CSSA Taxonomy
Used by CSSA e.V. members to add the Class (quality of the data: High_class, Vetted, Unvetted) anbd the Origin of the data.pull/73/head
parent
4859ea6318
commit
5743e9a7a1
|
@ -0,0 +1,79 @@
|
||||||
|
{
|
||||||
|
"namespace": "cssa",
|
||||||
|
"description": "The CSSA agreed sharing taxonomy.",
|
||||||
|
"version": 1.3,
|
||||||
|
|
||||||
|
"predicates": [
|
||||||
|
{
|
||||||
|
"value": "sharing-class",
|
||||||
|
"expanded": "Sharing Class"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "origin",
|
||||||
|
"expanded": "Origin"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
|
||||||
|
"values": [
|
||||||
|
{
|
||||||
|
"predicate": "sharing-class",
|
||||||
|
"entry": [
|
||||||
|
{
|
||||||
|
"value": "high_profile",
|
||||||
|
"expanded": "Generated within the company during incident/case related investigations or forensic analysis or via malware reversing, validated by humans and highly contextualized.",
|
||||||
|
"colour": "#007695"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "vetted",
|
||||||
|
"expanded": "Generated within the company, validated by a human prior to sharing, data points have been contextualized (to a degree) e.g. IPs are related to C2 or drop site.",
|
||||||
|
"colour": "#008aaf"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "unvetted",
|
||||||
|
"expanded": "Generated within the company by automated means without human interaction e.g., by malware sandbox, honeypots, IDS, etc.",
|
||||||
|
"colour": "#00b3e2"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"predicate": "origin",
|
||||||
|
"entry": [
|
||||||
|
{
|
||||||
|
"value": "manual_investigation",
|
||||||
|
"expanded": "Information gathered by an analyst/incident responder/forensic expert/etc.",
|
||||||
|
"colour": "#29775d"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "honeypot",
|
||||||
|
"expanded": "Information coming out of honeypots.",
|
||||||
|
"colour": "#2f8a6c"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "sandbox",
|
||||||
|
"expanded": "Information coming out of sandboxes.",
|
||||||
|
"colour": "#369d7b"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "email",
|
||||||
|
"expanded": "Information coming out of email infrastructure.",
|
||||||
|
"colour": "#3cb08a"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "3rd-party",
|
||||||
|
"expanded": "Information from outside the company.",
|
||||||
|
"colour": "#46c098"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "other",
|
||||||
|
"expanded": "If none of the other origins applies.",
|
||||||
|
"colour": "#59c6a2"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "unknown",
|
||||||
|
"expanded": "Origin of the data unknown.",
|
||||||
|
"colour": "#6ccdad"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
Loading…
Reference in New Issue