanded": "Information coming out of honeypots.",
+      "colour": "#2f8a6c"
+    },
+    {
+      "value": "sandbox",
+      "expanded": "Information coming out of sandboxes.",
+      "colour": "#369d7b"
+    },
+    {
+      "value": "email",
+      "expanded": "Information coming out of email infrastructure.",
+      "colour": "#3cb08a"
+    },
+    {
+      "value": "3rd-party",
+      "expanded": "Information from outside the company.",
+      "colour": "#46c098"
+    },
+    {
+      "value": "other",
+      "expanded": "If none of the other origins applies.",
+      "colour": "#59c6a2"
+    },
+    {
+      "value": "unknown",
+      "expanded": "Origin of the data unknown.",
+      "colour": "#6ccdad"
+    }
+  ]
+}
+]
+}