From 1d8da7a032d27989588944bf92611dbbaae560d4 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Tue, 18 Sep 2018 11:38:57 +0200 Subject: [PATCH 1/7] improve workfloy taxonomy, add not do-not-delete and add-mitre-attack-cluster values --- workflow/machinetag.json | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/workflow/machinetag.json b/workflow/machinetag.json index ba9d068..8ed0ad3 100644 --- a/workflow/machinetag.json +++ b/workflow/machinetag.json @@ -69,7 +69,15 @@ }, { "value": "review-the-grammar", - "expanded": "Review the grammar of the information tagged to improve the overall quality " + "expanded": "Review the grammar of the information tagged to improve the overall quality" + }, + { + "value": "do-not-delete", + "expended": "Element that should not be deleted (without asking)" + }, + { + "value": "add-mitre-attack-cluster", + "expended": "Describe cyber adversary behavior using MITRE ATT&CK" } ] }, From 9124668b3b3e911618ce565fe402d928ca10c229 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Tue, 18 Sep 2018 14:10:48 +0200 Subject: [PATCH 2/7] update workflow version --- workflow/machinetag.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflow/machinetag.json b/workflow/machinetag.json index 8ed0ad3..dbd3470 100644 --- a/workflow/machinetag.json +++ b/workflow/machinetag.json @@ -2,7 +2,7 @@ "namespace": "workflow", "expanded": "workflow to support analysis", "description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information. ", - "version": 4, + "version": 5, "predicates": [ { "value": "todo", From 29721b5331f4f72050cec39c7c7125b5089da03d Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Tue, 18 Sep 2018 14:39:30 +0200 Subject: [PATCH 3/7] jq --- workflow/machinetag.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflow/machinetag.json b/workflow/machinetag.json index dbd3470..b358fb0 100644 --- a/workflow/machinetag.json +++ b/workflow/machinetag.json @@ -25,7 +25,7 @@ }, { "value": "review", - "expanded": "Additional review is required to reach a certain level of validation of the information tagged" + "expanded": "Additional review is required to reach a cert ain level of validation of the information tagged" }, { "value": "review-before-publication", From ad876b697c8d95b5ba07468f9951b8bca26a4b65 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Thu, 20 Sep 2018 09:38:47 +0200 Subject: [PATCH 4/7] fix typo --- workflow/machinetag.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workflow/machinetag.json b/workflow/machinetag.json index b358fb0..7eac693 100644 --- a/workflow/machinetag.json +++ b/workflow/machinetag.json @@ -73,11 +73,11 @@ }, { "value": "do-not-delete", - "expended": "Element that should not be deleted (without asking)" + "expanded": "Element that should not be deleted (without asking)" }, { "value": "add-mitre-attack-cluster", - "expended": "Describe cyber adversary behavior using MITRE ATT&CK" + "expanded": "Describe cyber adversary behavior using MITRE ATT&CK" } ] }, From ee64138892518d3f993cac697aea3b3336d75a91 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 22 Sep 2018 20:28:47 +0200 Subject: [PATCH 5/7] chg: [honeypot-basic] extended with adaptive interaction level. ref: http://www.ecmlpkdd2018.org/wp-content/uploads/2018/09/262.pdf --- honeypot-basic/machinetag.json | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/honeypot-basic/machinetag.json b/honeypot-basic/machinetag.json index 1471ffe..ab198c0 100644 --- a/honeypot-basic/machinetag.json +++ b/honeypot-basic/machinetag.json @@ -1,7 +1,7 @@ { "namespace": "honeypot-basic", - "description": "Updated from Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf", - "version": 2, + "description": "Updated (CIRCL and Seamus Dowling) from Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf", + "version": 3, "predicates": [ { "value": "interaction-level", @@ -52,6 +52,11 @@ "value": "none", "expanded": "No interaction capabilities", "description": "No exposed functionality in the honeypot." + }, + { + "value": "adaptive", + "expanded": "Learns from attack interaction", + "description": "Learns from attack interaction" } ] }, From 0c4cdac38d3453b854ad50ba8ed36d7fc4933f99 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 24 Sep 2018 15:46:53 +0200 Subject: [PATCH 6/7] chg: [honeypot-basic] medium interaction added (based on various papers definition from EURECOM to Georg Wicherski paper) --- honeypot-basic/machinetag.json | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/honeypot-basic/machinetag.json b/honeypot-basic/machinetag.json index ab198c0..509ae0c 100644 --- a/honeypot-basic/machinetag.json +++ b/honeypot-basic/machinetag.json @@ -1,7 +1,7 @@ { "namespace": "honeypot-basic", - "description": "Updated (CIRCL and Seamus Dowling) from Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf", - "version": 3, + "description": "Updated (CIRCL, Seamus Dowling and EURECOM) from Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf", + "version": 4, "predicates": [ { "value": "interaction-level", @@ -43,10 +43,15 @@ "expanded": "High Interaction Level", "description": "Exposed functionality of the honeypot is not limited." }, + { + "value": "medium", + "expanded": "Medium Interaction Level", + "description": "Exposed functionality of the honeypot is limited to the service without exposing the full operating system." + }, { "value": "low", "expanded": "low Interaction Level", - "description": "Exposed functionality being limited. For example, a simulated SSH server of a honeypot is not able to authenticate against a valid login/password combination" + "description": "Exposed functionality being limited. For example, a simulated SSH server of a honeypot is not able to authenticate against a valid login/password combination." }, { "value": "none", From f67d13ae654e19065e98a9810098aed1c48bffe1 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 24 Sep 2018 15:48:41 +0200 Subject: [PATCH 7/7] chg: [manifest] updated to the latest revision --- MANIFEST.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MANIFEST.json b/MANIFEST.json index 6a2e848..865e0c4 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -256,7 +256,7 @@ "description": "Runtime or software packer used to combine compressed data with the decompression code. The decompression code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries." }, { - "version": 2, + "version": 4, "name": "honeypot-basic", "description": "Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf" }, @@ -360,5 +360,5 @@ "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/", "description": "Manifest file of MISP taxonomies available.", "license": "CC-0", - "version": "20180912" + "version": "20180924" }