From 0e81bbcd660590e2112070578f1db52aaf6dd65e Mon Sep 17 00:00:00 2001 From: V <45754825+vxsh4d0w@users.noreply.github.com> Date: Fri, 10 Apr 2020 14:12:02 +0200 Subject: [PATCH 1/3] Incident classification updates This proposal involves new incident categories and adds a section related information classification. --- circl/machinetag.json | 48 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/circl/machinetag.json b/circl/machinetag.json index 9865e5b..b5033d2 100644 --- a/circl/machinetag.json +++ b/circl/machinetag.json @@ -24,6 +24,14 @@ "value": "system-compromise", "expanded": "System compromise" }, + { + "value": "sabotage", + "expanded": "Sabotage" + }, + { + "value": "gdpr-violation", + "expanded": "GDPR Violation" + }, { "value": "scan", "expanded": "Scan" @@ -40,6 +48,14 @@ "value": "phishing", "expanded": "Phishing" }, + { + "value": "whaling", + "expanded": "Whaling" + }, + { + "value": "smishing", + "expanded": "Sms Phishing" + }, { "value": "malware", "expanded": "Malware" @@ -56,6 +72,10 @@ "value": "fastflux", "expanded": "Fastflux" }, + { + "value": "domain-fronting", + "expanded": "Domain Fronting" + }, { "value": "sql-injection", "expanded": "SQL Injection" @@ -88,12 +108,40 @@ "value": "sextortion", "expanded": "sextortion" }, + { + "value": "social-engineering", + "expanded": "Social Engineering" + }, + { + "value": "gdpr-violation", + "expanded": "GDPR Violation" + }, { "value": "covid-19", "expanded": "covid-19" } ] }, + { + "predicate": "information-classfication", + "entry": [{ + "value": "confidential", + "expanded": "Confidential Information (top confidentiality level)" + }, + { + "value": "restricted", + "expanded": "Restricted Information (medium confidentiality level)" + }, + { + "value": "internal-use", + "expanded": "Internal Use Information (lowest level of confidentiality)" + }, + { + "value": "public", + "expanded": "Public Information (everyone can see the information)" + } + ] + }, { "predicate": "topic", "entry": [ From 0e173e44c9b45cb4044659913438bdbc57068250 Mon Sep 17 00:00:00 2001 From: V <45754825+vxsh4d0w@users.noreply.github.com> Date: Fri, 10 Apr 2020 14:18:21 +0200 Subject: [PATCH 2/3] Update machinetag.json --- circl/machinetag.json | 79 ++++++++++++++++++++++--------------------- 1 file changed, 40 insertions(+), 39 deletions(-) diff --git a/circl/machinetag.json b/circl/machinetag.json index b5033d2..a518313 100644 --- a/circl/machinetag.json +++ b/circl/machinetag.json @@ -25,13 +25,13 @@ "expanded": "System compromise" }, { - "value": "sabotage", - "expanded": "Sabotage" - }, - { - "value": "gdpr-violation", - "expanded": "GDPR Violation" - }, + "value": "sabotage", + "expanded": "Sabotage" + }, + { + "value": "gdpr-violation", + "expanded": "GDPR Violation" + }, { "value": "scan", "expanded": "Scan" @@ -49,13 +49,13 @@ "expanded": "Phishing" }, { - "value": "whaling", - "expanded": "Whaling" - }, + "value": "whaling", + "expanded": "Whaling" + }, { - "value": "smishing", - "expanded": "Sms Phishing" - }, + "value": "smishing", + "expanded": "Sms Phishing" + }, { "value": "malware", "expanded": "Malware" @@ -109,13 +109,13 @@ "expanded": "sextortion" }, { - "value": "social-engineering", - "expanded": "Social Engineering" - }, - { - "value": "gdpr-violation", - "expanded": "GDPR Violation" - }, + "value": "social-engineering", + "expanded": "Social Engineering" + }, + { + "value": "gdpr-violation", + "expanded": "GDPR Violation" + }, { "value": "covid-19", "expanded": "covid-19" @@ -123,25 +123,26 @@ ] }, { - "predicate": "information-classfication", - "entry": [{ - "value": "confidential", - "expanded": "Confidential Information (top confidentiality level)" - }, - { - "value": "restricted", - "expanded": "Restricted Information (medium confidentiality level)" - }, - { - "value": "internal-use", - "expanded": "Internal Use Information (lowest level of confidentiality)" - }, - { - "value": "public", - "expanded": "Public Information (everyone can see the information)" - } - ] - }, + "predicate": "information-classfication", + "entry": [ + { + "value": "confidential", + "expanded": "Confidential Information (top confidentiality level)" + }, + { + "value": "restricted", + "expanded": "Restricted Information (medium confidentiality level)" + }, + { + "value": "internal-use", + "expanded": "Internal Use Information (lowest level of confidentiality)" + }, + { + "value": "public", + "expanded": "Public Information (everyone can see the information)" + } + ] + }, { "predicate": "topic", "entry": [ From 55f0747fa31b632cb214bacf308c4655d6f2d8ba Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 25 Mar 2021 12:10:09 +0100 Subject: [PATCH 3/3] chg: [circl] updated the original proposal + ransomware added + classification proposal removed (should be in a different taxonomy) --- MANIFEST.json | 8 +++--- circl/machinetag.json | 67 ++++++++++++++++--------------------------- 2 files changed, 29 insertions(+), 46 deletions(-) diff --git a/MANIFEST.json b/MANIFEST.json index e19b550..1f44753 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -76,7 +76,7 @@ { "description": "CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection", "name": "circl", - "version": 4 + "version": 5 }, { "description": "Course of action taken within organization to discover, detect, deny, disrupt, degrade, deceive and/or destroy an attack.", @@ -409,9 +409,9 @@ "version": 2 }, { - "description": "classification for the identification of type of misinformation among websites. Source:False, Misleading, Clickbait-y, and/or Satirical 'News' Sources by Melissa Zimdars 2019", + "description": "classification for the identification of type of misinformation among websites. Source:False, Misleading, Clickbait-y, and/or Satirical News Sources by Melissa Zimdars 2019", "name": "misinformation-website-label", - "version": "1" + "version": 1 }, { "description": "MISP taxonomy to infer with MISP behavior or operation.", @@ -590,5 +590,5 @@ } ], "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/", - "version": "20200612" + "version": "20210325" } diff --git a/circl/machinetag.json b/circl/machinetag.json index a518313..9091773 100644 --- a/circl/machinetag.json +++ b/circl/machinetag.json @@ -1,7 +1,7 @@ { "namespace": "circl", "description": "CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection", - "version": 4, + "version": 5, "predicates": [ { "value": "incident-classification", @@ -25,13 +25,13 @@ "expanded": "System compromise" }, { - "value": "sabotage", - "expanded": "Sabotage" - }, - { - "value": "gdpr-violation", - "expanded": "GDPR Violation" - }, + "value": "sabotage", + "expanded": "Sabotage" + }, + { + "value": "privacy-violation", + "expanded": "Privacy violation" + }, { "value": "scan", "expanded": "Scan" @@ -49,13 +49,13 @@ "expanded": "Phishing" }, { - "value": "whaling", - "expanded": "Whaling" - }, + "value": "whaling", + "expanded": "Whaling" + }, { - "value": "smishing", - "expanded": "Sms Phishing" - }, + "value": "smishing", + "expanded": "SMS Phishing" + }, { "value": "malware", "expanded": "Malware" @@ -104,45 +104,28 @@ "value": "wiper", "expanded": "Wiper" }, + { + "value": "ransomware", + "expanded": "ransomware" + }, { "value": "sextortion", "expanded": "sextortion" }, { - "value": "social-engineering", - "expanded": "Social Engineering" - }, - { - "value": "gdpr-violation", - "expanded": "GDPR Violation" - }, + "value": "social-engineering", + "expanded": "Social Engineering" + }, + { + "value": "gdpr-violation", + "expanded": "GDPR Violation" + }, { "value": "covid-19", "expanded": "covid-19" } ] }, - { - "predicate": "information-classfication", - "entry": [ - { - "value": "confidential", - "expanded": "Confidential Information (top confidentiality level)" - }, - { - "value": "restricted", - "expanded": "Restricted Information (medium confidentiality level)" - }, - { - "value": "internal-use", - "expanded": "Internal Use Information (lowest level of confidentiality)" - }, - { - "value": "public", - "expanded": "Public Information (everyone can see the information)" - } - ] - }, { "predicate": "topic", "entry": [