From af3ba8ea50e3f0f0e8b0b94f2f3578e88c6adf92 Mon Sep 17 00:00:00 2001 From: Daniel Roethlisberger Date: Fri, 12 Jan 2018 15:42:24 +0100 Subject: [PATCH 1/4] add: New predicate misp:automation-level indicating whether an event or attribute was imported into MISP in a fully automatic fashion, was reviewed by a human, or directly stems from manual analysis. /cc @h122015 --- misp/machinetag.json | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/misp/machinetag.json b/misp/machinetag.json index 51010fa..ea2b0e8 100755 --- a/misp/machinetag.json +++ b/misp/machinetag.json @@ -70,6 +70,26 @@ } ] }, + { + "predicate": "automation-level", + "entry": [ + { + "expanded": "Generated automatically without human verification", + "value": "automatic", + "numerical_value": 100 + }, + { + "expanded": "Generated automatically but verified by a human", + "value": "reviewed", + "numerical_value": 50 + }, + { + "expanded": "Output of human analysis", + "value": "manual", + "numerical_value": 0 + } + ] + }, { "predicate": "threat-level", "entry": [ From 13bed50071b109581b6d67f69f738a326198b118 Mon Sep 17 00:00:00 2001 From: Daniel Roethlisberger Date: Fri, 12 Jan 2018 16:04:38 +0100 Subject: [PATCH 2/4] Rename "automatic" to "unsupervised" after review with @amuehlem --- misp/machinetag.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp/machinetag.json b/misp/machinetag.json index ea2b0e8..700bbb1 100755 --- a/misp/machinetag.json +++ b/misp/machinetag.json @@ -75,7 +75,7 @@ "entry": [ { "expanded": "Generated automatically without human verification", - "value": "automatic", + "value": "unsupervised", "numerical_value": 100 }, { From a2c8089aa3b8b1fb2c330655af109a5e4bc299da Mon Sep 17 00:00:00 2001 From: Daniel Roethlisberger Date: Fri, 12 Jan 2018 16:19:29 +0100 Subject: [PATCH 3/4] Add automation-level to the list of predicate descriptions --- misp/machinetag.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/misp/machinetag.json b/misp/machinetag.json index 700bbb1..62ff7aa 100755 --- a/misp/machinetag.json +++ b/misp/machinetag.json @@ -155,6 +155,10 @@ "expanded": "Cyberthreat Effect Universal Scale - MISP's internal threat level taxonomy", "value": "threat-level" }, + { + "expanded": "Automation level", + "value": "automation-level" + }, { "description": "Event with this tag should not be synced to other MISP instances", "expanded": "Should not sync", From 4f9f3decfec79f92adc752e44b8cefaf255227c8 Mon Sep 17 00:00:00 2001 From: Daniel Roethlisberger Date: Fri, 12 Jan 2018 16:35:42 +0100 Subject: [PATCH 4/4] Bumping version to 6 --- misp/machinetag.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp/machinetag.json b/misp/machinetag.json index 62ff7aa..d1a0558 100755 --- a/misp/machinetag.json +++ b/misp/machinetag.json @@ -170,7 +170,7 @@ "value": "tool" } ], - "version": 5, + "version": 6, "description": "MISP taxonomy to infer with MISP behavior or operation.", "expanded": "MISP", "namespace": "misp"