RaphaelOtto
GitHub
parent
13d595dd78
commit
80516d7f1b
|
|
@ -9,7 +9,7 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "score",
|
"value": "score",
|
||||||
"expanded": ""
|
"expanded": "A numerical score added by a scoring algorithm of choice. The score can either be considered by an analyst or in combination with other tags be used for automatic processing of the data."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"values": [
|
"values": [
|
||||||
|
|
@ -18,39 +18,39 @@
|
||||||
"entry": [
|
"entry": [
|
||||||
{
|
{
|
||||||
"value": "legit-but-compromised",
|
"value": "legit-but-compromised",
|
||||||
"expanded": ""
|
"expanded": "The attribute/event describes something that is legitly used, but seems to be compromised by 3rd parties to be used for malicious activities. Consider this if blocking is your course of action."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "legit",
|
"value": "legit",
|
||||||
"expanded": ""
|
"expanded": "The attribute/event describes something legitly used, that does not show signes of compromise or misuse."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "legit-uncertain",
|
"value": "legit-uncertain",
|
||||||
"expanded": ""
|
"expanded": "The attribute/event describes something where it is not 100% clear if it is used only legitly."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "malicious",
|
"value": "malicious",
|
||||||
"expanded": ""
|
"expanded": "The attribute/event describes something that is definitly used maliciously."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "malicious-uncertain",
|
"value": "malicious-uncertain",
|
||||||
"expanded": ""
|
"expanded": "The attribute/event describes something that seems to be used maliciously, but there is no 100% proof."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "invalid",
|
"value": "invalid",
|
||||||
"expanded": ""
|
"expanded": "The attribute/event is invalid or wrong in respect to the situation described by the event."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "irrelevant",
|
"value": "irrelevant",
|
||||||
"expanded": ""
|
"expanded": "The attribute/event is irrelevant to your organization or CTI process."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "undetermined",
|
"value": "undetermined",
|
||||||
"expanded": ""
|
"expanded": "The nature of the attribute/event cannot be further determined. Use this only as a last resort."
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "fast-track",
|
"value": "fast-track",
|
||||||
"expanded": "this intelligence piece was not vetted but passed through for operational reasons"
|
"expanded": "The attribute/event was not vetted but passed through for operational reasons. A result might be higher false-positive rates."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|
@ -464,4 +464,4 @@
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue