MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

new: [srbcert] New taxonomy for the SRB-CERT

pull/272/head
Alexandre Dulaunoy 2023-11-15 14:09:51 +01:00
parent e8892b6cf9
commit 9f481f4aee
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 209 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
MANIFEST.json
View File

@ -89,9 +89,9 @@
"version": 2
},
{
"description": "CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection",
"description": "CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection.",
"name": "circl",
"version": 5
"version": 6
},
{
"description": "La presente taxonomia es la primera versión disponible para el Centro Nacional de Seguridad Digital del Perú.",
@ -124,7 +124,7 @@
"version": 2
},
{
"description": "The Crowdsec behaviors and classifications taxonomy is the list of taxonomies used in Crowdsec to describe the behaviors and classifications of an IP address. The behaviors are a list of attack categories for which a given IP address was reported, where the classifications describe a list of categories associated to an IP address and, when applicable, a list of false positive categories.",
"description": "Crowdsec IP address classifications and behaviors taxonomy.",
"name": "crowdsec",
"version": 1
},
@ -238,6 +238,11 @@
"name": "domain-abuse",
"version": 2
},
{
"description": "This taxonomy aims to list doping substances",
"name": "doping-substances",
"version": 2
},
{
"description": "A taxonomy based on the superclass and class of drugs. Based on https://www.drugbank.ca/releases/latest",
"name": "drugs",
@ -511,7 +516,7 @@
{
"description": "MISP workflow taxonomy to support result of workflow execution.",
"name": "misp-workflow",
"version": 2
"version": 3
},
{
"description": "MONARC Threats Taxonomy",
@ -626,7 +631,7 @@
{
"description": "Runtime or software packer used to combine compressed or encrypted data with the decompression or decryption code. This code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.",
"name": "runtime-packer",
"version": 1
"version": 2
},
{
"description": "Flags describing the sample",
@ -658,6 +663,11 @@
"name": "social-engineering-attack-vectors",
"version": 1
},
{
"description": "SRB-CERT Taxonomy - Schemes of Classification in Incident Response and Detection",
"name": "srbcert",
"version": 1
},
{
"description": "A spectrum of state responsibility to more directly tie the goals of attribution to the needs of policymakers.",
"name": "state-responsibility",
@ -696,7 +706,7 @@
{
"description": "The Traffic Light Protocol (TLP) (v2.0) was created to facilitate greater sharing of potentially sensitive information and more effective collaboration. Information sharing happens from an information source, towards one or more recipients. TLP is a set of four standard labels (a fifth label is included in amber to limit the diffusion) used to indicate the sharing boundaries to be applied by the recipients. Only labels listed in this standard are considered valid by FIRST. This taxonomy includes additional labels for backward compatibility which are no more validated by FIRST SIG.",
"name": "tlp",
"version": 7
"version": 9
},
{
"description": "Taxonomy to describe Tor network infrastructure",
@ -741,14 +751,9 @@
{
"description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.",
"name": "workflow",
"version": 11
},
{
"description": "This taxonomy aims to list doping substances",
"name": "doping-substances",
"version": 2
"version": 12
}
],
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/",
"version": "20230514"
"version": "20231115"
}

191
srbcert/machinetag.json Normal file
View File

@ -0,0 +1,191 @@
{
"namespace": "srbcert",
"description": "SRB-CERT Taxonomy - Schemes of Classification in Incident Response and Detection",
"version": 1,
"predicates": [
{
"value": "incident-type",
"expanded": "Incident Type"
},
{
"value": "incident-criticality-level",
"expanded": "Incident Criticality Level"
}
],
"values": [
{
"predicate": "incident-type",
"entry": [
{
"value": "virus",
"expanded": "Virus"
},
{
"value": "worm",
"expanded": "Worm"
},
{
"value": "ransomware",
"expanded": "Ransomware"
},
{
"value": "trojan",
"expanded": "Trojan"
},
{
"value": "spyware",
"expanded": "Spyware"
},
{
"value": "rootkit",
"expanded": "Rootkit"
},
{
"value": "malware",
"expanded": "Malware"
},
{
"value": "port-scanning",
"expanded": "Port scanning"
},
{
"value": "sniffing",
"expanded": "Sniffing"
},
{
"value": "social-engineering",
"expanded": "Social engineering"
},
{
"value": "data-breaches",
"expanded": "Data breaches"
},
{
"value": "other-type-of-information-gathering",
"expanded": "Other type of information gathering"
},
{
"value": "phishing",
"expanded": "Phishing"
},
{
"value": "unauthorized-use-of-resources",
"expanded": "Unauthorized use of resources"
},
{
"value": "fraud",
"expanded": "Fraud"
},
{
"value": "exploiting-known-vulnerabilities",
"expanded": "Exploiting known vulnerabilities"
},
{
"value": "brute-force",
"expanded": "Brute force"
},
{
"value": "other-type-of-intrusion-attempts",
"expanded": "Other type of Intrusion Attempts"
},
{
"value": "privilege-account-compromise",
"expanded": "Privilege account compromise"
},
{
"value": "unprivileged-account-compromise",
"expanded": "Unprivileged account compromise"
},
{
"value": "application-compromise",
"expanded": "Application compromise"
},
{
"value": "botnet",
"expanded": "Botnet"
},
{
"value": "other-type-of-intrusions",
"expanded": "Other type of intrusions"
},
{
"value": "dos",
"expanded": "DoS"
},
{
"value": "ddos",
"expanded": "DDoS"
},
{
"value": "sabotage",
"expanded": "Sabotage"
},
{
"value": "outage",
"expanded": "Outage"
},
{
"value": "other-type-of-availability-incident",
"expanded": "Other type of Availability incident"
},
{
"value": "unauthorized-access-to-information",
"expanded": "Unauthorized access to information"
},
{
"value": "unauthorized-modification-of-information",
"expanded": "Unauthorized modification of information"
},
{
"value": "cryptographic-attack",
"expanded": "Cryptographic attack"
},
{
"value": "other-type-of-information-content-security-incident",
"expanded": "Other type of Information Content Security incident"
},
{
"value": "hardware-errors",
"expanded": "Hardware errors"
},
{
"value": "software-errors",
"expanded": "Software errors"
},
{
"value": "software-errors",
"expanded": "Software errors"
},
{
"value": "hardware-components-theft",
"expanded": "hardware-components-theft"
},
{
"value": "other",
"expanded": "Other"
}
]
},
{
"predicate": "incident-criticality-level",
"entry": [
{
"value": "low",
"expanded": "Low"
},
{
"value": "medium",
"expanded": "Medium"
},
{
"value": "high",
"expanded": "High"
},
{
"value": "very-high",
"expanded": "Very High"
}
]
}
]
}