fix: [threatmatch] various fixes
parent
1b303e30b3
commit
d4fddb65e5
|
@ -560,7 +560,7 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"description": "The ThreatMatch Sectors, Incident types, Malware types and Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.",
|
"description": "The ThreatMatch Sectors, Incident types, Malware types and Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.",
|
||||||
"name": "threatmatch",
|
"name": "ThreatMatch",
|
||||||
"version": 1
|
"version": 1
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -615,5 +615,5 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/",
|
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/",
|
||||||
"version": "20210325"
|
"version": "20210413"
|
||||||
}
|
}
|
||||||
|
|
26
README.md
26
README.md
|
@ -10,7 +10,6 @@ Taxonomies that can be used in [MISP](https://github.com/MISP/MISP) (2.4) and ot
|
||||||
|
|
||||||
The following taxonomies can be used in MISP (as local or distributed tags) or in other tools and software willing to share common taxonomies among security information sharing tools.
|
The following taxonomies can be used in MISP (as local or distributed tags) or in other tools and software willing to share common taxonomies among security information sharing tools.
|
||||||
|
|
||||||
|
|
||||||
### CERT-XLM
|
### CERT-XLM
|
||||||
|
|
||||||
[CERT-XLM](https://github.com/MISP/misp-taxonomies/tree/main/CERT-XLM) :
|
[CERT-XLM](https://github.com/MISP/misp-taxonomies/tree/main/CERT-XLM) :
|
||||||
|
@ -31,6 +30,11 @@ The Detection Maturity Level (DML) model is a capability maturity model for refe
|
||||||
[PAP](https://github.com/MISP/misp-taxonomies/tree/main/PAP) :
|
[PAP](https://github.com/MISP/misp-taxonomies/tree/main/PAP) :
|
||||||
The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used. [Overview](https://www.misp-project.org/taxonomies.html#_PAP)
|
The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used. [Overview](https://www.misp-project.org/taxonomies.html#_PAP)
|
||||||
|
|
||||||
|
### ThreatMatch
|
||||||
|
|
||||||
|
[ThreatMatch](https://github.com/MISP/misp-taxonomies/tree/main/ThreatMatch) :
|
||||||
|
The ThreatMatch Sectors, Incident types, Malware types and Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_ThreatMatch)
|
||||||
|
|
||||||
### access-method
|
### access-method
|
||||||
|
|
||||||
[access-method](https://github.com/MISP/misp-taxonomies/tree/main/access-method) :
|
[access-method](https://github.com/MISP/misp-taxonomies/tree/main/access-method) :
|
||||||
|
@ -566,26 +570,6 @@ TTPs are representations of the behavior or modus operandi of cyber adversaries.
|
||||||
[targeted-threat-index](https://github.com/MISP/misp-taxonomies/tree/main/targeted-threat-index) :
|
[targeted-threat-index](https://github.com/MISP/misp-taxonomies/tree/main/targeted-threat-index) :
|
||||||
The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman. [Overview](https://www.misp-project.org/taxonomies.html#_targeted_threat_index)
|
The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman. [Overview](https://www.misp-project.org/taxonomies.html#_targeted_threat_index)
|
||||||
|
|
||||||
### threatmatch-alert-types
|
|
||||||
|
|
||||||
[threatmatch-alert-types](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch-alert-types) :
|
|
||||||
The ThreatMatch Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch_alert_types)
|
|
||||||
|
|
||||||
### threatmatch-incident-types
|
|
||||||
|
|
||||||
[threatmatch-incident-types](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch-incident-types) :
|
|
||||||
The ThreatMatch Incident types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch_incident_types)
|
|
||||||
|
|
||||||
### threatmatch-malware-types
|
|
||||||
|
|
||||||
[threatmatch-malware-types](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch-malware-types) :
|
|
||||||
The ThreatMatch Malware types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch_malware_types)
|
|
||||||
|
|
||||||
### threatmatch-sectors
|
|
||||||
|
|
||||||
[threatmatch-sectors](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch-sectors) :
|
|
||||||
The ThreatMatch Sector types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch_sectors)
|
|
||||||
|
|
||||||
### threats-to-dns
|
### threats-to-dns
|
||||||
|
|
||||||
[threats-to-dns](https://github.com/MISP/misp-taxonomies/tree/main/threats-to-dns) :
|
[threats-to-dns](https://github.com/MISP/misp-taxonomies/tree/main/threats-to-dns) :
|
||||||
|
|
48
summary.md
48
summary.md
|
@ -1,5 +1,5 @@
|
||||||
# Taxonomies
|
# Taxonomies
|
||||||
- Generation date: 2021-03-24
|
- Generation date: 2021-04-13
|
||||||
- license: CC-0
|
- license: CC-0
|
||||||
- description: Manifest file of MISP taxonomies available.
|
- description: Manifest file of MISP taxonomies available.
|
||||||
|
|
||||||
|
@ -180,7 +180,7 @@
|
||||||
- threat-vector
|
- threat-vector
|
||||||
### circl
|
### circl
|
||||||
- description: CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection
|
- description: CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection
|
||||||
- version: 4
|
- version: 5
|
||||||
- Predicates
|
- Predicates
|
||||||
- incident-classification
|
- incident-classification
|
||||||
- topic
|
- topic
|
||||||
|
@ -280,6 +280,16 @@
|
||||||
- report
|
- report
|
||||||
- origin
|
- origin
|
||||||
- analyse
|
- analyse
|
||||||
|
### cti
|
||||||
|
- description: Cyber Threat Intelligence cycle to control workflow state of your process.
|
||||||
|
- version: 1
|
||||||
|
- Predicates
|
||||||
|
- planning
|
||||||
|
- collection
|
||||||
|
- processing-and-analysis
|
||||||
|
- dissemination-done
|
||||||
|
- feedback-received
|
||||||
|
- feedback-pending
|
||||||
### current-event
|
### current-event
|
||||||
- description: Current events - Schemes of Classification in Incident Response and Detection
|
- description: Current events - Schemes of Classification in Incident Response and Detection
|
||||||
- version: 1
|
- version: 1
|
||||||
|
@ -837,6 +847,11 @@
|
||||||
- dns
|
- dns
|
||||||
- host-file
|
- host-file
|
||||||
- other
|
- other
|
||||||
|
### ioc
|
||||||
|
- description: An IOC classification to facilitate automation of malicious and non malicious artifacts
|
||||||
|
- version: 2
|
||||||
|
- Predicates
|
||||||
|
- artifact-state
|
||||||
### iot
|
### iot
|
||||||
- description: Internet of Things taxonomy, based on IOT UK report https://iotuk.org.uk/wp-content/uploads/2017/01/IOT-Taxonomy-Report.pdf
|
- description: Internet of Things taxonomy, based on IOT UK report https://iotuk.org.uk/wp-content/uploads/2017/01/IOT-Taxonomy-Report.pdf
|
||||||
- version: 2
|
- version: 2
|
||||||
|
@ -1144,26 +1159,14 @@
|
||||||
- Predicates
|
- Predicates
|
||||||
- targeting-sophistication-base-value
|
- targeting-sophistication-base-value
|
||||||
- technical-sophistication-multiplier
|
- technical-sophistication-multiplier
|
||||||
### threatmatch-alert-types
|
### ThreatMatch
|
||||||
- description: The ThreatMatch Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.
|
- description: The ThreatMatch Sectors, Incident types, Malware types and Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.
|
||||||
- version: 1
|
|
||||||
- Predicates
|
|
||||||
- alert_type
|
|
||||||
### threatmatch-incident-types
|
|
||||||
- description: The ThreatMatch Incident types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.
|
|
||||||
- version: 1
|
|
||||||
- Predicates
|
|
||||||
- incident_type
|
|
||||||
### threatmatch-malware-types
|
|
||||||
- description: The ThreatMatch Malware types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.
|
|
||||||
- version: 1
|
|
||||||
- Predicates
|
|
||||||
- malware_type
|
|
||||||
### threatmatch-sectors
|
|
||||||
- description: The ThreatMatch Sector types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.
|
|
||||||
- version: 1
|
- version: 1
|
||||||
- Predicates
|
- Predicates
|
||||||
- sector
|
- sector
|
||||||
|
- incident-type
|
||||||
|
- malware-type
|
||||||
|
- alert-type
|
||||||
### threats-to-dns
|
### threats-to-dns
|
||||||
- description: An overview of some of the known attacks related to DNS as described by Torabi, S., Boukhtouta, A., Assi, C., & Debbabi, M. (2018) in Detecting Internet Abuse by Analyzing Passive DNS Traffic: A Survey of Implemented Systems. IEEE Communications Surveys & Tutorials, 1–1. doi:10.1109/comst.2018.2849614
|
- description: An overview of some of the known attacks related to DNS as described by Torabi, S., Boukhtouta, A., Assi, C., & Debbabi, M. (2018) in Detecting Internet Abuse by Analyzing Passive DNS Traffic: A Survey of Implemented Systems. IEEE Communications Surveys & Tutorials, 1–1. doi:10.1109/comst.2018.2849614
|
||||||
- version: 1
|
- version: 1
|
||||||
|
@ -1282,6 +1285,13 @@
|
||||||
- victim:revenue:iso_currency_code
|
- victim:revenue:iso_currency_code
|
||||||
- attribute:availability:duration:unit
|
- attribute:availability:duration:unit
|
||||||
- attribute:confidentiality:data:variety
|
- attribute:confidentiality:data:variety
|
||||||
|
### vmray
|
||||||
|
- description: VMRay taxonomies to map VMRay Thread Identifier scores and artifacts.
|
||||||
|
- version: 1
|
||||||
|
- Predicates
|
||||||
|
- artifact
|
||||||
|
- verdict
|
||||||
|
- vti_analysis_score
|
||||||
### vocabulaire-des-probabilites-estimatives
|
### vocabulaire-des-probabilites-estimatives
|
||||||
- description: Ce vocabulaire attribue des valeurs en pourcentage à certains énoncés de probabilité
|
- description: Ce vocabulaire attribue des valeurs en pourcentage à certains énoncés de probabilité
|
||||||
- version: 3
|
- version: 3
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
"https://www.secalliance.com/platform/",
|
"https://www.secalliance.com/platform/",
|
||||||
"https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html"
|
"https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html"
|
||||||
],
|
],
|
||||||
"predicates":[
|
"predicates": [
|
||||||
{
|
{
|
||||||
"value": "sector",
|
"value": "sector",
|
||||||
"expanded": "Extensive list of sector definition tags"
|
"expanded": "Extensive list of sector definition tags"
|
||||||
|
@ -510,6 +510,5 @@
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue