Merge branch 'master' of github.com:MISP/misp-taxonomies

2018-09-24 15:32:20 -04:00 · 2018-09-24 15:32:20 -04:00 · 5bcaa781b0
parent 4c70d06efb f67d13ae65
commit 5bcaa781b0
3 changed files with 26 additions and 8 deletions
--- a/MANIFEST.json
+++ b/MANIFEST.json
@ -256,7 +256,7 @@
      "description": "Runtime or software packer used to combine compressed data with the decompression code. The decompression code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries."
    },
    {
-      "version": 2,
+      "version": 4,
      "name": "honeypot-basic",
      "description": "Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf"
    },
@ -360,5 +360,5 @@
  "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/",
  "description": "Manifest file of MISP taxonomies available.",
  "license": "CC-0",
-  "version": "20180912"
+  "version": "20180924"
 }
--- a/honeypot-basic/machinetag.json
+++ b/honeypot-basic/machinetag.json
@ -1,7 +1,7 @@
 {
  "namespace": "honeypot-basic",
-  "description": "Updated from Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf",
-  "version": 2,
+  "description": "Updated (CIRCL, Seamus Dowling and EURECOM) from Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf",
+  "version": 4,
  "predicates": [
    {
      "value": "interaction-level",
@ -43,15 +43,25 @@
          "expanded": "High Interaction Level",
          "description": "Exposed functionality of the honeypot is not limited."
        },
+        {
+          "value": "medium",
+          "expanded": "Medium Interaction Level",
+          "description": "Exposed functionality of the honeypot is limited to the service without exposing the full operating system."
+        },
        {
          "value": "low",
          "expanded": "low Interaction Level",
-          "description": "Exposed functionality being limited. For example, a simulated SSH server of a honeypot is not able to authenticate against a valid login/password combination"
+          "description": "Exposed functionality being limited. For example, a simulated SSH server of a honeypot is not able to authenticate against a valid login/password combination."
        },
        {
          "value": "none",
          "expanded": "No interaction capabilities",
          "description": "No exposed functionality in the honeypot."
+        },
+        {
+          "value": "adaptive",
+          "expanded": "Learns from attack interaction",
+          "description": "Learns from attack interaction"
        }
      ]
    },
--- a/workflow/machinetag.json
+++ b/workflow/machinetag.json
@ -2,7 +2,7 @@
  "namespace": "workflow",
  "expanded": "workflow to support analysis",
  "description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information. ",
-  "version": 4,
+  "version": 5,
  "predicates": [
    {
      "value": "todo",
@ -25,7 +25,7 @@
        },
        {
          "value": "review",
-          "expanded": "Additional review is required to reach a certain level of validation of the information tagged"
+          "expanded": "Additional review is required to reach a cert  ain level of validation of the information tagged"
        },
        {
          "value": "review-before-publication",
@ -69,7 +69,15 @@
        },
        {
          "value": "review-the-grammar",
-          "expanded": "Review the grammar of the information tagged to improve the overall quality "
+          "expanded": "Review the grammar of the information tagged to improve the overall quality"
+        },
+        {
+          "value": "do-not-delete",
+          "expanded": "Element that should not be deleted (without asking)"
+        },
+        {
+          "value": "add-mitre-attack-cluster",
+          "expanded": "Describe cyber adversary behavior using MITRE ATT&CK"
        }
      ]
    },