MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' of github.com:MISP/misp-taxonomies

pull/119/head
Raphaël Vinot 2018-09-24 15:32:20 -04:00
parent 4c70d06efb f67d13ae65
commit 5bcaa781b0
3 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
MANIFEST.json
View File

@ -256,7 +256,7 @@
"description": "Runtime or software packer used to combine compressed data with the decompression code. The decompression code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries." "description": "Runtime or software packer used to combine compressed data with the decompression code. The decompression code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries."
}, },
{ {
"version": 2, "version": 4,
"name": "honeypot-basic", "name": "honeypot-basic",
"description": "Christian Seifert, Ian Welch, Peter Komisarczuk, Taxonomy of Honeypots, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf" "description": "Christian Seifert, Ian Welch, Peter Komisarczuk, Taxonomy of Honeypots, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf"
}, },
@ -360,5 +360,5 @@
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/", "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/",
"description": "Manifest file of MISP taxonomies available.", "description": "Manifest file of MISP taxonomies available.",
"license": "CC-0", "license": "CC-0",
"version": "20180912" "version": "20180924"
} }

16
honeypot-basic/machinetag.json
View File

@ -1,7 +1,7 @@
{ {
"namespace": "honeypot-basic", "namespace": "honeypot-basic",
"description": "Updated from Christian Seifert, Ian Welch, Peter Komisarczuk, Taxonomy of Honeypots, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf", "description": "Updated (CIRCL, Seamus Dowling and EURECOM) from Christian Seifert, Ian Welch, Peter Komisarczuk, Taxonomy of Honeypots, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf",
"version": 2, "version": 4,
"predicates": [ "predicates": [
{ {
"value": "interaction-level", "value": "interaction-level",
@ -43,15 +43,25 @@
"expanded": "High Interaction Level", "expanded": "High Interaction Level",
"description": "Exposed functionality of the honeypot is not limited." "description": "Exposed functionality of the honeypot is not limited."
}, },
{
"value": "medium",
"expanded": "Medium Interaction Level",
"description": "Exposed functionality of the honeypot is limited to the service without exposing the full operating system."
},
{ {
"value": "low", "value": "low",
"expanded": "low Interaction Level", "expanded": "low Interaction Level",
"description": "Exposed functionality being limited. For example, a simulated SSH server of a honeypot is not able to authenticate against a valid login/password combination" "description": "Exposed functionality being limited. For example, a simulated SSH server of a honeypot is not able to authenticate against a valid login/password combination."
}, },
{ {
"value": "none", "value": "none",
"expanded": "No interaction capabilities", "expanded": "No interaction capabilities",
"description": "No exposed functionality in the honeypot." "description": "No exposed functionality in the honeypot."
},
{
"value": "adaptive",
"expanded": "Learns from attack interaction",
"description": "Learns from attack interaction"
} }
] ]
}, },

14
workflow/machinetag.json
View File

@ -2,7 +2,7 @@
"namespace": "workflow", "namespace": "workflow",
"expanded": "workflow to support analysis", "expanded": "workflow to support analysis",
"description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information. ", "description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information. ",
"version": 4, "version": 5,
"predicates": [ "predicates": [
{ {
"value": "todo", "value": "todo",
@ -25,7 +25,7 @@
}, },
{ {
"value": "review", "value": "review",
"expanded": "Additional review is required to reach a certain level of validation of the information tagged" "expanded": "Additional review is required to reach a cert ain level of validation of the information tagged"
}, },
{ {
"value": "review-before-publication", "value": "review-before-publication",
@ -69,7 +69,15 @@
}, },
{ {
"value": "review-the-grammar", "value": "review-the-grammar",
"expanded": "Review the grammar of the information tagged to improve the overall quality " "expanded": "Review the grammar of the information tagged to improve the overall quality"
},
{
"value": "do-not-delete",
"expanded": "Element that should not be deleted (without asking)"
},
{
"value": "add-mitre-attack-cluster",
"expanded": "Describe cyber adversary behavior using MITRE ATT&CK"
} }
] ]
}, },