MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' of github.com:MISP/misp-taxonomies

pull/44/head
Alexandre Dulaunoy 2016-10-27 08:19:05 +02:00
parent d2b66e2389 b74b1f0d4e
commit e4b88466ba
3 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
euci/machinetag.json
View File

@ -23,5 +23,6 @@
"expanded": "RESTREINT UE/EU RESTRICTED",
"description": "Information and material the unauthorised disclosure of which could be disadvantageous to the interests of the European Union or of one or more of the Member States."
}
]
],
"values": null
}

3
kill-chain/machinetag.json
View File

@ -32,5 +32,6 @@
"value": "Actions on Objectives",
"expanded": "Only now, after progressing through the first six phases, can intruders take actions to achieve their original objectives. Typically, this objective is data exfiltration which involves collecting, encrypting and extracting information from the victim environment; violations of data integrity or availability are potential objectives as well. Alternatively, the intruders may only desire access to the initial victim box for use as a hop point to compromise additional systems and move laterally inside the network."
}
]
],
"values": null
}

6
tools/machinetag.py
View File

@ -29,8 +29,12 @@
import json
import os.path
import argparse
import os
taxonomies = ['admiralty-scale', 'adversary', 'tlp', 'circl', 'iep', 'kill-chain', 'veris', 'ecsirt', 'enisa', 'dni-ism', 'europol-events', 'europol-incident', 'nato', 'euci', 'osint', 'csirt_case_classification', 'malware_classification', 'de-vs', 'fr-classif','eu-critical-sectors','dhs-ciip-sectors','estimative-language', 'ms-caro-malware', 'information-security-indicators', 'open-threat', 'misp', 'domain-abuse']
taxonomies = []
for folder in os.listdir('../'):
if os.path.isfile(os.path.join('../', folder, 'machinetag.json')):
taxonomies.append(folder)
argParser = argparse.ArgumentParser(description='Dump Machine Tags (Triple Tags) from MISP taxonomies', epilog='Available taxonomies are {0}'.format(taxonomies))
argParser.add_argument('-e', action='store_true', help='Include expanded tags')
argParser.add_argument('-a', action='store_true', help='Generate asciidoctor document from MISP taxonomies')