MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

New mapping taxonomy library added 

A simple JSON format where a vernacular/common name describes
all the potential associated machine tags.

The format is a simple JSON object with a key for the common name
which references a list of potential associated machine tags.

The usage (in a first step) in MISP will be the following:

- The replacement in the index UI of the corresponding list of machine
  tags by the vernacular/common name.

- The ability to add automatically associated machine tags when tagging with the
  vernacular/common name.

Even if the machine tags is not enabled in MISP, the tag will be added.
pull/44/head
Alexandre Dulaunoy 2016-10-27 07:38:17 +02:00
parent 0a6549d886
commit d2b66e2389
1 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
mapping/mapping.json Normal file
View File

@ -0,0 +1,44 @@
{
"ransomware": [
"veris:action:malware:variety=\"Ransomware\"",
"ecsirt:malicious-code=\"ransomware\"",
"enisa:nefarious-activity-abuse=\"ransomware\"",
"malware_classification:malware-category=\"Ransomware\"",
"ms-caro-malware:malware-type=\"Ransom\"",
"veris:action:malware:variety=\"Ransomware\""
],
"Remote Access Tool": [
"enisa:nefarious-activity-abuse=\"remote-access-tool\"",
"ms-caro-malware:malware-type=\"RemoteAccess\""
],
"malware": [
"ecsirt:malicious-code=\"malware\"",
"circl:incident-classification=\"malware\""
],
"exploit": [
"veris:action:malware:variety=\"Exploit vuln\"",
"ecsirt:intrusion-attempts=\"exploit\"",
"europol-event:exploit",
"europol-incident:intrusion=\"exploitation-vulnerability\"",
"ms-caro-malware:malware-type=\"Exploit\""
],
"rootkit": [
"veris:action:malware:variety=\"Rootkit\"",
"enisa:nefarious-activity-abuse=\"rootkits\"",
"malware_classification:malware-category=\"Rootkit\""
],
"SQLi": [
"circl:incident-classification=\"sql-injection\"",
"veris:action:malware:variety=\"SQL injection\"",
"veris:action:hacking:variety=\"SQLi\"",
"enisa:nefarious-activity-abuse=\"web-application-attacks-injection-attacks-code-injection-SQL-XSS\"",
"europol-event:sql-injection"
],
"DDoS": [
"ecsirt:availability=\"ddos\"",
"europol-incident:availability=\"dos-ddos\"",
"ms-caro-malware:malware-type=\"DDoS\"",
"circl:incident-classification=\"denial-of-service\"",
"enisa:nefarious-activity-abuse=\"denial-of-service\""
]
}