Creation of IOC taxonomy

The IOC taxonomy was created to address automation needs. As we share IoC's, some of them are not malicious in nature, but it's presence can point to something malicious happening. For automation purposes, the use of data classification helps when you need to block something or not.
2021-02-23 20:18:24 -03:00 · 2021-02-23 20:18:24 -03:00 · 6d575d8fb8
parent 0e245f748c
commit 6d575d8fb8
1 changed files with 26 additions and 0 deletions
--- a/ioc/machinetag.json
+++ b/ioc/machinetag.json
@ -0,0 +1,26 @@
+{
+  "namespace": "ioc",
+  "description": "An IOC classification to facilitate automation of malicious and non malicious artifacts",
+  "version": 1,
+  "predicates": [
+    {
+      "value": "artifact-state",
+      "expanded": "Artifact State"
+    }
+  ],
+  "values": [
+    {
+      "predicate": "artifact state",
+      "entry": [
+        {
+          "value": "malicious",
+          "expanded": "Malicious"
+        },
+        {
+          "value": "not-malicious",
+          "expanded": "Not Malicious"
+        }
+      ]
+    }
+   ]
+}