Merge branch 'master' of github.com:MISP/misp-taxonomies

pull/176/head
Raphaël Vinot 2019-11-19 10:59:38 +01:00
commit e7df5c2e66
47 changed files with 6219 additions and 685 deletions

View File

@ -1,489 +1,544 @@
{
"description": "Manifest file of MISP taxonomies available.",
"license": "CC-0",
"path": "machinetag.json",
"taxonomies": [
{
"version": 3,
"name": "accessnow",
"description": "Access Now classification to classify an issue (such as security, human rights, youth rights)."
},
{
"version": 1,
"name": "access-method",
"description": "The access method used to remotely access a system."
},
{
"version": 2,
"name": "action-taken",
"description": "Action taken in the case of a security incident (CSIRT perspective)."
},
{
"version": 2,
"name": "admiralty-scale",
"description": "The Admiralty Scale (also called the NATO System) is used to rank the reliability of a source and the credibility of an information."
},
{
"version": 4,
"name": "adversary",
"description": "An overview and description of the adversary infrastructure."
},
{
"version": 1,
"name": "ais-marking",
"description": "AIS Marking Schema implementation is maintained by the National Cybersecurity and Communication Integration Center (NCCIC) of the U.S. Department of Homeland Security (DHS)"
},
{
"version": 2,
"name": "analyst-assessment",
"description": "A series of assessment predicates describing the analyst capabilities to perform analysis. These assessment can be assigned by the analyst him/herself or by another party evaluating the analyst."
},
{
"version": 1,
"name": "approved-category-of-action",
"description": "A pre-approved category of action for indicators being shared with partners (MIMIC)."
},
{
"version": 1,
"name": "binary-class",
"description": "Custom taxonomy for types of binary file."
},
{
"version": 2,
"name": "cccs",
"description": "Internal taxonomy for CCCS."
},
{
"version": 1,
"description": "CERT-XLM Security Incident Classification.",
"name": "CERT-XLM",
"description": "CERT-XLM Security Incident Classification."
"version": 2
},
{
"version": 2,
"name": "circl",
"description": "CIRCL Taxonomy is a simple scheme for incident classification and area topic where the incident took place."
},
{
"version": 2,
"name": "collaborative-intelligence",
"description": "Collaborative intelligence support language is a common language to support analysts to perform their analysis to get crowdsourced support when using threat intelligence sharing platform like MISP."
},
{
"version": 1,
"name": "csirt_case_classification",
"description": "FIRST CSIRT Case Classification."
},
{
"version": 4,
"name": "cssa",
"description": "The CSSA agreed sharing taxonomy."
},
{
"version": 1,
"name": "dcso-sharing",
"description": "DCSO Sharing Taxonomy to classify certain types of MISP events using the DCSO Event Guide"
},
{
"version": 2,
"name": "ddos",
"description": "Distributed Denial of Service - or short: DDoS - taxonomy supports the description of Denial of Service attacks and especially the types they belong too."
},
{
"version": 1,
"name": "de-vs",
"description": "Taxonomy for the handling of protectively marked information in MISP with German (DE) Government classification markings (VS)"
},
{
"version": 2,
"name": "dhs-ciip-sectors",
"description": "DHS critical sectors as described in https://www.dhs.gov/critical-infrastructure-sectors."
},
{
"version": 1,
"name": "diamond-model",
"description": "The Diamond Model for Intrusion Analysis, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack."
},
{
"version": 1,
"description": "The Detection Maturity Level (DML) model is a capability maturity model for referencing ones maturity in detecting cyber attacks. It's designed for organizations who perform intel-driven detection and response and who put an emphasis on having a mature detection program.",
"name": "DML",
"description": "The Detection Maturity Level (DML) model is a capability maturity model for referencing ones maturity in detecting cyber attacks. It's designed for organizations who perform intel-driven detection and response and who put an emphasis on having a mature detection program."
"version": 1
},
{
"version": 3,
"name": "dni-ism",
"description": "ISM (Information Security Marking Metadata) V13 as described by DNI.gov (Director of National Intelligence - US)."
},
{
"version": 1,
"name": "domain-abuse",
"description": "Taxonomy to tag domain names used for cybercrime."
},
{
"version": 1,
"name": "drugs",
"description": "A taxonomy based on the superclass and class of drugs, based on https://www.drugbank.ca/releases/latest"
},
{
"version": 1,
"name": "ecsirt",
"description": "eCSIRT incident classification Appendix C of the eCSIRT EU project including IntelMQ updates."
},
{
"version": 201601,
"name": "enisa",
"description": "ENISA Threat Taxonomy - A tool for structuring threat information as published in https://www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends/enisa-threat-landscape/etl2015/enisa-threat-taxonomy-a-tool-for-structuring-threat-information"
},
{
"version": 3,
"name": "estimative-language",
"description": "Estimative language - including likelihood or probability of event based on the Intelligence Community Directive 203 (ICD 203) (6.2.(a)) and JP 2-0, Joint Intelligence."
},
{
"version": 1,
"name": "euci",
"description": "EU classified information (EUCI) means any information or material designated by a EU security classification, the unauthorised disclosure of which could cause varying degrees of prejudice to the interests of the European Union or of one or more of the Member States as described in COUNCIL DECISION of 23 September 2013 on the security rules for protecting EU classified information"
},
{
"version": 2,
"name": "eu-marketop-and-publicadmin",
"description": "Market operators and public administrations that must comply to some notifications requirements under EU NIS directive."
},
{
"version": 1,
"name": "europol-event",
"description": "EUROPOL type of events taxonomy."
},
{
"version": 1,
"name": "europol-incident",
"description": "EUROPOL class of incident taxonomy."
},
{
"version": 1,
"name": "event-assessment",
"description": "A series of assessment predicates describing the event assessment performed to make judgement(s) under a certain level of uncertainty."
},
{
"version": 1,
"name": "fr-classif",
"description": "French gov information classification system."
},
{
"version": 1,
"name": "iep",
"description": "Forum of Incident Response and Security Teams (FIRST) Information Exchange Policy (IEP) framework."
},
{
"version": 1,
"name": "information-security-indicators",
"description": "Information security indicators have been standardized by the ETSI Industrial Specification Group (ISG) ISI. These indicators provide the basis to switch from a qualitative to a quantitative culture in IT Security Scope of measurements: External and internal threats (attempt and success), user's deviant behaviours, nonconformities and/or vulnerabilities (software, configuration, behavioural, general security framework). ETSI GS ISI 001-1 (V1.1.2): ISI Indicators"
},
{
"version": 1,
"name": "interception-method",
"description": "The interception method used to intercept traffic."
},
{
"version": 1,
"name": "kill-chain",
"description": "Cyber Kill Chain from Lockheed Martin as described in Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains."
},
{
"version": 1,
"name": "malware_classification",
"description": "Malware classification based on a SANS whitepaper about malware."
},
{
"version": 9,
"name": "misp",
"description": "Internal MISP taxonomy."
},
{
"version": 1,
"name": "ms-caro-malware",
"description": "Malware Type and Platform classification based on Microsoft's implementation of the Computer Antivirus Research Organization (CARO) Naming Scheme and Malware Terminology."
},
{
"version": 1,
"name": "ms-caro-malware-full",
"description": "Malware Type and Platform classification based on Microsoft's implementation of the Computer Antivirus Research Organization (CARO) Naming Scheme and Malware Terminology."
},
{
"version": 1,
"name": "nato",
"description": "Marking of Classified and Unclassified materials as described by the North Atlantic Treaty Organization, NATO."
},
{
"version": 1,
"name": "open_threat",
"description": "Open Threat Taxonomy v1.1 base on James Tarala of SANS ref. - http://www.auditscripts.com/resources/open_threat_taxonomy_v1.1a.pdf"
},
{
"version": 9,
"name": "osint",
"description": "Open Source Intelligence - Classification (MISP taxonomies)."
},
{
"version": 1,
"description": "The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.",
"name": "PAP",
"description": "The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used."
"version": 2
},
{
"version": 1,
"name": "passivetotal",
"description": "Tags for RiskIQ's passivetotal service"
},
{
"version": 1,
"name": "pentest",
"description": "Penetration test (pentest) classification."
},
{
"version": 1,
"name": "rt_event_status",
"description": "Status of events used in Request Tracker."
},
{
"version": 1,
"name": "stealth_malware",
"description": "Classification based on malware stealth techniques."
},
{
"version": 1,
"name": "stix-ttp",
"description": "Representation of the behavior or modus operandi of cyber adversaries (a.k.a TTP) as normalized in STIX"
},
{
"version": 1,
"name": "targeted-threat-index",
"description": "The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victims computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman."
},
{
"version": 3,
"name": "tlp",
"description": "The Traffic Light Protocol - or short: TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time. Extended with TLP:EX:CHR."
},
{
"version": 1,
"name": "tor",
"description": "Taxonomy to describe Tor network infrastructure"
},
{
"version": 2,
"name": "veris",
"description": "Vocabulary for Event Recording and Incident Sharing (VERIS)."
},
{
"version": 2,
"name": "vocabulaire-des-probabilites-estimatives",
"description": "Vocabulaire des probabilités estimatives"
},
{
"version": 2,
"name": "workflow",
"description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information."
},
{
"version": 1,
"name": "runtime-packer",
"description": "Runtime or software packer used to combine compressed data with the decompression code. The decompression code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries."
},
{
"version": 4,
"name": "honeypot-basic",
"description": "Christian Seifert, Ian Welch, Peter Komisarczuk, Taxonomy of Honeypots, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf"
},
{
"version": 1,
"name": "incident-disposition",
"description": "How an incident is classified in its process to be resolved. The taxonomy is inspired from NASA Incident Response and Management Handbook."
},
{
"version": 1,
"name": "cyber-threat-framework",
"description": "Cyber Threat Framework was developed by the US Government to enable consistent characterization and categorization of cyber threat events, and to identify trends or changes in the activities of cyber adversaries. https://www.dni.gov/index.php/cyber-threat-framework"
},
{
"version": 1,
"name": "priority-level",
"description": "After an incident is scored, it is assigned a priority level. The six levels listed below are aligned with NCCIC, DHS, and the CISS to help provide a common lexicon when discussing incidents. This priority assignment drives NCCIC urgency, pre-approved incident response offerings, reporting requirements, and recommendations for leadership escalation. Generally, incident priority distribution should follow a similar pattern to the graph below. Based on https://www.us-cert.gov/NCCIC-Cyber-Incident-Scoring-System."
},
{
"version": 1,
"name": "eu-nis-sector-and-subsectors",
"description": "Sectors and sub sectors as identified by the NIS Directive."
},
{
"version": 3,
"name": "economical-impact",
"description": "Economical impact is a taxonomy to describe the financial impact as positive or negative gain to the tagged information."
},
{
"version": 1,
"name": "fpf",
"description": "The Future of Privacy Forum (FPF) [visual guide to practical de-identification](https://fpf.org/2016/04/25/a-visual-guide-to-practical-data-de-identification/) taxonomy is used to evaluate the degree of identifiability of personal data and the types of pseudonymous data, de-identified data and anonymous data. The work of FPF is licensed under a creative commons attribution 4.0 international license."
},
{
"version": 1,
"name": "gdpr",
"description": "Taxonomy related to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)"
},
{
"version": 1,
"name": "infoleak",
"description": "A taxonomy describing information leaks and especially information classified as being potentially leaked."
},
{
"version": 1,
"name": "copine-scale",
"description": "The COPINE Scale is a rating system created in Ireland and used in the United Kingdom to categorise the severity of images of child sex abuse."
},
{
"name": "maec-delivery-vectors",
"description": "Vectors used to deliver malware based on MAEC 5.0",
"description": "The access method used to remotely access a system.",
"name": "access-method",
"version": 1
},
{
"name": "maec-malware-behavior",
"description": "Malware behaviours based on MAEC 5.0",
"description": "Access Now classification to classify an issue (such as security, human rights, youth rights).",
"name": "accessnow",
"version": 3
},
{
"description": "Action taken in the case of a security incident (CSIRT perspective).",
"name": "action-taken",
"version": 2
},
{
"description": "The Admiralty Scale or Ranking (also called the NATO System) is used to rank the reliability of a source and the credibility of an information. Reference based on FM 2-22.3 (FM 34-52) HUMAN INTELLIGENCE COLLECTOR OPERATIONS and NATO documents.",
"name": "admiralty-scale",
"version": 5
},
{
"description": "An overview and description of the adversary infrastructure",
"name": "adversary",
"version": 4
},
{
"description": "The AIS Marking Schema implementation is maintained by the National Cybersecurity and Communication Integration Center (NCCIC) of the U.S. Department of Homeland Security (DHS)",
"name": "ais-marking",
"version": 2
},
{
"description": "A series of assessment predicates describing the analyst capabilities to perform analysis. These assessment can be assigned by the analyst him/herself or by another party evaluating the analyst.",
"name": "analyst-assessment",
"version": 4
},
{
"description": "A pre-approved category of action for indicators being shared with partners (MIMIC).",
"name": "approved-category-of-action",
"version": 1
},
{
"name": "maec-malware-obfuscation-methods",
"description": "Obfuscation methods used by malware based on MAEC 5.0",
"version": 1
"description": "Custom taxonomy for types of binary file.",
"name": "binary-class",
"version": 2
},
{
"name": "maec-malware-capabilities",
"description": "Malware Capabilities based on MAEC 5.0",
"version": 1
"description": "Internal taxonomy for CCCS.",
"name": "cccs",
"version": 2
},
{
"name": "smart-airports-threats",
"description": "Threat taxonomy in the scope of securing smart airports by ENISA.",
"version": 1
"description": "CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection",
"name": "circl",
"version": 3
},
{
"version": 1,
"name": "false-positive",
"description": "This taxonomy aims to ballpark the expected amount of false positives."
"description": "Course of action taken within organization to discover, detect, deny, disrupt, degrade, deceive and/or destroy an attack.",
"name": "coa",
"version": 2
},
{
"version": 1,
"name": "rsit",
"description": "Reference Security Incident Classification Taxonomy."
"description": "Collaborative intelligence support language is a common language to support analysts to perform their analysis to get crowdsourced support when using threat intelligence sharing platform like MISP. The objective of this language is to advance collaborative analysis and to share earlier than later.",
"name": "collaborative-intelligence",
"version": 3
},
{
"version": 1,
"name": "nis",
"description": "NIS Cybersecurity Incident Taxonomy."
},
{
"version": 1,
"name": "ifx-vetting",
"description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process"
},
{
"version": 1,
"name": "monarc-threat",
"description": "MONARC threat taxonomy."
},
{
"version": 1,
"name": "file-type",
"description": "List of known file types."
},
{
"version": 1,
"name": "gsma-attack-category",
"description": "Taxonomy used by GSMA for their information sharing program with telco describing the attack categories"
},
{
"version": 1,
"name": "gsma-fraud",
"description": "Taxonomy used by GSMA for their information sharing program with telco describing the various aspects of fraud"
},
{
"version": 1,
"name": "gsma-network-technology",
"description": "Taxonomy used by GSMA for their information sharing program with telco describing the types of infrastructure. WiP"
},
{
"version": 1,
"name": "event-classification",
"description": "Event Classification."
},
{
"version": 1,
"name": "use-case-applicability",
"description": "The Use Case Applicability categories reflect standard resolution categories, to clearly display alerting rule configuration problems."
},
{
"version": 5,
"name": "exercise",
"description": "Exercise is a taxonomy to describe if the information is part of one or more cyber or crisis exercise."
},
{
"version": 1,
"name": "data-classification",
"description": "Data classification for data potentially at risk of exfiltration based on table 2.1 of Solving Cyber Risk book."
},
{
"version": 1,
"name": "type",
"description": "Taxonomy to describe different types of intelligence gathering discipline which can be described the origin of intelligence."
},
{
"version": 1,
"name": "information-security-data-source",
"description": "Taxonomy to classify the information security data sources"
},
{
"version": 1,
"name": "cryptocurrency-threat",
"description": "Threats targetting cryptocurrency, based on CipherTrace report."
},
{
"version": 1,
"name": "flesch-reading-ease",
"description": "Flesch Reading Ease is a revised system for determining the comprehension difficulty of written material. The scoring of the flesh score can have a maximum of 121.22 and there is no limit on how low a score can be (negative score are valid)."
},
{
"version": 3,
"description": "Common Taxonomy for Law enforcement and CSIRTs",
"name": "common-taxonomy",
"description": "The Common Taxonomy for Law Enforcement and The National Network of CSIRTs bridges the gap between the CSIRTs and international Law Enforcement communities by adding a legislative framework to facilitate the harmonisation of incident reporting to competent authorities, the development of useful statistics and sharing information within the entire cybercrime ecosystem."
"version": 3
},
{
"version": 1,
"name": "ransomware",
"description": "Ransomware is used to define ransomware types and the elements that compose them."
"description": "The COPINE Scale is a rating system created in Ireland and used in the United Kingdom to categorise the severity of images of child sex abuse. The scale was developed by staff at the COPINE (Combating Paedophile Information Networks in Europe) project. The COPINE Project was founded in 1997, and is based in the Department of Applied Psychology, University College Cork, Ireland.",
"name": "copine-scale",
"version": 3
},
{
"version": 3,
"name": "dark-web",
"description": "Criminal motivation on the dark web: A categorisation model for law enforcement. ref: Janis Dalins, Campbell Wilson, Mark Carman. Taxonomy updated by MISP Project."
"description": "A Course Of Action analysis considers six potential courses of action for the development of a cyber security capability.",
"name": "course-of-action",
"version": 1
},
{
"version": 1,
"name": "retention",
"description": "Retention taxonomy to describe the retention period of the tagged information."
"description": "Threats targetting cryptocurrency, based on CipherTrace report.",
"name": "cryptocurrency-threat",
"version": 1
},
{
"version": 1,
"name": "threats-to-dns",
"description": "An overview of some of the known attacks related to DNS as described by Torabi, S., Boukhtouta, A., Assi, C., & Debbabi, M. (2018) in Detecting Internet Abuse by Analyzing Passive DNS Traffic: A Survey of Implemented Systems. IEEE Communications Surveys & Tutorials, 11. doi:10.1109/comst.2018.2849614"
},
{
"version": 1,
"description": "Taxonomía CSIRT Américas.",
"name": "csirt-americas",
"description": "Taxonomy from CSIRTAmericas.org."
"version": 1
},
{
"description": "It is critical that the CSIRT provide consistent and timely response to the customer, and that sensitive information is handled appropriately. This document provides the guidelines needed for CSIRT Incident Managers (IM) to classify the case category, criticality level, and sensitivity level for each CSIRT case. This information will be entered into the Incident Tracking System (ITS) when a case is created. Consistent case classification is required for the CSIRT to provide accurate reporting to management on a regular basis. In addition, the classifications will provide CSIRT IMs with proper case handling procedures and will form the basis of SLAs between the CSIRT and other Company departments.",
"name": "csirt_case_classification",
"version": 1
},
{
"description": "The CSSA agreed sharing taxonomy.",
"name": "cssa",
"version": 8
},
{
"description": "Cyber Threat Framework was developed by the US Government to enable consistent characterization and categorization of cyber threat events, and to identify trends or changes in the activities of cyber adversaries. https://www.dni.gov/index.php/cyber-threat-framework",
"name": "cyber-threat-framework",
"version": 2
},
{
"description": "Criminal motivation on the dark web: A categorisation model for law enforcement. ref: Janis Dalins, Campbell Wilson, Mark Carman. Taxonomy updated by MISP Project",
"name": "dark-web",
"version": 3
},
{
"description": "Data classification for data potentially at risk of exfiltration based on table 2.1 of Solving Cyber Risk book.",
"name": "data-classification",
"version": 1
},
{
"description": "Taxonomy defined in the DCSO MISP Event Guide. It provides guidance for the creation and consumption of MISP events in a way that minimises the extra effort for the sending party, while enhancing the usefulness for receiving parties.",
"name": "dcso-sharing",
"version": 1
},
{
"description": "Distributed Denial of Service - or short: DDoS - taxonomy supports the description of Denial of Service attacks and especially the types they belong too.",
"name": "ddos",
"version": 2
},
{
"description": "German (DE) Government classification markings (VS).",
"name": "de-vs",
"version": 1
},
{
"description": "DHS critical sectors as in https://www.dhs.gov/critical-infrastructure-sectors",
"name": "dhs-ciip-sectors",
"version": 2
},
{
"description": "The Diamond Model for Intrusion Analysis establishes the basic atomic element of any intrusion activity, the event, composed of four core features: adversary, infrastructure, capability, and victim.",
"name": "diamond-model",
"version": 1
},
{
"description": "A subset of Information Security Marking Metadata ISM as required by Executive Order (EO) 13526. As described by DNI.gov as Data Encoding Specifications for Information Security Marking Metadata in Controlled Vocabulary Enumeration Values for ISM",
"name": "dni-ism",
"version": 3
},
{
"description": "Domain Name Abuse - taxonomy to tag domain names used for cybercrime. Use europol-incident to tag abuse-activity",
"name": "domain-abuse",
"version": 1
},
{
"description": "A taxonomy based on the superclass and class of drugs. Based on https://www.drugbank.ca/releases/latest",
"name": "drugs",
"version": 2
},
{
"description": "Economical impact is a taxonomy to describe the financial impact as positive or negative gain to the tagged information (e.g. data exfiltration loss, a positive gain for an adversary).",
"name": "economical-impact",
"version": 4
},
{
"description": "Incident Classification by the ecsirt.net version mkVI of 31 March 2015 enriched with IntelMQ taxonomy-type mapping.",
"name": "ecsirt",
"version": 2
},
{
"description": "The present threat taxonomy is an initial version that has been developed on the basis of available ENISA material. This material has been used as an ENISA-internal structuring aid for information collection and threat consolidation purposes. It emerged in the time period 2012-2015.",
"name": "enisa",
"version": 20170725
},
{
"description": "Estimative language to describe quality and credibility of underlying sources, data, and methodologies based Intelligence Community Directive 203 (ICD 203) and JP 2-0, Joint Intelligence",
"name": "estimative-language",
"version": 5
},
{
"description": "Market operators and public administrations that must comply to some notifications requirements under EU NIS directive",
"name": "eu-marketop-and-publicadmin",
"version": 1
},
{
"description": "Sectors and sub sectors as identified by the NIS Directive",
"name": "eu-nis-sector-and-subsectors",
"version": 1
},
{
"description": "EU classified information (EUCI) means any information or material designated by a EU security classification, the unauthorised disclosure of which could cause varying degrees of prejudice to the interests of the European Union or of one or more of the Member States.",
"name": "euci",
"version": 3
},
{
"description": "This taxonomy was designed to describe the type of events",
"name": "europol-event",
"version": 1
},
{
"description": "This taxonomy was designed to describe the type of incidents by class.",
"name": "europol-incident",
"version": 1
},
{
"description": "A series of assessment predicates describing the event assessment performed to make judgement(s) under a certain level of uncertainty.",
"name": "event-assessment",
"version": 2
},
{
"description": "Classification of events as seen in tools such as RT/IR, MISP and other",
"name": "event-classification",
"version": 1
},
{
"description": "Exercise is a taxonomy to describe if the information is part of one or more cyber or crisis exercise.",
"name": "exercise",
"version": 6
},
{
"description": "This taxonomy aims to ballpark the expected amount of false positives.",
"name": "false-positive",
"version": 5
},
{
"description": "List of known file types.",
"name": "file-type",
"version": 1
},
{
"description": "Flesch Reading Ease is a revised system for determining the comprehension difficulty of written material. The scoring of the flesh score can have a maximum of 121.22 and there is no limit on how low a score can be (negative score are valid).",
"name": "flesch-reading-ease",
"version": 2
},
{
"description": "The Future of Privacy Forum (FPF) [visual guide to practical de-identification](https://fpf.org/2016/04/25/a-visual-guide-to-practical-data-de-identification/) taxonomy is used to evaluate the degree of identifiability of personal data and the types of pseudonymous data, de-identified data and anonymous data. The work of FPF is licensed under a creative commons attribution 4.0 international license.",
"name": "fpf",
"version": 0
},
{
"description": "French gov information classification system",
"name": "fr-classif",
"version": 3
},
{
"description": "Taxonomy related to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)",
"name": "gdpr",
"version": 0
},
{
"description": "Information needed to track or monitor moments, periods or events that occur over time. This type of information is focused on occurrences that must be tracked for business reasons or represent a specific point in the evolution of The Business.",
"name": "gea-nz-activities",
"version": 1
},
{
"description": "Information relating to instances of entities or things.",
"name": "gea-nz-entities",
"version": 1
},
{
"description": "Information relating to authority or governance.",
"name": "gea-nz-motivators",
"version": 1
},
{
"description": "Taxonomy used by GSMA for their information sharing program with telco describing the attack categories",
"name": "gsma-attack-category",
"version": 1
},
{
"description": "Taxonomy used by GSMA for their information sharing program with telco describing the various aspects of fraud",
"name": "gsma-fraud",
"version": 1
},
{
"description": "Taxonomy used by GSMA for their information sharing program with telco describing the types of infrastructure. WiP",
"name": "gsma-network-technology",
"version": 3
},
{
"description": "Updated (CIRCL, Seamus Dowling and EURECOM) from Christian Seifert, Ian Welch, Peter Komisarczuk, Taxonomy of Honeypots, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf",
"name": "honeypot-basic",
"version": 4
},
{
"description": "FIRST.ORG CTI SIG - MISP Proposal for ICS/OT Threat Attribution (IOC) Project",
"name": "ics",
"version": 1
},
{
"description": "Forum of Incident Response and Security Teams (FIRST) Information Exchange Policy (IEP) framework",
"name": "iep",
"version": 2
},
{
"description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process",
"name": "ifx-vetting",
"version": 3
},
{
"description": "How an incident is classified in its process to be resolved. The taxonomy is inspired from NASA Incident Response and Management Handbook. https://www.nasa.gov/pdf/589502main_ITS-HBK-2810.09-02%20%5bNASA%20Information%20Security%20Incident%20Management%5d.pdf#page=9",
"name": "incident-disposition",
"version": 2
},
{
"description": "A taxonomy describing information leaks and especially information classified as being potentially leaked. The taxonomy is based on the work by CIRCL on the AIL framework. The taxonomy aim is to be used at large to improve classification of leaked information.",
"name": "infoleak",
"version": 7
},
{
"description": "Taxonomy to classify the information security data sources.",
"name": "information-security-data-source",
"version": 1
},
{
"description": "A full set of operational indicators for organizations to use to benchmark their security posture.",
"name": "information-security-indicators",
"version": 1
},
{
"description": "The interception method used to intercept traffic.",
"name": "interception-method",
"version": 1
},
{
"description": "Internet of Things taxonomy, based on IOT UK report https://iotuk.org.uk/wp-content/uploads/2017/01/IOT-Taxonomy-Report.pdf",
"name": "iot",
"version": 2
},
{
"description": "The Cyber Kill Chain, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack.",
"name": "kill-chain",
"version": 2
},
{
"description": "Vectors used to deliver malware based on MAEC 5.0",
"name": "maec-delivery-vectors",
"version": 1
},
{
"description": "Malware behaviours based on MAEC 5.0",
"name": "maec-malware-behavior",
"version": 1
},
{
"description": "Malware Capabilities based on MAEC 5.0",
"name": "maec-malware-capabilities",
"version": 2
},
{
"description": "Obfuscation methods used by malware based on MAEC 5.0",
"name": "maec-malware-obfuscation-methods",
"version": 1
},
{
"description": "Classification based on different categories. Based on https://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848",
"name": "malware_classification",
"version": 2
},
{
"description": "MISP taxonomy to infer with MISP behavior or operation.",
"name": "misp",
"version": 11
},
{
"description": "MONARC Threats Taxonomy",
"name": "monarc-threat",
"version": 1
},
{
"description": "Malware Type and Platform classification based on Microsoft's implementation of the Computer Antivirus Research Organization (CARO) Naming Scheme and Malware Terminology. Based on https://www.microsoft.com/en-us/security/portal/mmpc/shared/malwarenaming.aspx, https://www.microsoft.com/security/portal/mmpc/shared/glossary.aspx, https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx, and http://www.caro.org/definitions/index.html. Malware families are extracted from Microsoft SIRs since 2008 based on https://www.microsoft.com/security/sir/archive/default.aspx and https://www.microsoft.com/en-us/security/portal/threat/threats.aspx. Note that SIRs do NOT include all Microsoft malware families.",
"name": "ms-caro-malware",
"version": 1
},
{
"description": "Malware Type and Platform classification based on Microsoft's implementation of the Computer Antivirus Research Organization (CARO) Naming Scheme and Malware Terminology. Based on https://www.microsoft.com/en-us/security/portal/mmpc/shared/malwarenaming.aspx, https://www.microsoft.com/security/portal/mmpc/shared/glossary.aspx, https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx, and http://www.caro.org/definitions/index.html. Malware families are extracted from Microsoft SIRs since 2008 based on https://www.microsoft.com/security/sir/archive/default.aspx and https://www.microsoft.com/en-us/security/portal/threat/threats.aspx. Note that SIRs do NOT include all Microsoft malware families.",
"name": "ms-caro-malware-full",
"version": 2
},
{
"description": "NATO classification markings.",
"name": "nato",
"version": 2
},
{
"description": "The taxonomy is meant for large scale cybersecurity incidents, as mentioned in the Commission Recommendation of 13 September 2017, also known as the blueprint. It has two core parts: The nature of the incident, i.e. the underlying cause, that triggered the incident, and the impact of the incident, i.e. the impact on services, in which sector(s) of economy and society.",
"name": "nis",
"version": 2
},
{
"description": "Open Threat Taxonomy v1.1 base on James Tarala of SANS http://www.auditscripts.com/resources/open_threat_taxonomy_v1.1a.pdf, https://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Using-Open-Tools-to-Convert-Threat-Intelligence-into-Practical-Defenses-James-Tarala-SANS-Institute.pdf, https://www.youtube.com/watch?v=5rdGOOFC_yE, and https://www.rsaconference.com/writable/presentations/file_upload/str-r04_using-an-open-source-threat-model-for-prioritized-defense-final.pdf",
"name": "open_threat",
"version": 1
},
{
"description": "Open Source Intelligence - Classification (MISP taxonomies)",
"name": "osint",
"version": 11
},
{
"description": "Tags from RiskIQ's PassiveTotal service",
"name": "passivetotal",
"version": 2
},
{
"description": "Penetration test (pentest) classification.",
"name": "pentest",
"version": 3
},
{
"description": "Taxonomy to classify phishing attacks including techniques, collection mechanisms and analysis status.",
"name": "phishing",
"version": 4
},
{
"description": "After an incident is scored, it is assigned a priority level. The six levels listed below are aligned with NCCIC, DHS, and the CISS to help provide a common lexicon when discussing incidents. This priority assignment drives NCCIC urgency, pre-approved incident response offerings, reporting requirements, and recommendations for leadership escalation. Generally, incident priority distribution should follow a similar pattern to the graph below. Based on https://www.us-cert.gov/NCCIC-Cyber-Incident-Scoring-System.",
"name": "priority-level",
"version": 2
},
{
"description": "Ransomware is used to define ransomware types and the elements that compose them.",
"name": "ransomware",
"version": 4
},
{
"description": "Add a retenion time to events to automatically remove the IDS-flag on ip-dst or ip-src attributes. We calculate the time elapsed based on the date of the event. Supported time units are: d(ays), w(eeks), m(onths), y(ears). The numerical_value is just for sorting in the web-interface and is not used for calculations.",
"name": "retention",
"version": 3
},
{
"description": "Reference Security Incident Classification Taxonomy",
"name": "rsit",
"version": 3
},
{
"description": "Status of events used in Request Tracker.",
"name": "rt_event_status",
"version": 2
},
{
"description": "Runtime or software packer used to combine compressed data with the decompression code. The decompression code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.",
"name": "runtime-packer",
"version": 1
},
{
"description": "Flags describing the sample",
"name": "scrippsco2-fgc",
"version": 1
},
{
"description": "Flags describing the sample for isotopic data (C14, O18)",
"name": "scrippsco2-fgi",
"version": 1
},
{
"description": "Sampling stations of the Scripps CO2 Program",
"name": "scrippsco2-sampling-stations",
"version": 1
},
{
"description": "Threat taxonomy in the scope of securing smart airports by ENISA. https://www.enisa.europa.eu/publications/securing-smart-airports",
"name": "smart-airports-threats",
"version": 1
},
{
"description": "Classification based on malware stealth techniques. Described in https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf",
"name": "stealth_malware",
"version": 1
},
{
"description": "TTPs are representations of the behavior or modus operandi of cyber adversaries.",
"name": "stix-ttp",
"version": 1
},
{
"description": "The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victims computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman.",
"name": "targeted-threat-index",
"version": 3
},
{
"description": "An overview of some of the known attacks related to DNS as described by Torabi, S., Boukhtouta, A., Assi, C., & Debbabi, M. (2018) in Detecting Internet Abuse by Analyzing Passive DNS Traffic: A Survey of Implemented Systems. IEEE Communications Surveys & Tutorials, 11. doi:10.1109/comst.2018.2849614",
"name": "threats-to-dns",
"version": 1
},
{
"description": "The Traffic Light Protocol - or short: TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time.",
"name": "tlp",
"version": 5
},
{
"description": "Taxonomy to describe Tor network infrastructure",
"name": "tor",
"version": 1
},
{
"description": "Taxonomy to describe different types of intelligence gathering discipline which can be described the origin of intelligence.",
"name": "type",
"version": 1
},
{
"description": "The Use Case Applicability categories reflect standard resolution categories, to clearly display alerting rule configuration problems.",
"name": "use-case-applicability",
"version": 1
},
{
"description": "Vocabulary for Event Recording and Incident Sharing (VERIS)",
"name": "veris",
"version": 2
},
{
"description": "Ce vocabulaire attribue des valeurs en pourcentage à certains énoncés de probabilité",
"name": "vocabulaire-des-probabilites-estimatives",
"version": 3
},
{
"version": 1,
"name": "mwdb",
"description": "Malware Database (mwdb) Taxonomy - Tags used across the platform"
},
{
"description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.",
"name": "workflow",
"version": 10
}
],
"path": "machinetag.json",
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/",
"description": "Manifest file of MISP taxonomies available.",
"license": "CC-0",
"version": "20190705"
"version": "20191119"
}

View File

@ -2,7 +2,8 @@
"namespace": "PAP",
"expanded": "Permissible Actions Protocol",
"description": "The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.",
"version": 1,
"version": 2,
"exclusive": true,
"predicates": [
{
"value": "RED",

View File

@ -62,6 +62,7 @@ bfuscation techniques. This taxonomy lists all the known or official packer used
- [Binary Classification](./binary-class) safe/malicious binary tagging
- [Workflow](./workflow) support language is a common language to support intelligence analysts to perform their analysis on data and information.
- [file-type](./file-type) - List of known file types.
- [iot](./iot) - Interbet of Things Taxonomy
### [Admiralty Scale](./admiralty-scale)
@ -247,11 +248,11 @@ The MISP taxonomies (JSON files) are dual-licensed under:
or
~~~~
Copyright (c) 2015-2018 Alexandre Dulaunoy - a@foo.be
Copyright (c) 2015-2018 CIRCL - Computer Incident Response Center Luxembourg
Copyright (c) 2015-2018 Andras Iklody
Copyright (c) 2015-2018 Raphael Vinot
Copyright (c) 2016-2018 Various contributors to MISP Project
Copyright (c) 2015-2019 Alexandre Dulaunoy - a@foo.be
Copyright (c) 2015-2019 CIRCL - Computer Incident Response Center Luxembourg
Copyright (c) 2015-2019 Andras Iklody
Copyright (c) 2015-2019 Raphael Vinot
Copyright (c) 2016-2019 Various contributors to MISP Project
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

View File

@ -1,15 +1,17 @@
{
"namespace": "admiralty-scale",
"description": "The Admiralty Scale or Ranking (also called the NATO System) is used to rank the reliability of a source and the credibility of an information. Reference based on FM 2-22.3 (FM 34-52) HUMAN INTELLIGENCE COLLECTOR OPERATIONS and NATO documents.",
"version": 4,
"version": 5,
"predicates": [
{
"value": "source-reliability",
"expanded": "Source Reliability"
"expanded": "Source Reliability",
"exclusive": true
},
{
"value": "information-credibility",
"expanded": "Information Credibility"
"expanded": "Information Credibility",
"exclusive": true
}
],
"values": [

View File

@ -1,23 +1,27 @@
{
"namespace": "ais-marking",
"description": "The AIS Marking Schema implementation is maintained by the National Cybersecurity and Communication Integration Center (NCCIC) of the U.S. Department of Homeland Security (DHS)",
"version": 1,
"version": 2,
"predicates": [
{
"value": "TLPMarking",
"expanded": "TLP Marking"
"expanded": "TLP Marking",
"exclusive": true
},
{
"value": "AISConsent",
"expanded": "AIS Consent"
"expanded": "AIS Consent",
"exclusive": true
},
{
"value": "CISA_Proprietary",
"expanded": "CISA Proprietary"
"expanded": "CISA Proprietary",
"exclusive": true
},
{
"value": "AISMarking",
"expanded": "AIS Marking"
"expanded": "AIS Marking",
"exclusive": true
}
],
"values": [

View File

@ -5,27 +5,27 @@
{
"expanded": "Less than 1 year",
"value": "less-than-1-year",
"numerical_value": 1
"numerical_value": 20
},
{
"expanded": "Between 1 and 5 years",
"value": "between-1-and-5-years",
"numerical_value": 2
"numerical_value": 40
},
{
"expanded": "Between 5 and 10 years",
"value": "between-5-and-10-years",
"numerical_value": 3
"numerical_value": 60
},
{
"expanded": "Between 10 and 20 years",
"value": "between-10-and-20-years",
"numerical_value": 4
"numerical_value": 80
},
{
"expanded": "More than 20 years",
"value": "more-than-20-years",
"numerical_value": 5
"numerical_value": 100
}
],
"predicate": "experience"
@ -56,27 +56,27 @@
{
"expanded": "Less than 1 year",
"value": "less-than-1-year",
"numerical_value": 1
"numerical_value": 20
},
{
"expanded": "Between 1 and 5 years",
"value": "between-1-and-5-years",
"numerical_value": 2
"numerical_value": 40
},
{
"expanded": "Between 5 and 10 years",
"value": "between-5-and-10-years",
"numerical_value": 3
"numerical_value": 60
},
{
"expanded": "Between 10 and 20 years",
"value": "between-10-and-20-years",
"numerical_value": 4
"numerical_value": 80
},
{
"expanded": "More than 20 years",
"value": "more-than-20-years",
"numerical_value": 5
"numerical_value": 100
}
],
"predicate": "binary-reversing-experience"
@ -132,27 +132,27 @@
{
"expanded": "Less than 1 year",
"value": "less-than-1-year",
"numerical_value": 1
"numerical_value": 20
},
{
"expanded": "Between 1 and 5 years",
"value": "between-1-and-5-years",
"numerical_value": 2
"numerical_value": 40
},
{
"expanded": "Between 5 and 10 years",
"value": "between-5-and-10-years",
"numerical_value": 3
"numerical_value": 60
},
{
"expanded": "Between 10 and 20 years",
"value": "between-10-and-20-years",
"numerical_value": 4
"numerical_value": 80
},
{
"expanded": "More than 20 years",
"value": "more-than-20-years",
"numerical_value": 5
"numerical_value": 100
}
],
"predicate": "web-experience"
@ -162,27 +162,27 @@
{
"expanded": "Less than 1 year",
"value": "less-than-1-year",
"numerical_value": 1
"numerical_value": 20
},
{
"expanded": "Between 1 and 5 years",
"value": "between-1-and-5-years",
"numerical_value": 2
"numerical_value": 40
},
{
"expanded": "Between 5 and 10 years",
"value": "between-5-and-10-years",
"numerical_value": 3
"numerical_value": 60
},
{
"expanded": "Between 10 and 20 years",
"value": "between-10-and-20-years",
"numerical_value": 4
"numerical_value": 80
},
{
"expanded": "More than 20 years",
"value": "more-than-20-years",
"numerical_value": 5
"numerical_value": 100
}
],
"predicate": "crypto-experience"
@ -229,7 +229,7 @@
"org",
"user"
],
"version": 2,
"version": 4,
"description": "A series of assessment predicates describing the analyst capabilities to perform analysis. These assessment can be assigned by the analyst him/herself or by another party evaluating the analyst.",
"expanded": "Analyst (Self) Assessment",
"namespace": "analyst-assessment"

View File

@ -1,7 +1,8 @@
{
"namespace": "binary-class",
"description": "Custom taxonomy for types of binary file.",
"version": 1,
"exclusive": true,
"version": 2,
"predicates": [
{
"value": "type",

377
coa/machinetag.json Normal file
View File

@ -0,0 +1,377 @@
{
"namespace": "coa",
"description": "Course of action taken within organization to discover, detect, deny, disrupt, degrade, deceive and/or destroy an attack.",
"version": 2,
"predicates": [
{
"value": "discover",
"expanded": "Search historical data for an indicator."
},
{
"value": "detect",
"expanded": "Set up a detection rule for an indicator for future alerting."
},
{
"value": "deny",
"expanded": "Prevent an event from taking place."
},
{
"value": "disrupt",
"expanded": "Make an event fail when it is taking place."
},
{
"value": "degrade",
"expanded": "Slow down attacker activity; reduce attacker efficiency."
},
{
"value": "deceive",
"expanded": "Pretend only that an action was successful or provide misinformation to the attacker."
},
{
"value": "destroy",
"expanded": "Offensive action against the attacker."
}
],
"values": [
{
"predicate": "discover",
"entry": [
{
"value": "proxy",
"expanded": "Searched historical proxy logs.",
"colour": "#005065"
},
{
"value": "ids",
"expanded": "Searched historical IDS logs.",
"colour": "#00586f"
},
{
"value": "firewall",
"expanded": "Searched historical firewall logs.",
"colour": "#005f78"
},
{
"value": "pcap",
"expanded": "Discovered in packet-capture logs",
"colour": "#006681"
},
{
"value": "remote-access",
"expanded": "Searched historical remote access logs.",
"colour": "#006e8b"
},
{
"value": "authentication",
"expanded": "Searched historical authentication logs.",
"colour": "#007594"
},
{
"value": "honeypot",
"expanded": "Searched historical honeypot data.",
"colour": "#007c9d"
},
{
"value": "syslog",
"expanded": "Searched historical system logs.",
"colour": "#0084a6"
},
{
"value": "web",
"expanded": "Searched historical WAF and web application logs.",
"colour": "#008bb0"
},
{
"value": "database",
"expanded": "Searched historcial database logs.",
"colour": "#0092b9"
},
{
"value": "mail",
"expanded": "Searched historical mail logs.",
"colour": "#009ac2"
},
{
"value": "antivirus",
"expanded": "Searched historical antivirus alerts.",
"colour": "#00a1cb"
},
{
"value": "malware-collection",
"expanded": "Retro hunted in a malware collection.",
"colour": "#00a8d5"
},
{
"value": "other",
"expanded": "Searched other historical data.",
"colour": "#00b0de"
},
{
"value": "unspecified",
"expanded": "Unspecified information.",
"colour": "#00b7e7"
}
]
},
{
"predicate": "detect",
"entry": [
{
"value": "proxy",
"expanded": "Detect by Proxy infrastructure",
"colour": "#0abdeb"
},
{
"value": "nids",
"expanded": "Detect by Network Intrusion detection system.",
"colour": "#13c5f4"
},
{
"value": "hids",
"expanded": "Detect by Host Intrusion detection system.",
"colour": "#24c9f5"
},
{
"value": "other",
"expanded": "Detect by other tools.",
"colour": "#35cef5"
},
{
"value": "syslog",
"expanded": "Detect in system logs.",
"colour": "#45d2f6"
},
{
"value": "firewall",
"expanded": "Detect by firewall.",
"colour": "#56d6f7"
},
{
"value": "email",
"expanded": "Detect by MTA.",
"colour": "#67daf8"
},
{
"value": "web",
"expanded": "Detect by web infrastructure including WAF.",
"colour": "#78def8"
},
{
"value": "database",
"expanded": "Detect in database.",
"colour": "#89e2f9"
},
{
"value": "remote-access",
"expanded": "Detect in remote-access logs.",
"colour": "#9ae6fa"
},
{
"value": "malware-collection",
"expanded": "Detect in malware-collection.",
"colour": "#aaeafb"
},
{
"value": "antivirus",
"expanded": "Detect with antivirus.",
"colour": "#bbeefb"
},
{
"value": "unspecified",
"expanded": "Unspecified information.",
"colour": "#ccf2fc"
}
]
},
{
"predicate": "deny",
"entry": [
{
"value": "proxy",
"expanded": "Implemented a proxy filter.",
"colour": "#f09105"
},
{
"value": "firewall",
"expanded": "Implemented a block rule on a firewall.",
"colour": "#f99a0e"
},
{
"value": "waf",
"expanded": "Implemented a block rule on a web application firewall.",
"colour": "#f9a11f"
},
{
"value": "email",
"expanded": "Implemented a filter on a mail transfer agent.",
"colour": "#faa830"
},
{
"value": "chroot",
"expanded": "Implemented a chroot jail.",
"colour": "#faaf41"
},
{
"value": "remote-access",
"expanded": "Blocked an account for remote access.",
"colour": "#fbb653"
},
{
"value": "other",
"expanded": "Denied an action by other means.",
"colour": "#fbbe64"
},
{
"value": "unspecified",
"expanded": "Unspecified information.",
"colour": "#fbc575"
}
]
},
{
"predicate": "disrupt",
"entry": [
{
"value": "nips",
"expanded": "Implemented a rule on a network IPS.",
"colour": "#660389"
},
{
"value": "hips",
"expanded": "Implemented a rule on a host-based IPS.",
"colour": "#73039a"
},
{
"value": "other",
"expanded": "Disrupted an action by other means.",
"colour": "#8003ab"
},
{
"value": "email",
"expanded": "Quarantined an email.",
"colour": "#8d04bd"
},
{
"value": "memory-protection",
"expanded": "Implemented memory protection like DEP and/or ASLR.",
"colour": "#9a04ce"
},
{
"value": "sandboxing",
"expanded": "Exploded in a sandbox.",
"colour": "#a605df"
},
{
"value": "antivirus",
"expanded": "Activated an antivirus signature.",
"colour": "#b305f0"
},
{
"value": "unspecified",
"expanded": "Unspecified information.",
"colour": "#bc0ef9"
}
]
},
{
"predicate": "degrade",
"entry": [
{
"value": "bandwidth",
"expanded": "Throttled the bandwidth.",
"colour": "#0421ce"
},
{
"value": "tarpit",
"expanded": "Implement a network tarpit.",
"colour": "#0523df"
},
{
"value": "other",
"expanded": "Degraded an action by other means.",
"colour": "#0526f0"
},
{
"value": "email",
"expanded": "Queued an email.",
"colour": "#0e2ff9"
},
{
"value": "unspecified",
"expanded": "Unspecified information.",
"colour": "#1f3ef9"
}
]
},
{
"predicate": "deceive",
"entry": [
{
"value": "honeypot",
"expanded": "Implemented an interactive honeypot.",
"colour": "#0eb274"
},
{
"value": "DNS",
"expanded": "Implemented DNS redirects, e.g. a response policy zone.",
"colour": "#10c37f"
},
{
"value": "other",
"expanded": "Deceived the attacker with other technology.",
"colour": "#11d389"
},
{
"value": "email",
"expanded": "Implemented email redirection.",
"colour": "#12e394"
},
{
"value": "unspecified",
"expanded": "Unspecified information.",
"colour": "#1bec9d"
}
]
},
{
"predicate": "destroy",
"entry": [
{
"value": "arrest",
"expanded": "Arrested the threat actor.",
"colour": "#c33210"
},
{
"value": "seize",
"expanded": "Seized attacker infrastructure.",
"colour": "#d33611"
},
{
"value": "physical",
"expanded": "Physically destroyed attacker hardware.",
"colour": "#e33b12"
},
{
"value": "dos",
"expanded": "Performed a denial-of-service attack against attacker infrastructure.",
"colour": "#ec441b"
},
{
"value": "hack-back",
"expanded": "Hack back against the threat actor.",
"colour": "#ed512b"
},
{
"value": "other",
"expanded": "Carried out other offensive actions against the attacker.",
"colour": "#ee5e3b"
},
{
"value": "unspecified",
"expanded": "Unspecified information.",
"colour": "#f06c4c"
}
]
}
]
}

View File

@ -2,7 +2,7 @@
"namespace": "collaborative-intelligence",
"expanded": "collaborative intelligence support language",
"description": "Collaborative intelligence support language is a common language to support analysts to perform their analysis to get crowdsourced support when using threat intelligence sharing platform like MISP. The objective of this language is to advance collaborative analysis and to share earlier than later.",
"version": 2,
"version": 3,
"predicates": [
{
"value": "request",
@ -18,6 +18,11 @@
"value": "sample",
"expanded": "Request a binary sample"
},
{
"value": "extracted-malware-config",
"expanded": "Extracted malware config",
"description": "Request of the malware configuration extracted from the malware sample tagged."
},
{
"value": "deobfuscated-sample",
"expanded": "Request a deobfuscated sample of the shared sample"

View File

@ -2,50 +2,60 @@
"predicates": [
{
"expanded": "Sadistic/bestiality: (a) Pictures showing a child being tied, bound, beaten, whipped, or otherwise subjected to something that implies pain; (b) Pictures where an animal is involved in some form of sexual behavior with a child",
"value": "level-10"
"value": "level-10",
"numerical_value": 100
},
{
"expanded": "Gross assault: Grossly obscene pictures of sexual assault, involving penetrative sex, masturbation, or oral sex involving an adult",
"value": "level-9"
"value": "level-9",
"numerical_value": 90
},
{
"expanded": "Assault: Pictures of children being subjected to a sexual assault, involving digital touching, involving an adult",
"value": "level-8"
"value": "level-8",
"numerical_value": 80
},
{
"expanded": "Explicit sexual activity: Involves touching, mutual and self-masturbation, oral sex, and intercourse by child, not involving an adult",
"value": "level-7"
"value": "level-7",
"numerical_value": 70
},
{
"expanded": "Explicit erotic posing: Emphasizing genital areas where the child is posing either naked, partially clothed, or fully clothed",
"value": "level-6"
"value": "level-6",
"numerical_value": 60
},
{
"expanded": "Erotic posing: Deliberately posed pictures of fully or partially clothed or naked children in sexualized or provocative poses",
"value": "level-5"
"value": "level-5",
"numerical_value": 50
},
{
"expanded": "Posing: Deliberately posed pictures of children fully or partially clothed or naked (where the amount, context, and organization suggests sexual interest)",
"value": "level-4"
"value": "level-4",
"numerical_value": 40
},
{
"expanded": "Erotica: Surreptitiously taken photographs of children in play areas or other safe environments showing either underwear or varying degrees of nakedness",
"value": "level-3"
"value": "level-3",
"numerical_value": 30
},
{
"expanded": "Nudist: Pictures of naked or seminaked children in appropriate nudist settings, and from legitimate sources",
"value": "level-2"
"value": "level-2",
"numerical_value": 20
},
{
"expanded": "Indicative: Nonerotic and nonsexualized pictures showing children in their underwear, swimming costumes, and so on, from either commercial sources or family albums; pictures of children playing in normal settings, in which the context or organization of pictures by the collector indicates inappropriateness",
"value": "level-1"
"value": "level-1",
"numerical_value": 10
}
],
"refs": [
"https://en.wikipedia.org/wiki/COPINE_scale",
"http://journals.sagepub.com/doi/pdf/10.1177/1079063217724768"
],
"version": 1,
"version": 3,
"description": "The COPINE Scale is a rating system created in Ireland and used in the United Kingdom to categorise the severity of images of child sex abuse. The scale was developed by staff at the COPINE (Combating Paedophile Information Networks in Europe) project. The COPINE Project was founded in 1997, and is based in the Department of Applied Psychology, University College Cork, Ireland.",
"expanded": "COPINE Scale",
"namespace": "copine-scale",

View File

@ -0,0 +1,56 @@
{
"namespace": "course-of-action",
"expanded": "Courses of Action",
"description": "A Course Of Action analysis considers six potential courses of action for the development of a cyber security capability.",
"version": 1,
"predicates": [
{
"value": "passive",
"expanded": "Passive actions have no influence of the adversarys doing."
},
{
"value": "active",
"expanded": "Active actions can impact the adversary doing."
}
],
"values": [
{
"predicate": "passive",
"entry": [
{
"value": "discover",
"expanded": "The discover action is a 'historical look at the data'. This action heavily relies on your capability to store logs for a reasonable amount of time and have them accessible for searching. Typically, this type of action is applied against security information and event management (SIEM) or stored network data. The goal is to determine whether you have seen a specific indicator in the past."
},
{
"value": "detect",
"expanded": "The passive action is setting up detection rules of an indicator for future traffic. These actions are most often executed via an intrusion detection system (IDS) or a specific logging rule on your firewall or application. It can also be configured as an alert in a SIEM when a specific condition is triggered."
}
]
},
{
"predicate": "active",
"entry": [
{
"value": "deny",
"expanded": "The deny action prevents the event from taking place. Common examples include a firewall block or a proxy filter."
},
{
"value": "disrupt",
"expanded": "Disruption makes the event fail as it is occurring. Examples include quarantining or memory protection measures."
},
{
"value": "degrade",
"expanded": "Degrading will not immediately fail an event, but it will slow down the further actions of the attacker. This tactic allows you to catch up during an incident response process, but you have to consider that the attackers may eventually succeed in achieving their objectives. Throttling bandwidth is one way to degrade an intrusion."
},
{
"value": "decieve",
"expanded": "Deception allows you to learn more about the intentions of the attacker by making them think the action was successful. One way to do this is to put a honeypot in place and redirect the traffic, based on an indicator, towards the honeypot."
},
{
"value": "destroy",
"expanded": "The destroy action is rarely for 'usual' defenders, as this is an offensive action against the attacker. These actions, including physical destructive actions and arresting the attackers, are usually left to law enforcement agencies."
}
]
}
]
}

View File

@ -1,7 +1,7 @@
{
"namespace": "cssa",
"description": "The CSSA agreed sharing taxonomy.",
"version": 4,
"version": 8,
"predicates": [
{
"value": "sharing-class",
@ -11,6 +11,10 @@
"value": "origin",
"expanded": "Origin"
},
{
"value": "report",
"expanded": "Report"
},
{
"value": "analyse",
"expanded": "Please analyse sample",
@ -24,17 +28,40 @@
{
"value": "high_profile",
"expanded": "Generated within the company during incident/case related investigations or forensic analysis or via malware reversing, validated by humans and highly contextualized.",
"colour": "#007695"
"colour": "#007695",
"numerical_value": 95
},
{
"value": "vetted",
"expanded": "Generated within the company, validated by a human prior to sharing, data points have been contextualized (to a degree) e.g. IPs are related to C2 or drop site.",
"colour": "#008aaf"
"colour": "#008aaf",
"numerical_value": 50
},
{
"value": "unvetted",
"expanded": "Generated within the company by automated means without human interaction e.g., by malware sandbox, honeypots, IDS, etc.",
"colour": "#00b3e2"
"colour": "#00b3e2",
"numerical_value": 10
}
]
},
{
"predicate": "report",
"entry": [
{
"value": "details",
"expanded": "Description of the incidence.",
"colour": "#fbc166"
},
{
"value": "link",
"expanded": "Link to the original report location.",
"colour": "#fbcb7f"
},
{
"value": "attached",
"expanded": "Attached report.",
"colour": "#fcd597"
}
]
},
@ -59,13 +86,18 @@
{
"value": "email",
"expanded": "Information coming out of email infrastructure.",
"colour": "#3cb08a"
"colour": "#3db08a"
},
{
"value": "3rd-party",
"expanded": "Information from outside the company.",
"colour": "#46c098"
},
{
"value": "report",
"expanded": "Information coming from a report.",
"colour": "#22644e"
},
{
"value": "other",
"expanded": "If none of the other origins applies.",

View File

@ -2,7 +2,7 @@
"namespace": "cyber-threat-framework",
"expanded": "Cyber Threat Framework",
"description": "Cyber Threat Framework was developed by the US Government to enable consistent characterization and categorization of cyber threat events, and to identify trends or changes in the activities of cyber adversaries. https://www.dni.gov/index.php/cyber-threat-framework",
"version": 1,
"version": 2,
"predicates": [
{
"value": "Preparation",

View File

@ -30,14 +30,24 @@
"description": "Illegal drugs/chemical compounds for consumption/ingestion - either via blanket unlawfulness (e.g. proscribed drugs) or via unlawful access (e.g. prescription-only/restricted medications sold without lawful accessibility)."
},
{
"value": "extremism",
"expanded": "Extremism",
"description": "Illegal or of concern levels of extremist ideology. Note this does not provide blanket coverage of fundamentalist ideologies and dogma - only those associated with illegal acts. Socialist/anarchist/religious materials (for example) will not be included unless inclusive or indicative of associated illegal conduct, such as hate crimes."
"value": "electronics",
"expanded": "Electronics",
"description": "Electronics and high tech materials, described or to sell for example."
},
{
"value": "finance",
"expanded": "Finance",
"description": "Any monetary/currency/exchangeable materials. Includes carding, Bitcoin, Litecoin etc."
"description": "Any monetary/currency/exchangeable materials. Includes carding, Paypal etc."
},
{
"value": "finance-crypto",
"expanded": "CryptoFinance",
"description": "Any monetary/currency/exchangeable materials based on cryptocurrencies. Includes Bitcoin, Litecoin etc."
},
{
"value": "credit-card",
"expanded": "Credit-Card",
"description": "Credit cards and payments materials"
},
{
"value": "cash-in",
@ -94,6 +104,11 @@
"expanded": "Unclear",
"description": "Unable to completely establish topic of material."
},
{
"value": "extremism",
"expanded": "Extremism",
"description": "Illegal or of concern levels of extremist ideology. Note this does not provide blanket coverage of fundamentalist ideologies and dogma - only those associated with illegal acts. Socialist/anarchist/religious materials (for example) will not be included unless inclusive or indicative of associated illegal conduct, such as hate crimes."
},
{
"value": "violence",
"expanded": "Violence",
@ -109,11 +124,6 @@
"expanded": "Softwares",
"description": "Illegal or armful software distribution"
},
{
"value": "credit-card",
"expanded": "Credit-Card",
"description": "Credit cards and payments materials"
},
{
"value": "counteir-feit-materials",
"expanded": "Counter-feit materials",
@ -174,6 +184,16 @@
"expanded": "Ponies",
"description": "self-explanatory. It's ponies"
},
{
"value": "games",
"expanded": "Games",
"description": "Flash or online games"
},
{
"value": "parody",
"expanded": "Parody or Joke",
"description": "Meme, Parody, Jokes, Trolling, ..."
},
{
"value": "whistleblower",
"expanded": "Whistleblower",
@ -190,9 +210,9 @@
"description": "Materials providing instruction - e.g. how to guides"
},
{
"value": "file-sharing",
"expanded": "File Sharing",
"description": "General file sharing, typically (but not limited to) movie/image sharing"
"value": "wiki",
"expanded": "Wiki",
"description": "Wiki pages, documentation and information display"
},
{
"value": "forum",
@ -200,9 +220,9 @@
"description": "Sites specifically designed for multiple users to communicate as peers"
},
{
"value": "wiki",
"expanded": "Wiki",
"description": "Wiki pages, documentation and information display"
"value": "file-sharing",
"expanded": "File Sharing",
"description": "General file sharing, typically (but not limited to) movie/image sharing"
},
{
"value": "hosting",
@ -229,6 +249,11 @@
"expanded": "Scam",
"description": "Intentional confidence trick to fraud people or group of people"
},
{
"value": "political-speech",
"expanded": "Political-Speech",
"description": "Political, activism, without extremism."
},
{
"value": "conspirationist",
"expanded": "Conspirationist",
@ -239,11 +264,6 @@
"expanded": "Hate-Speech",
"description": "Racism, violent, hate... speech."
},
{
"value": "political-speech",
"expanded": "Political-Speech",
"description": "Political, activism, without extremism."
},
{
"value": "religious",
"expanded": "Religious",
@ -254,6 +274,11 @@
"expanded": "Marketplace/For Sale",
"description": "Services/goods for sale, regardless of means of payment."
},
{
"value": "smuggling",
"expanded": "Smuggling",
"description": "Information or trading of wild animals, prohibited goods, ... "
},
{
"value": "recruitment-advocacy",
"expanded": "Recruitment/Advocacy",
@ -263,6 +288,11 @@
"value": "system-placeholder",
"expanded": "System/Placeholder",
"description": "Automatically generated content, not designed for any identifiable purpose other than diagnostics - e.g. “It Works” message provided by default by Apache2"
},
{
"value": "unclear",
"expanded": "Unclear",
"description": "Unable to completely establish motivation of material."
}
]
},
@ -271,7 +301,7 @@
"entry": [
{
"value": "incomplete",
"expanded": "Imcomplete websites or information",
"expanded": "Incomplete websites or information",
"description": "Websites and pages that are unable to load completely properly"
},
{
@ -280,9 +310,19 @@
"description": "Captchas and solvers elements"
},
{
"value": "LoginForms",
"value": "login-forms",
"expanded": "Logins forms and gates",
"description": "Authentification pages, login page, login forms that block access to an internal part of a website."
"description": "Authentication pages, login page, login forms that block access to an internal part of a website."
},
{
"value": "contact-forms",
"expanded": "Contact forms and gates",
"description": "Forms to perform a contact request, send an e-mail, fill information, enter a password, ..."
},
{
"value": "encryption-keys",
"expanded": "Encryption and decryption keys",
"description": "e.g. PGP Keys, passwords, ..."
},
{
"value": "police-notice",
@ -292,7 +332,7 @@
{
"value": "legal-statement",
"expanded": "Legal-Statement",
"description": "RGPD statement, Privacy-policy, ..."
"description": "RGPD statement, Privacy-policy, guidelines of a websites or forum..."
},
{
"value": "test",
@ -303,6 +343,11 @@
"value": "videos",
"expanded": "Videos",
"description": "Videos and streaming"
},
{
"value": "unclear",
"expanded": "Unclear",
"description": "Unable to completely establish structure of material."
}
]
}

View File

@ -1,10 +1,10 @@
{
"namespace": "diamond-model",
"expanded": "Diamond Model for Intrusion Analysis",
"description": "The Diamond Model for Intrusion Analysis, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack.",
"description": "The Diamond Model for Intrusion Analysis establishes the basic atomic element of any intrusion activity, the event, composed of four core features: adversary, infrastructure, capability, and victim.",
"version": 1,
"refs": [
"http://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf"
"https://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf"
],
"predicates": [
{

View File

@ -2,7 +2,7 @@
"namespace": "economical-impact",
"expanded": " Economical Impact",
"description": "Economical impact is a taxonomy to describe the financial impact as positive or negative gain to the tagged information (e.g. data exfiltration loss, a positive gain for an adversary).",
"version": 3,
"version": 4,
"refs": [
"https://www.misp-project.org/"
],
@ -112,12 +112,14 @@
{
"value": "loss",
"expanded": "Loss",
"description": "A financial impact evaluated as a casuality."
"description": "A financial impact evaluated as a casuality.",
"exclusive": true
},
{
"value": "gain",
"expanded": "Gain",
"description": "A financial impact evaluated as a benefit."
"description": "A financial impact evaluated as a benefit.",
"exclusive": true
}
]
}

View File

@ -2,17 +2,19 @@
"namespace": "estimative-language",
"expanded": "Estimative languages",
"description": "Estimative language to describe quality and credibility of underlying sources, data, and methodologies based Intelligence Community Directive 203 (ICD 203) and JP 2-0, Joint Intelligence",
"version": 4,
"version": 5,
"predicates": [
{
"value": "likelihood-probability",
"expanded": "Likelihood or probability",
"description": "Properly expresses and explains uncertainties associated with major analytic judgments: Analytic products should indicate and explain the basis for the uncertainties associated with major analytic judgments, specifically the likelihood of occurrence of an event or development, and the analyst's confidence in the basis for this judgment. Degrees of likelihood encompass a full spectrum from remote to nearly certain. Analysts' confidence in an assessment or judgment may be based on the logic and evidentiary base that underpin it, including the quantity and quality of source material, and their understanding of the topic. Analytic products should note causes of uncertainty (e.g., type, currency, and amount of information, knowledge gaps, and the nature of the issue) and explain how uncertainties affect analysis (e.g., to what degree and how a judgment depends on assumptions). As appropriate, products should identify indicators that would alter the levels of uncertainty for major analytic judgments. Consistency in the terms used and the supporting information and logic advanced is critical to success in expressing uncertainty, regardless of whether likelihood or confidence expressions are used."
"description": "Properly expresses and explains uncertainties associated with major analytic judgments: Analytic products should indicate and explain the basis for the uncertainties associated with major analytic judgments, specifically the likelihood of occurrence of an event or development, and the analyst's confidence in the basis for this judgment. Degrees of likelihood encompass a full spectrum from remote to nearly certain. Analysts' confidence in an assessment or judgment may be based on the logic and evidentiary base that underpin it, including the quantity and quality of source material, and their understanding of the topic. Analytic products should note causes of uncertainty (e.g., type, currency, and amount of information, knowledge gaps, and the nature of the issue) and explain how uncertainties affect analysis (e.g., to what degree and how a judgment depends on assumptions). As appropriate, products should identify indicators that would alter the levels of uncertainty for major analytic judgments. Consistency in the terms used and the supporting information and logic advanced is critical to success in expressing uncertainty, regardless of whether likelihood or confidence expressions are used.",
"exclusive": true
},
{
"value": "confidence-in-analytic-judgment",
"expanded": "Confidence in analytic judgment",
"description": "Confidence in a judgment is based on three factors: number of key assumptions required, the credibility and diversity of sourcing in the knowledge base, and the strength of argumentation. Each factor should be assessed independently and then in concert with the other factors to determine the confidence level. Multiple judgments in a product may contain varying levels of confidence. Confidence levels are stated as Low, Moderate, and High."
"description": "Confidence in a judgment is based on three factors: number of key assumptions required, the credibility and diversity of sourcing in the knowledge base, and the strength of argumentation. Each factor should be assessed independently and then in concert with the other factors to determine the confidence level. Multiple judgments in a product may contain varying levels of confidence. Confidence levels are stated as Low, Moderate, and High.",
"exclusive": true
}
],
"values": [

View File

@ -1,7 +1,8 @@
{
"namespace": "euci",
"description": "EU classified information (EUCI) means any information or material designated by a EU security classification, the unauthorised disclosure of which could cause varying degrees of prejudice to the interests of the European Union or of one or more of the Member States.",
"version": 2,
"version": 3,
"exclusive": true,
"predicates": [
{
"value": "TS-UE/EU-TS",

View File

@ -79,6 +79,11 @@
"value": "2019",
"expanded": "2019",
"description": "Locked Shields 2019"
},
{
"value": "2020",
"expanded": "2020",
"description": "Locked Shields 2020"
}
]
},
@ -135,7 +140,7 @@
]
}
],
"version": 5,
"version": 6,
"description": "Exercise is a taxonomy to describe if the information is part of one or more cyber or crisis exercise.",
"expanded": "Exercise",
"namespace": "exercise"

View File

@ -1,13 +1,20 @@
{
"namespace": "false-positive",
"description": "This taxonomy aims to ballpark the expected amount of false positives.",
"version": 1,
"version": 5,
"expanded": "False positive",
"predicates": [
{
"value": "risk",
"expanded": "Risk",
"description": "Risk of having false positives in the tagged value."
"description": "Risk of having false positives in the tagged value.",
"exclusive": true
},
{
"value": "confirmed",
"expanded": "Confirmed",
"description": "Confirmed false positives in the tagged value.",
"exclusive": true
}
],
"values": [
@ -18,7 +25,7 @@
"value": "low",
"expanded": "Low",
"description": "The risk of having false positives in the tagged value is low.",
"numerical_value": 25
"numerical_value": 75
},
{
"value": "medium",
@ -30,7 +37,24 @@
"value": "high",
"expanded": "High",
"description": "The risk of having false positives in the tagged value is high.",
"numerical_value": 75
"numerical_value": 25
}
]
},
{
"predicate": "confirmed",
"entry": [
{
"value": "true",
"expanded": "True",
"description": "The false positive is confirmed.",
"numerical_value": 0
},
{
"value": "false",
"expanded": "False",
"description": "The flase positive is not confirmed.",
"numerical_value": 50
}
]
}

View File

@ -1,7 +1,8 @@
{
"namespace": "flesch-reading-ease",
"description": "Flesch Reading Ease is a revised system for determining the comprehension difficulty of written material. The scoring of the flesh score can have a maximum of 121.22 and there is no limit on how low a score can be (negative score are valid).",
"version": 1,
"version": 2,
"exclusive": true,
"predicates": [
{
"value": "score",

View File

@ -61,8 +61,7 @@
"exclusive": true
}
],
"version": 2,
"version": 3,
"description": "French gov information classification system",
"namespace": "fr-classif",
"exclusive": true
"namespace": "fr-classif"
}

View File

@ -0,0 +1,967 @@
{
"namespace": "gea-nz-activities",
"description": "Information needed to track or monitor moments, periods or events that occur over time. This type of information is focused on occurrences that must be tracked for business reasons or represent a specific point in the evolution of The Business.",
"refs": [
"https://www.dragon1.com/downloads/government-enterprise-architecture-for-new-zealand-v3.1.pdf"
],
"version": 1,
"predicates": [
{
"value": "cases-compliance",
"expanded": "Cases Compliance",
"description": "Information about an occurrence by a person or organisation that is under official investigation."
},
{
"value": "cases-proceeding",
"expanded": "Cases Proceeding",
"description": "Information about a case held by an organisation related to interpretation of the law."
},
{
"value": "cases-episode",
"expanded": "Cases Episode",
"description": "Information focused on individuals interactions with an agency, organisation or enterprise, which is tacked as a sequence over a period of time."
},
{
"value": "cases-commission-of-inquiry",
"expanded": "Cases Commission of Inquiry",
"description": "Information relating to inquiries into various issues. Commissions report findings, give advice and make recommendations."
},
{
"value": "cases-claim",
"expanded": "Cases Claim",
"description": "Information about claims."
},
{
"value": "cases-request",
"expanded": "Cases Request",
"description": "Information about requests that need to be tracked."
},
{
"value": "cases-order",
"expanded": "Cases Order",
"description": "Information relating to orders and tracking of the orders."
},
{
"value": "events-personal",
"expanded": "Events Personal",
"description": "Information around personal events like birth, starting school, getting married, etc."
},
{
"value": "events-crisis",
"expanded": "Events Crisis",
"description": "Information about events that describe a personal crisis."
},
{
"value": "events-social",
"expanded": "Events Social",
"description": "Information relating to planned or spontaneous occurrences of a social nature that may require a response by an organisation."
},
{
"value": "events-business",
"expanded": "Events Business",
"description": "Information related to a type of event relating to the business of the organisation."
},
{
"value": "events-trade",
"expanded": "Events Trade",
"description": "Information about events that hold substantial meaning for an individual but which are tracked by an organisation such as birth, deaths, health condition etc."
},
{
"value": "events-travel",
"expanded": "Events Travel",
"description": "Information related to traveling overseas or coming into France."
},
{
"value": "events-environmental",
"expanded": "Events Environmental",
"description": "Information held by an organisation about environmental activities such as atmospheric pressures, geological formations, rainfall etc."
},
{
"value": "events-uncontrolled",
"expanded": "Events Uncontrolled",
"description": "Information about events that occur spontaneously, but to which the organisation is required to respond."
},
{
"value": "events-interaction",
"expanded": "Events Interaction",
"description": "Information about activity that describes a relevant process or action undertaken by the enterprise."
},
{
"value": "services-france-society",
"expanded": "Services France Society",
"description": "Information related to services delivered across France individuals, communities, and businesses."
},
{
"value": "services-inviduals-&-communities",
"expanded": "Services Inviduals & Communities",
"description": "Information related to services delivered specifically to France individuals and communities."
},
{
"value": "services-services-to-business",
"expanded": "Services Services to Business",
"description": "Information related to services delivered specifically to France businesses."
},
{
"value": "services-civic-infrastructure",
"expanded": "Services Civic Infrastructure",
"description": "Information related to services delivering France infrastructure."
},
{
"value": "services-government-administration",
"expanded": "Services Government Infrastructure",
"description": "Information related to delivering France government wide operations and support services."
},
{
"value": "services-services-from-business",
"expanded": "Services Services from Business",
"description": "Information related to services delivered by businesses."
}
],
"values": [
{
"predicate": "cases-compliance",
"entry": [
{
"value": "assessment",
"expanded": "Assessment",
"description": "Detailed information related to performing an assessment, the act of assessing; appraisal; evaluation."
},
{
"value": "audit",
"expanded": "Audit",
"description": "Detailed information related to performing an audit, to make an audit of; examine (accounts, records, etc.) for purposes of verification."
},
{
"value": "inspection",
"expanded": "Inspection",
"description": "Detailed information related to performing an inspection or viewing."
},
{
"value": "investigation",
"expanded": "Investigation",
"description": "Detailed information related to performing an investigation, to search out and examine the particulars of in an attempt to learn the facts about something hidden, unique, or complex, especially in an attempt to find a motive, cause, or culprit."
},
{
"value": "review",
"expanded": "Review",
"description": "Detailed information related to performing a review, to survey mentally; take a survey of."
}
]
},
{
"predicate": "cases-proceeding",
"entry": [
{
"value": "breach",
"expanded": "Breach",
"description": "Detailed information related to breaches, such as breach of contract, defamation, the recovering of debts, and family disputes over care arrangements for children, and others."
},
{
"value": "fine",
"expanded": "Fine",
"description": "Detailed information related to fines, such as parking fine, speeding fine, and others."
},
{
"value": "fraud",
"expanded": "Fraud",
"description": "Detailed information related to fraud."
},
{
"value": "offence",
"expanded": "Offence",
"description": "Detailed information related to an offence."
}
]
},
{
"predicate": "cases-episode",
"entry": [
{
"value": "defect",
"expanded": "Defect",
"description": "Detailed information related to cases concerning defects, such as time of occurrence, a repeated defect, solution, etc."
},
{
"value": "emergency",
"expanded": "Emergency",
"description": "Detailed information related to emergency cases."
},
{
"value": "error",
"expanded": "Error",
"description": "Detailed information related to errors, a deviation from accuracy or correctness."
},
{
"value": "fault",
"expanded": "Fault",
"description": "Detailed information related to cases concerning faults, a defect or imperfection; flaw; failing."
},
{
"value": "history",
"expanded": "History",
"description": "Detailed information related to history, meaning a sequence of events, such as family history."
},
{
"value": "incident",
"expanded": "Incident",
"description": "Detailed information related to cases concerning incidents, an individual occurrence or event."
},
{
"value": "issue",
"expanded": "Issue",
"description": "Detailed information related to cases concerning issues, a point in question or a matter that is in dispute which needs a decision."
},
{
"value": "problem",
"expanded": "Problem",
"description": "Detailed information related to problems, any question or matter involving doubt, uncertainty, or difficulty."
},
{
"value": "crime",
"expanded": "Crime",
"description": "Detailed information related to cases concerning crimes, actions or instances of negligence that is deemed injurious to the public welfare or morals or to the interests of the state and that is legally prohibited."
},
{
"value": "infrigement",
"expanded": "Infrigement",
"description": "Detailed information related to cases concerning infringements, a breach or infraction, as of a law, right, or obligation; violation; transgression."
}
]
},
{
"predicate": "cases-claim",
"entry": [
{
"value": "claim-of-definition",
"expanded": "Claim of Definition",
"description": "Detailed information related to claims of definition."
},
{
"value": "claim-of-cause",
"expanded": "Claim of Cause",
"description": "Detailed information related to claims of cause."
},
{
"value": "claim-of-value",
"expanded": "Claim of Value",
"description": "Detailed information related to claims of value."
},
{
"value": "claim-of-policy",
"expanded": "Claim of Policy",
"description": "Detailed information related to claims of policy."
},
{
"value": "claim-of-fact",
"expanded": "Claim of Fact",
"description": "Detailed information related to claims of fact."
}
]
},
{
"predicate": "cases-request",
"entry": [
{
"value": "request-for-information",
"expanded": "Request for Information",
"description": "Detailed information related to requests for information."
},
{
"value": "request-for-proposal",
"expanded": "Request for proposal",
"description": "Detailed information related to requests for proposals."
},
{
"value": "request-for-quotation",
"expanded": "Request for quotation",
"description": "Detailed information related to requests for quotation."
},
{
"value": "request-for-tender",
"expanded": "Request for Tender",
"description": "Detailed information related to requests for tender."
},
{
"value": "request-for-approval",
"expanded": "Request for Approval",
"description": "Detailed information related to requests for approval."
},
{
"value": "request-for-comments",
"expanded": "Request for Comments",
"description": "Detailed information related to requests for comments."
},
{
"value": "order",
"expanded": "Order",
"description": "Information relating to orders and tracking of the orders."
}
]
},
{
"predicate": "events-personal",
"entry": [
{
"value": "birth",
"expanded": "Birth",
"description": "Detailed information related to giving birth."
},
{
"value": "starting-school",
"expanded": "Starting School",
"description": "Detailed information related to starting school."
},
{
"value": "adoption",
"expanded": "Adoption",
"description": "Detailed information related to adopting a child."
},
{
"value": "marriage",
"expanded": "Marriage",
"description": "Detailed information related to get married."
},
{
"value": "senior-citizenship",
"expanded": "Senior Citizenship",
"description": "Detailed information related to becoming a senior citizen."
},
{
"value": "care",
"expanded": "Care",
"description": "Detailed information related to going into care."
},
{
"value": "death",
"expanded": "Death",
"description": "Detailed information related to a death."
},
{
"value": "fostering",
"expanded": "Fostering",
"description": "Detailed information related to fostering a child."
},
{
"value": "enrol-to-vote",
"expanded": "Enrol to Vote",
"description": "Detailed information related to the event of enrolling to vote and voting."
},
{
"value": "volunteering",
"expanded": "Volunteering",
"description": "Detailed information related to the event of volunteering for public services."
},
{
"value": "driver's-licence",
"expanded": "Driver's Licence",
"description": "Detailed information related to getting a driver's licence."
}
]
},
{
"predicate": "events-crisis",
"entry": [
{
"value": "victim-of-a-crime",
"expanded": "Victim of a Crime",
"description": "Detailed information related to the event of being a victim of a crime."
},
{
"value": "witness-of-a-crime",
"expanded": "Witness of a Crime",
"description": "Detailed information related to the event of being a witness of a crime."
},
{
"value": "health",
"expanded": "Health",
"description": "Detailed information related to a health event, such as illness and operations."
},
{
"value": "emergency",
"expanded": "Emergency",
"description": "Detailed information related to an emergency."
},
{
"value": "accused",
"expanded": "Accused",
"description": "Detailed information related to being accused of a crime."
},
{
"value": "convicted",
"expanded": "Convicted",
"description": "Detailed information related to being convicted of a crime."
}
]
},
{
"predicate": "events-social",
"entry": [
{
"value": "ceremony",
"expanded": "Ceremony",
"description": "Detailed information related to ceremonies."
},
{
"value": "conference",
"expanded": "Conference",
"description": "Detailed information related to conferences."
},
{
"value": "concert",
"expanded": "Concert",
"description": "Detailed information related to concerts."
},
{
"value": "sporting-event",
"expanded": "Spporting Event",
"description": "Detailed information related to sporting events, an activity involving physical exertion and skill that is governed by a set of rules or customs and often undertaken competitively, often sports."
},
{
"value": "protest",
"expanded": "Protest",
"description": "Detailed information related to protests, an event at which people gather together to show strong disapproval about something."
},
{
"value": "festival",
"expanded": "Festival",
"description": "Detailed information related to festivals."
}
]
},
{
"predicate": "events-business",
"entry": [
{
"value": "seed-capital",
"expanded": "Seed Capital",
"description": "Detailed information related to seeding a business."
},
{
"value": "start-up",
"expanded": "Start-up",
"description": "Detailed information related to starting up a business."
},
{
"value": "hiring",
"expanded": "Hiring",
"description": "Detailed information related to hiring staff."
},
{
"value": "termination-of-employment",
"expanded": "Termination of Employment",
"description": "Detailed information related to terminating a employment contract."
},
{
"value": "merge",
"expanded": "Merge",
"description": "Detailed information related to merging of two or more companies, generally by offering the stockholders of one company securities in the acquiring company in exchange for the surrender of their stock."
},
{
"value": "demerge",
"expanded": "Demerge",
"description": "Detailed information related to a demerger, the separation of a large company into two or more smaller organizations, particularly as the dissolution of an earlier merger."
},
{
"value": "stock-exchange-listing",
"expanded": "Stock Exchange Listing",
"description": "Detailed information related to listing a company on the stock exchange."
},
{
"value": "stock-exchange-delisting",
"expanded": "Stock Exchange Delisting",
"description": "Detailed information related to de-listing or removing a company from the stock exchange."
},
{
"value": "change-name",
"expanded": "Change Name",
"description": "Detailed information related to changing the name of a company."
},
{
"value": "bankruptcy",
"expanded": "Bankruptcy",
"description": "Detailed information related to a company going bankrupt."
},
{
"value": "cease",
"expanded": "Cease",
"description": "Detailed information related to closing a company."
}
]
},
{
"predicate": "events-trade",
"entry": [
{
"value": "buying",
"expanded": "Buying",
"description": "Detailed information related to buying goods or real estates."
},
{
"value": "selling",
"expanded": "Selling",
"description": "Detailed information related to selling goods or real estates."
},
{
"value": "importing",
"expanded": "Importing",
"description": "Detailed information related to importing goods."
},
{
"value": "exporting",
"expanded": "Exporting",
"description": "Detailed information related to exporting goods."
},
{
"value": "renting",
"expanded": "Renting",
"description": "Detailed information related to renting goods or real estate."
}
]
},
{
"predicate": "events-travel",
"entry": [
{
"value": "travelling-overseas",
"expanded": "Travelling Overseas",
"description": "Detailed information related to traveling overseas."
},
{
"value": "extended-stay-in-france",
"expanded": "Extended Stay in France",
"description": "Detailed information related to an extended stay in France."
}
]
},
{
"predicate": "events-environmental",
"entry": [
{
"value": "atmospheric",
"expanded": "Atmospheric",
"description": "Detailed information related to atmospheric event, such as cyclone, hail, hurricane, lightning, rain, snow, typhoon, wind, pressure."
},
{
"value": "elemental",
"expanded": "Elemental",
"description": "Detailed information related to elemental event, such as avalanche, fire, flood, landslide, tsunami, etc."
},
{
"value": "geological",
"expanded": "Geological",
"description": "Detailed information related to geological event, such as earthquake, eruption, formation."
},
{
"value": "seasonal",
"expanded": "Seasonal",
"description": "Detailed information related to seasonal events."
}
]
},
{
"predicate": "events-uncontrolled",
"entry": [
{
"value": "accident",
"expanded": "Accident",
"description": "Detailed information related to an accident, such as crash, explosion, implosion, spill, etc."
},
{
"value": "attack",
"expanded": "Attack",
"description": "Detailed information related to attacks, such as arson, bombing, coup, kidnapping, biological attack, terrorism, uprising, and threats which lead to an offence."
},
{
"value": "failure",
"expanded": "Failure",
"description": "Detailed information related to a failure, such as blackout, nuclear meltdown, etc."
},
{
"value": "other",
"expanded": "Other",
"description": "Detailed information related to other uncontrolled events."
}
]
},
{
"predicate": "events-interaction",
"entry": [
{
"value": "channel",
"expanded": "Channel",
"description": "A channel or mode by which an interaction takes place. For example face-to-face, in-person or by mail etc."
},
{
"value": "medium",
"expanded": "Medium",
"description": "The format in which information content is supplied to others, provided internally to the organisation or purchased from an external provider."
},
{
"value": "interaction-type",
"expanded": "Interaction Type",
"description": "Actions represent the information about key interactions that occur. Concepts such as Operators Assisted and Self Service are just relationships from parties in their appropriate roles to an action."
}
]
},
{
"predicate": "services-france-society",
"entry": [
{
"value": "border-control",
"expanded": "Border Control",
"description": "Detailed information related to border control services."
},
{
"value": "culture-and-heritage",
"expanded": "Culture and Heritage",
"description": "Detailed information related to services to support culture and heritage."
},
{
"value": "defence",
"expanded": "Defence",
"description": "Detailed information related to services to support the defence and protection of the nation."
},
{
"value": "economic-service",
"expanded": "Economic Service",
"description": "Detailed information related to services to support the economic management of public funds and other resources."
},
{
"value": "environment",
"expanded": "Environment",
"description": "Detailed information related to services to support the management of surrounding natural and built environment."
},
{
"value": "financial-transaction-with-government",
"expanded": "Financial Transaction with Government",
"description": "Detailed information related to provisioning earned and unearned financial or monetary-like benefits to individuals, groups, or corporations."
},
{
"value": "international-relationship",
"expanded": "International Relationship",
"description": "Detailed information related to services around international relationships."
},
{
"value": "justice",
"expanded": "Justice",
"description": "Detailed information related to services to provide justice, apply legislation, etc."
},
{
"value": "france-society",
"expanded": "France Society",
"description": "Detailed information related to services to assist individuals and organisations."
},
{
"value": "natural-resources",
"expanded": "Natural Resources",
"description": "Detailed information related to services to support the sustainability use and management of energy, minerals, land, and water."
},
{
"value": "open-government",
"expanded": "Open Government",
"description": "Detailed information related to services around transparency that gives citizens oversight of the government."
},
{
"value": "regulatory-compliance-and-enforcement",
"expanded": "Regulatory Compliance and Enforcement",
"description": "Detailed information related to services to monitor and oversight of specific individuals, groups, industries, or communities participating in regulated activities."
},
{
"value": "science-and-research",
"expanded": "Science and Research",
"description": "Detailed information related to services to support and promote research and systematic studies."
},
{
"value": "security",
"expanded": "Security",
"description": "Detailed information related to services to maintain the safety of New Zealand at all levels of society."
},
{
"value": "statistical-services",
"expanded": "Statistical Services",
"description": "Detailed information related to services to provide high quality, objective and responsive statistics"
}
]
},
{
"predicate": "services-inviduals-&-communities",
"entry": [
{
"value": "adopting-and-fostering",
"expanded": "Adopting and Fostering",
"description": "Detailed information related to services to support a person who wants to adopt or foster another person, usually a child."
},
{
"value": "births-deaths-and-marriages",
"expanded": "Births, Deaths and Marriages",
"description": "Detailed information related to these life events of France citizens, and residents."
},
{
"value": "citizenship-and-immigration",
"expanded": "Citizenship and Immigration",
"description": "Detailed information related to services to assist people wishing to enter France on a permanent or temporary basis"
},
{
"value": "community-support",
"expanded": "Community Support",
"description": "Detailed information related to services to assist citizens in a particular district or those with common interests and needs."
},
{
"value": "education-and-training",
"expanded": "Education and Training",
"description": "Detailed information related to services to support the provisioning of skills and knowledge to citizens and the strategies to make education available to the broadest possible cross-section of the community."
},
{
"value": "emergency-and-disaster-preparedness",
"expanded": "Emergency and Disaster Preparedness",
"description": "Detailed information related to services to deal with and avoid both natural and manmade disasters."
},
{
"value": "information-from-citizens",
"expanded": "Information from Citizens",
"description": "Detailed information related to services to support avenues through which the government exchange information and explicit knowledge with individuals."
},
{
"value": "health-care",
"expanded": "Health Care",
"description": "Detailed information related to services to prevent, diagnose and treat diseases or injuries, to provision health care services and medical research."
},
{
"value": "passport-travel-and-tourism",
"expanded": "Passport, Travel and Tourism",
"description": "Detailed information related to services to support France citizens traveling or living overseas, and local and overseas tourists traveling within France."
},
{
"value": "sport-and-recreation",
"expanded": "Sport and Recreation",
"description": "Detailed information related to services to support, promote and encourage operating and marinating amenities or facilities for cultural, recreational and sporting activities."
},
{
"value": "work-and-jobs",
"expanded": "Work and Jobs",
"description": "Detailed information related to services to support employment, develop careers, and gain professional accreditation for individuals."
}
]
},
{
"predicate": "services-services-to-business",
"entry": [
{
"value": "business-development",
"expanded": "Business Development",
"description": "Detailed information related to services to assist business growth and management, and support advocacy programs and advising on regulations surrounding business activities."
},
{
"value": "business-support",
"expanded": "Business Support",
"description": "Detailed information related to services to support the private sector, including small business and non-profit organisations assisting businesses to comply with reporting requirements of the government."
},
{
"value": "commercial-sport",
"expanded": "Commercial Sport",
"description": "Detailed information related to services to cover the commercial aspects of sport when run as a business."
},
{
"value": "employment",
"expanded": "Employment",
"description": "Detailed information related to services to support the employment growth and working environment."
},
{
"value": "primal-industries",
"expanded": "Primal Industries",
"description": "Detailed information related to services to support rural and marine industries."
},
{
"value": "tourism",
"expanded": "Tourism",
"description": "Detailed information related to services to encourage recreational visitors to a region, and support the tourism industry."
},
{
"value": "trade",
"expanded": "Trade",
"description": "Detailed information related to services to support purchase, sale or exchange of commodities and advising on trade regulations."
}
]
},
{
"predicate": "services-civic-infrastructure",
"entry": [
{
"value": "civic-management",
"expanded": "Civic Management",
"description": "Detailed information related to services to provision integrated support for town planning and building projects, coordinate of building projects, provide advice on building regulations and guidelines."
},
{
"value": "communications",
"expanded": "Communications",
"description": "Detailed information related to services to support the growth of industries that enable and facilitate communication and transmission of information."
},
{
"value": "essential-services",
"expanded": "Essential Services",
"description": "Detailed information related to services to provision essential community services, evaluate land use, town planning, etc."
},
{
"value": "maritime-services",
"expanded": "Maritime Services",
"description": "Detailed information related to services to negotiate passage for sea transport and maritime jurisdiction, provide advice on regulations and manage maritime infrastructure."
},
{
"value": "public-housing",
"expanded": "Public Housing",
"description": "Detailed information related to services to supply low cost accommodations, provide advice on guidelines, evaluate the need for public housing, setting construction targets, support on-going maintenance of public houses."
},
{
"value": "regional-development",
"expanded": "Regional Development",
"description": "Detailed information related to services to support infrastructure projects, extend facilities beyond urban boundaries and support the installation of equipment to enable communications."
},
{
"value": "transport",
"expanded": "Transport",
"description": "Detailed information related to services to support road, rail and air transportation systems."
}
]
},
{
"predicate": "services-government-administration",
"entry": [
{
"value": "government-administration-management",
"expanded": "Government Administration Management",
"description": "Detailed information related to services that involve day-to day management and maintenance of the internal administrative operations."
},
{
"value": "government-business-management",
"expanded": "Government Business Management",
"description": "Detailed information related to services that involve activities associated with the management of how the government conduct its business."
},
{
"value": "government-credit-and-insurance",
"expanded": "Government Credit and Insurance",
"description": "Detailed information related to services that involve the use of government funds to cover the subsidy cost of a direct loan or loan guarantee or to protect/indemnify members of the public from financial losses."
},
{
"value": "government-financial-management",
"expanded": "Government Financial Management",
"description": "Detailed information related to services that involve agency's use of financial information to measure, operate and predict the effectiveness of efficiency of an entity's activities in relation to its objectives."
},
{
"value": "government-human-ressource-management",
"expanded": "Government Human Ressource Management",
"description": "Detailed information related to services that involve all activities associated with the recruitment and management of personnel."
},
{
"value": "government-ict-management",
"expanded": "Government ICT Management",
"description": "Detailed information related to services that involve the coordination of information and technology resources and solutions required to support or provide a service."
},
{
"value": "government-information-and-knowledge-management",
"expanded": "Government Information and Knowledge Management",
"description": "Detailed information related to services that involve the ownership or custody of information and intellectual assets held by the government."
},
{
"value": "government-strategy-planning-and-budgeting",
"expanded": "Government Strategy, Planning and Budgeting",
"description": "Detailed information related to services that involve the government activities of determining strategic direction, identifying and establishing programs, services and processes."
},
{
"value": "machinery-of-government",
"expanded": "Machinery of Government",
"description": "Detailed information related to services that involve executing legislative processes in Houses of Parliament, assemblies or councils."
}
]
},
{
"predicate": "services-services-from-business",
"entry": [
{
"value": "advertising",
"expanded": "Advertising",
"description": "Detailed information related to advertising services rendered by advertising establishments primarily undertaking communications to the public, declarations or announcements by all means of diffusion and concerning all kinds of goods or services."
},
{
"value": "business-management",
"expanded": "Business Management",
"description": "Detailed information related to services to support business management, mainly services rendered by persons or organizations principally with the object of help in the working or management of a commercial undertaking, or help in the management of the business affairs or commercial functions of an industrial or commercial enterprise."
},
{
"value": "insurance",
"expanded": "Insurance",
"description": "Detailed information related to services rendered in relation to insurance contracts of all kinds, such as services dealing with insurance such as services rendered by agents or brokers engaged in insurance, services rendered to insured, and insurance underwriting services."
},
{
"value": "financial-service",
"expanded": "Finalcial Service",
"description": "Detailed information related to services rendered in financial and monetary affairs."
},
{
"value": "real-estate-affairs",
"expanded": "Real Estate Affairs",
"description": "Detailed information related to services of realty administrators of buildings, i.e., services of letting or valuation, or financing."
},
{
"value": "building-construction",
"expanded": "Building-Construction",
"description": "Detailed information related to services rendered by contractors or subcontractors in the construction or making of permanent buildings, as well as services rendered by persons or organizations engaged in the restoration of objects to their original condition or in their preservation without altering their physical or chemical properties."
},
{
"value": "telecommunication",
"expanded": "Telecommunication",
"description": "Detailed information related to services allowing at least one person to communicate with another by a sensory means."
},
{
"value": "transportation",
"expanded": "Transportation",
"description": "Detailed information related to services rendered in transporting people or goods from one place to another (by rail, road, water, air or pipeline) and services necessarily connected with such transport."
},
{
"value": "packaging-and-storage-of-goods",
"expanded": "Packaging and Storage of Goods",
"description": "Detailed information related to services relating to the storing of goods in a warehouse or other building for their preservation or guarding."
},
{
"value": "travel-arrangement",
"expanded": "Travel Arrangement",
"description": "Detailed information related to services consisting of information about journeys by tourist agencies, information relating to tariffs, timetables and methods of travel."
},
{
"value": "treatment-of-material",
"expanded": "Treatment of Material",
"description": "Detailed information related to services not included in other categories, rendered by the mechanical or chemical processing or transformation of objects or inorganic or organic substances and any process involving a change in its essential properties (for example, dyeing a garment), and services of material treatment which may be present during the production of any substance or object other than a building, for example, services which involve cutting, shaping, polishing by abrasion or metal coating."
},
{
"value": "providing-training",
"expanded": "Providing Training",
"description": "Detailed information related to services rendered by persons or institutions in the development of the mental faculties of persons or animals."
},
{
"value": "entertainment",
"expanded": "Entertainment",
"description": "Detailed information related to services having the basic aim of the entertainment, amusement or recreation of people."
},
{
"value": "scientific-service",
"expanded": "Scientific Service",
"description": "Detailed information related to services provided by persons, individually or collectively, in relation to the theoretical and practical aspects of complex fields of activities, such services are provided by members of professions such as chemists, physicists, engineers, computer programmers, etc."
},
{
"value": "providing-food-drink-and-accomodation",
"expanded": "Providing Food, Drinking and Accomodation",
"description": "Detailed information related to services provided by persons or establishments whose aim is to prepare food and drink for consumption and services provided to obtain bed and board in hotels, boarding houses or other establishments providing temporary accommodation."
},
{
"value": "medical-service",
"expanded": "Medical Service",
"description": "Detailed information related to medical care, hygienic and beauty care given by persons or establishments to human beings and animals, it also includes services relating to the fields of agriculture, horticulture and forestry."
},
{
"value": "legal-service",
"expanded": "Legal Service",
"description": "Detailed information related to legal services, security services for the protection of property and individuals, personal and social services rendered by others to meet the needs of individuals."
}
]
}
]
}

View File

@ -0,0 +1,777 @@
{
"namespace": "gea-nz-entities",
"description": "Information relating to instances of entities or things.",
"refs": [
"https://www.dragon1.com/downloads/government-enterprise-architecture-for-new-zealand-v3.1.pdf"
],
"version": 1,
"predicates": [
{
"value": "parties-party",
"expanded": "Parties Party",
"description": "Information dealing with people or organisations."
},
{
"value": "parties-qualification",
"expanded": "Parties Qualification",
"description": "Information which relates to persons or organisations of a qualifying nature."
},
{
"value": "parties-role",
"expanded": "Parties Role",
"description": "Role information which relates to persons or organisations."
},
{
"value": "parties-party-relationship",
"expanded": "Parties Party Relationship",
"description": "Information about the relationship between two or more parties."
},
{
"value": "places-address",
"expanded": "Places Address",
"description": "Detailed information related to an address."
},
{
"value": "places-location-type",
"expanded": "Places Location Type",
"description": "Information of a geospatial or geopolitical nature held by an organisation."
},
{
"value": "places-address-type",
"expanded": "Places Address Type",
"description": "Identifies the types of address."
},
{
"value": "places-purpose-of-location",
"expanded": "Places Purpose of Location",
"description": "Information about the purpose of a given address or location."
},
{
"value": "items-application-&-ict-services",
"expanded": "Items Application & ICT Services",
"description": "Information about application and ICT service assets."
},
{
"value": "items-ict-infrastructure",
"expanded": "Items ICT Infrastructure",
"description": "Information about man made surroundings that provide setting for organisational activity, such as platforms, networks, facilities, and end user equipment."
},
{
"value": "items-natural",
"expanded": "Items natural",
"description": "Information held by organisation which relate to natural resources."
},
{
"value": "items-financial",
"expanded": "Items Financial",
"description": "Information related to financial assistance products."
},
{
"value": "items-goods",
"expanded": "Items Goods",
"description": "Information related to goods."
},
{
"value": "items-regulatory",
"expanded": "Items Regulatory",
"description": "Information on regulatory products managed by an organisation."
},
{
"value": "items-urban-infrastructure",
"expanded": "Items Urban Infrastructure",
"description": "Information related to urban infrastructure."
},
{
"value": "items-accommodation",
"expanded": "Items Accommodation",
"description": "Information related to shortterm accommodation provided on a commercial basis, excluding longterm accommodation and accommodation that is provided on a noncommercial basis."
},
{
"value": "items-dwelling-type",
"expanded": "Items Dwelling Type",
"description": "Information related to occupied dwelling type is used to monitor trends and developments in housing and institutional dwellings, to plan for the future housing and service needs of the community."
},
{
"value": "items-artefact",
"expanded": "Items Artefact",
"description": "An artefact is an item of value and manifests in a concrete form such as reports, documents, tables, books, instruction manuals, evidence, etc."
},
{
"value": "items-waste",
"expanded": "Items Waste",
"description": "Information related to the waste used, managed or produced by the organisation."
},
{
"value": "items-item-usage",
"expanded": "Items Item Usage",
"description": "Identifies the ways in which an organisation may use an item."
},
{
"value": "items-other-item",
"expanded": "Items Other Item",
"description": "Detailed information of other items not categorised within Items."
}
],
"values": [
{
"predicate": "parties-party",
"entry": [
{
"value": "organisation",
"expanded": "Organisation",
"description": "Information dealing with organisations, particularly where an information asset has no requirement to address either of these party sub-types directly."
},
{
"value": "individual",
"expanded": "Individual",
"description": "Information dealing with an individual."
}
]
},
{
"predicate": "parties-qualification",
"entry": [
{
"value": "competence",
"expanded": "Competence",
"description": "Detailed information relating to party's competencies, experience based or professional."
},
{
"value": "education",
"expanded": "Education",
"description": "Detailed information relating to party's education history, such as higher education, schools, vocations."
},
{
"value": "industry",
"expanded": "Industry",
"description": "Detailed information relating to party's (mostly of an organisation) specific industry."
},
{
"value": "occupation",
"expanded": "Occupation",
"description": "Detailed information relating to a party's occupation."
}
]
},
{
"predicate": "parties-role",
"entry": [
{
"value": "commerce",
"expanded": "Commerce",
"description": "Detailed information relating to commercial roles."
},
{
"value": "legal",
"expanded": "Legal",
"description": "Detailed information relating to legal roles, such as commissioner, counsel, defendant, investigator, offender, source, suspect, witness."
},
{
"value": "of-interest",
"expanded": "Of Interest",
"description": "Detailed information relating to roles a party plays in any subject of interest."
},
{
"value": "social",
"expanded": "Social",
"description": "Detailed information relating to social roles."
}
]
},
{
"predicate": "parties-party-relationship",
"entry": [
{
"value": "membership",
"expanded": "Membership",
"description": "Detailed information relating to membership to groups, forums, etc."
},
{
"value": "employer",
"expanded": "Employer",
"description": "Detailed information relating to relationship of an employer towards other parties, such as employee, government, industry."
},
{
"value": "provider",
"expanded": "Provider",
"description": "Detailed information relating to relationship as a provider of services towards other parties."
},
{
"value": "delegation",
"expanded": "Delegation",
"description": "Detailed information related to the relationship of delegation, both delegator / delegated."
}
]
},
{
"predicate": "places-address",
"entry": [
{
"value": "electronic-address",
"expanded": "Electronic Address",
"description": "Detailed information around an electronic address."
},
{
"value": "physical-address",
"expanded": "Physical Address",
"description": "Detailed information related to geographic addresses."
}
]
},
{
"predicate": "places-location-type",
"entry": [
{
"value": "geopolitical",
"expanded": "Geopolitical",
"description": "Detailed information related to geopolitical places, such as council, country, electorate, locality, nation, region, and province."
},
{
"value": "geospatial",
"expanded": "Geospatial",
"description": "Detailed information related to geospatial places, such as area, lot, parish, statistical area, suburb, town, village, and zone."
}
]
},
{
"predicate": "places-address-type",
"entry": [
{
"value": "nz-standard-addresss",
"expanded": "NZ Standard Address",
"description": "Detailed information relating to standard New Zealand addresses."
},
{
"value": "po-box",
"expanded": "PO Box",
"description": "Detailed information relating to PO Box, a numbered box in a post office assigned to a person or organization, where letters for them are kept until called for."
},
{
"value": "rural-delivery-address",
"expanded": "Rural Delivery Address",
"description": "Detailed information relating to rural delivery addresses which have no standard NZ format."
},
{
"value": "ovearseas-address",
"expanded": "Overseas Address",
"description": "Detailed information relating to addresses in other countries."
},
{
"value": "location-addresss",
"expanded": "Location Address",
"description": "Detailed information relating to physical location addresses including coordinates."
}
]
},
{
"predicate": "places-purpose-of-location",
"entry": [
{
"value": "residency",
"expanded": "Residency",
"description": "Detailed information relating to home addresses, both current and previous."
},
{
"value": "delivery",
"expanded": "Delivery",
"description": "Detailed information related to delivery addresses."
},
{
"value": "billing",
"expanded": "Billing",
"description": "Detailed information related to billing addresses."
},
{
"value": "place-of-birth",
"expanded": "Place of Birth",
"description": "Detailed information related to the place of birth."
},
{
"value": "consultation",
"expanded": "Consultation",
"description": "Detailed information related to the location of a consultation."
},
{
"value": "referral",
"expanded": "Referral",
"description": "Detailed information related to location of a referral."
},
{
"value": "admission",
"expanded": "Admission",
"description": "Detailed information related to the location of an admission."
},
{
"value": "treatment",
"expanded": "Treatment",
"description": "Detailed information related to the location of a treatment."
},
{
"value": "work-place",
"expanded": "Work Place",
"description": "Detailed information related to the workplace location or address."
},
{
"value": "facility-location",
"expanded": "Facility Location",
"description": "Detailed information related to the location of a facility."
},
{
"value": "storage",
"expanded": "Storage",
"description": "Detailed information related to the location of storage of goods or other items."
},
{
"value": "place-of-event",
"expanded": "Place of Event",
"description": "Detailed information related to the location of an event."
}
]
},
{
"predicate": "items-application-&-ict-services",
"entry": [
{
"value": "corporate-application",
"expanded": "Corporate Application",
"description": "Detailed information related to corporate applications, such as applications for enterprise resource planning, financial and asset management, HR management, business continuity, etc.."
},
{
"value": "common-line-of-business-application",
"expanded": "Common Line of Business Application",
"description": "Detailed information related to common LoB application, such as applications to manage product and services, marketing, customer and partner relationships, customer accounting, etc."
},
{
"value": "end-user-computing",
"expanded": "End User Computing",
"description": "Detailed information related to end user computing, such as applications to manage end user devices, end user tools, mobile applications, productivity suits, etc."
},
{
"value": "data-and-information-management",
"expanded": "Data and Information Management",
"description": "Detailed information related to data and information management ICT services, such as services for interoperability, data governance, quality management, data protection etc."
},
{
"value": "identity-and-accesd-management",
"expanded": "Identity and Access Management",
"description": "Detailed information related to identity and access management ICT services, such as services for identity governance, identity administration, authentication, authorisation, directory, etc."
},
{
"value": "security-service",
"expanded": "Security Service",
"description": "Detailed information related to security ICT services, such as encryption, network security; public key infrastructure, security controls, etc."
},
{
"value": "ict-components-services-and-tools",
"expanded": "ICT Components, Services and Tools",
"description": "Detailed information related to software and ICT services for operational management and maintenance of applications, ICT components and services."
},
{
"value": "interface-and-integration",
"expanded": "Interface and Integration",
"description": "Detailed information related to software and ICT services that support how agencies will interface and integrate both internally and externally."
}
]
},
{
"predicate": "items-ict-infrastructure",
"entry": [
{
"value": "platform",
"expanded": "Platform",
"description": "Detailed information related to platforms, such as hardware, platform operating systems, and virtualisation."
},
{
"value": "network",
"expanded": "Network",
"description": "Detailed information related to networks, such as network types, traffic types, network infrastructure, transmission types, and network protocol layering."
},
{
"value": "facility",
"expanded": "Facility",
"description": "Detailed information related to facilities, such as facility types, operational controls, facility physical security, and facility infrastructure."
},
{
"value": "end-user-equipment",
"expanded": "End User Equipment",
"description": "Detailed information related to end user equipment, such as desktop equipment, mobility equipment, user peripherals, embedded technology devices, and equipment operating systems."
}
]
},
{
"predicate": "items-natural",
"entry": [
{
"value": "air",
"expanded": "Air",
"description": "Detailed information related to air, such as condition, pollution, health."
},
{
"value": "fauna",
"expanded": "Fauna",
"description": "Detailed information related to fauna."
},
{
"value": "flora",
"expanded": "Flora",
"description": "Detailed information related to flora."
},
{
"value": "land",
"expanded": "Land",
"description": "Detailed information related to land or earth, such as percentage of rocks, soil, mud, pollution, usage, etc."
},
{
"value": "minerals",
"expanded": "Minerals",
"description": "Detailed information related to minerals."
},
{
"value": "water",
"expanded": "Water",
"description": "Detailed information related to water, such as ground water, river water, sea water."
},
{
"value": "energy",
"expanded": "Energy",
"description": "Detailed information related to energy."
}
]
},
{
"predicate": "items-financial",
"entry": [
{
"value": "allowance",
"expanded": "Allowance",
"description": "Detailed information related to allowances."
},
{
"value": "award",
"expanded": "Award",
"description": "Detailed information related to awards."
},
{
"value": "benefit",
"expanded": "Benefit",
"description": "Detailed information related to benefits."
},
{
"value": "bonus",
"expanded": "Bonus",
"description": "Detailed information related to bonuses."
},
{
"value": "compensation",
"expanded": "Compensation",
"description": "Detail information related to compensations."
},
{
"value": "concession",
"expanded": "Concession",
"description": "Detailed information related to concessions."
},
{
"value": "grant",
"expanded": "Grant",
"description": "Detailed information related to grants."
},
{
"value": "pension",
"expanded": "Pension",
"description": "Detailed information related to pensions."
},
{
"value": "subsidy",
"expanded": "Subsidy",
"description": "Detailed information related to subsidies."
},
{
"value": "wage",
"expanded": "Wage",
"description": "Detailed information related to wages."
},
{
"value": "bond",
"expanded": "Bond",
"description": "Detailed information related to bonds."
},
{
"value": "duty",
"expanded": "Duty",
"description": "Detailed information related to income from duties."
},
{
"value": "excise",
"expanded": "Excise",
"description": "Detailed information related to income from internal tax or duty on certain commodities, as liquor or tobacco, levied on their manufacture, sale, or consumption within the country."
},
{
"value": "insurance",
"expanded": "Insurance",
"description": "Detailed information related to insurance."
},
{
"value": "loan",
"expanded": "Loan",
"description": "Detailed information related to revenue from loans."
},
{
"value": "tax",
"expanded": "Tax",
"description": "Detailed information related to revenue from taxes."
}
]
},
{
"predicate": "items-goods",
"entry": [
{
"value": "chemical",
"expanded": "Chemical",
"description": "Detailed information relating to chemicals used in industry, science and photography, as well as in agriculture, horticulture and forestry, unprocessed artificial resins, unprocessed plastics, manures, fire extinguishing compositions, tempering and soldering preparations, chemical substances for preserving foodstuffs, tanning substances, adhesives used in industry."
},
{
"value": "paint",
"expanded": "Paint",
"description": "Detailed information relating to paints, varnishes, lacquers, preservatives against rust and against deterioration of wood, colorants, mordant, raw natural resins, metals in foil and powder form for painters, decorators, printers and artists."
},
{
"value": "bleach",
"expanded": "Bleach",
"description": "Detailed information relating to bleaching preparations and other substances for laundry use, cleaning, polishing, scouring and abrasive preparations, soaps, perfumery, essential oils, cosmetics, hair lotions, dentifrices."
},
{
"value": "industrial-oil",
"expanded": "Industrial Oil",
"description": "Detailed information relating to industrial oils and greases, lubricants, dust absorbing, wetting and binding compositions, fuels (including motor spirit) and illuminants, candles and wicks for lighting."
},
{
"value": "pharmaceutical-preparation",
"expanded": "Pharmaceutical Preparation",
"description": "Detailed information relating to pharmaceutical and veterinary preparations, sanitary preparations for medical purposes, dietetic substances adapted for medical use, food for babies, plasters, materials for dressings, material for stopping teeth, dental wax, disinfectants, preparations for destroying vermin, fungicides, herbicides."
},
{
"value": "common-metal",
"expanded": "Common Metal",
"description": "Detailed information relating to common metals and their alloys, metal building materials, transportable buildings of metal, materials of metal for railway tracks, non-electric cables and wires of common metal, ironmongery, small items of metal hardware, pipes and tubes of metal, safes, goods of common metal not included in other classes, ores."
},
{
"value": "machine",
"expanded": "Machine",
"description": "Detailed information relating to machines and machine tools, motors and engines (except for land vehicles), machine coupling and transmission components (except for land vehicles), agricultural implements other than hand-operated, incubators for eggs."
},
{
"value": "hand-tool",
"expanded": "Hand Tool",
"description": "Detailed information relating to hand tools and implements (hand-operated), cutlery, side arms, razors."
},
{
"value": "scientific-apparatus-and-instrument",
"expanded": "Scientific Apparatus and Instrument",
"description": "Detailed information relating to scientific, nautical, surveying, photographic, cinematographic, optical, weighing, measuring, signalling, checking (supervision), life-saving and teaching apparatus and instruments, apparatus and instruments for conducting, switching, transforming, accumulating, regulating or controlling electricity, apparatus for recording, transmission or reproduction of sound or images, magnetic data carriers, recording discs, automatic vending machines and mechanisms for coin-operated apparatus, cash registers, calculating machines, data processing equipment and computers, fire-extinguishing apparatus."
},
{
"value": "medical-apparatus-and-instrument",
"expanded": "Medical Apparatus and Instrument",
"description": "Detailed information relating to surgical, medical, dental and veterinary apparatus and instruments, artificial limbs, eyes and teeth, orthopaedic articles, suture materials."
},
{
"value": "electrical-apparatus",
"expanded": "Electrical Apparatus",
"description": "Detailed information relating to apparatus for lighting, heating, steam generating, cooking, refrigerating, drying, ventilating, water supply and sanitary purposes."
},
{
"value": "vehicle",
"expanded": "Vehicle",
"description": "Detailed information relating to vehicles, apparatus for locomotion by land, air or water."
},
{
"value": "firearm",
"expanded": "Firearm",
"description": "Detailed information relating to firearms, ammunition and projectiles, explosives, fireworks"
},
{
"value": "precious-metal",
"expanded": "Precious Metal",
"description": "Detailed information relating to precious metals and their alloys and goods in precious metals or coated therewith, not included in other classes, jewellery, precious stones, horologic and chronometrical instruments."
},
{
"value": "musical-instrument",
"expanded": "Musical Instrument",
"description": "Detailed information relating to musical instruments."
},
{
"value": "paper",
"expanded": "Paper",
"description": "Detailed information relating to paper, cardboard and goods made from these materials, not included in other classes, printed matter, bookbinding material, photographs, stationery, adhesives for stationery or household purposes, artists' materials, paint brushes, typewriters and office requisites (except furniture), instructional and teaching material (except apparatus), plastic materials for packaging (not included in other classes), printers' type, printing blocks."
},
{
"value": "rubber-good",
"expanded": "Rubber Good",
"description": "Detailed information relating to rubber, gutta-percha, gum, asbestos, mica and goods made from these materials and not included in other classes, plastics in extruded form for use in manufacture, packing, stopping and insulating materials, flexible pipes, not of metal."
},
{
"value": "leather",
"expanded": "Leather",
"description": "Detailed information relating to leather and imitations of leather, and goods made of these materials and not included in other classes, animal skins, hides, trunks and traveling bags, umbrellas, parasols and walking sticks, whips, harness and saddlery."
},
{
"value": "building-material",
"expanded": "Building Material",
"description": "Detailed information relating to Building materials (non-metallic), non-metallic rigid pipes for building, asphalt, pitch and bitumen, non-metallic transportable buildings, monuments, not of metal."
},
{
"value": "furniture",
"expanded": "Furniture",
"description": "Detailed information relating to furniture, mirrors, picture frames, goods (not included in other categories) of wood, cork, reed, cane, wicker, horn, bone, ivory, whalebone, shell, amber, mother-of-pearl, meerschaum and substitutes for all these materials, or of plastics."
},
{
"value": "household-utensil",
"expanded": "Household Utensil",
"description": "Detailed information relating to Household or kitchen utensils and containers (not of precious metal or coated therewith), combs and sponges, brushes (except paint brushes), brush-making materials, articles for cleaning purposes, steel wool, unworked or semi-worked glass (except glass used in building), glassware, porcelain and earthenware not included in other classes."
},
{
"value": "rope",
"expanded": "Rope",
"description": "Detailed information relating to ropes, string, nets, tents, awnings, tarpaulins, sails, sacks and bags (not included in other classes), padding and stuffing materials (except of rubber or plastics), raw fibrous textile materials."
},
{
"value": "yarn",
"expanded": "Yarn",
"description": "Detailed information relating to yarns and threads, for textile use."
},
{
"value": "textile",
"expanded": "Textile",
"description": "Detailed information relating to textiles and textile goods not included in other categories, like bed and table covers."
},
{
"value": "clothing",
"expanded": "Clothing",
"description": "Detailed information relating to clothing, footwear, headgear."
},
{
"value": "lace",
"expanded": "Lace",
"description": "Detailed information relating to lace and embroidery, ribbons and braid, buttons, hooks and eyes, pins and needles, artificial flowers."
},
{
"value": "carpet",
"expanded": "Carpet",
"description": "Detailed information relating to carpets, rugs, mats and matting, linoleum and other materials for covering existing floors wall hangings (non-textile)."
},
{
"value": "toy",
"expanded": "Toy",
"description": "Detailed information relating to games and toys, gymnastic and sporting articles not included in other classes, decorations."
},
{
"value": "food",
"expanded": "Food",
"description": "Detailed information relating to food, such as meat, fish, poultry and game, meat extracts, preserved, dried and cooked fruits and vegetables, jellies, jams, compotes, eggs, milk and milk products, edible oils and fats."
},
{
"value": "liquid-food",
"expanded": "Liquid Food",
"description": "Detailed information relating to coffee, tea, cocoa, sugar, rice, tapioca, sago, artificial coffee, flour and preparations made from cereals, bread, pastry and confectionery, ices, honey, treacle, yeast, baking-powder, salt, mustard, vinegar, sauces (condiments), spices, ice."
},
{
"value": "agricultural-product",
"expanded": "Agricultural Product",
"description": "Detailed information relating to agricultural, horticultural and forestry products and grains not included in other classes, live animals, fresh fruits and vegetables, seeds, natural plants and flowers, foodstuffs for animals, malt."
},
{
"value": "beverages",
"expanded": "Beverages",
"description": "Detailed information relating to beers, mineral and aerated waters and other non-alcoholic drinks, fruit drinks and fruit juices, syrups and other preparations for making beverages."
},
{
"value": "alcoholic-beverage",
"expanded": "Alcoholic Beverage",
"description": "Detailed information relating to Alcoholic beverages (except beers)."
},
{
"value": "tobacco",
"expanded": "Tobacco",
"description": "Detailed information relating to tobacco, smokers' articles, matches."
}
]
},
{
"predicate": "items-regulatory",
"entry": [
{
"value": "certificate",
"expanded": "Certificate",
"description": "Detailed information related to certificates."
},
{
"value": "license",
"expanded": "License",
"description": "Detailed information related to licenses."
},
{
"value": "permit",
"expanded": "Permit",
"description": "Detailed information related to permits."
},
{
"value": "registration",
"expanded": "Registration",
"description": "Detailed information related to registrations."
},
{
"value": "declaration",
"expanded": "Declaration",
"description": "Detailed information related to declarations."
}
]
},
{
"predicate": "items-urban-infrastructure",
"entry": [
{
"value": "water-supply-system",
"expanded": "Water Supply System",
"description": "Detailed information related to a water supply system. A water supply system or water supply network is a system of engineered hydrologic and hydraulic components which provide water supply."
},
{
"value": "electric-power-system",
"expanded": "Electric Power System",
"description": "Detailed information related to an electric power supply system. An electric power system is a network of electrical components used to supply, transmit and use electric power."
},
{
"value": "transport-network",
"expanded": "Transport Network",
"description": "Detailed information related to transport networks."
},
{
"value": "sanitation-system",
"expanded": "Sanitation System",
"description": "Detailed information related to sanitation systems to provide a hygienic means of promoting health through prevention of human contact with the hazards of wastes as well as the treatment and proper disposal of sewage or wastewater."
},
{
"value": "communication-system",
"expanded": "Communication System",
"description": "Detailed information related to a communication system."
}
]
},
{
"predicate": "items-item-usage",
"entry": [
{
"value": "product",
"expanded": "Product",
"description": "Information about tangible outputs of processes which an organisation can offer to other parties."
},
{
"value": "resource",
"expanded": "Resource",
"description": "Resources are not kept or assigned to parties except to accomplish an activity within the organisation, typically during an interaction or the supply of products or delivery of services."
}
]
}
]
}

View File

@ -0,0 +1,660 @@
{
"namespace": "gea-nz-motivators",
"description": "Information relating to authority or governance.",
"refs": [
"https://www.dragon1.com/downloads/government-enterprise-architecture-for-new-zealand-v3.1.pdf"
],
"version": 1,
"predicates": [
{
"value": "plans-budget",
"expanded": "Plans Budget",
"description": "Information relating to budget direction or processes."
},
{
"value": "plans-strategy",
"expanded": "Plans Strategy",
"description": "Detailed information relating to strategic management."
},
{
"value": "plans-effort",
"expanded": "Plans Effort",
"description": "Information relating to the required effort to achieve or fulfil a work related activity."
},
{
"value": "plans-measure",
"expanded": "Plans Measure",
"description": "Information which tracks the effectiveness in relation to activities managed by the organisation (inputs/outputs) or employee performance."
},
{
"value": "plans-risk",
"expanded": "Plans Risk",
"description": "Information about person(s) or thing(s) which relate to risk management within organisation."
},
{
"value": "plans-specification",
"expanded": "Plans Specification",
"description": "Information dealing with properties and constraints."
},
{
"value": "controls-operational",
"expanded": "Controls Operational",
"description": "Information about controls that provide the foundation for administration of an organisation."
},
{
"value": "controls-finance",
"expanded": "Controls Finance",
"description": "Information about the financial structures that provide management and control over the economic resources of the organisation."
},
{
"value": "controls-industry",
"expanded": "Controls Industry",
"description": "Information about industry practice issued by an industry specific regulation or professional body."
},
{
"value": "controls-technological",
"expanded": "Controls Technological",
"description": "Information about technical constraints."
},
{
"value": "controls-law",
"expanded": "Controls Law",
"description": "Information about controls in the form of legislation (statues, regulations, etc.)."
},
{
"value": "controls-personal",
"expanded": "Controls Personal",
"description": "Information about the constraints an individual places on interactions with the government, or agency."
},
{
"value": "controls-security",
"expanded": "Controls Security",
"description": "Information about the constraints security places on interactions within and across the government, agencies and 3th parties."
},
{
"value": "controls-risk-governance",
"expanded": "Controls Risk Governance"
},
{
"value": "contracts-arrangement",
"expanded": "Contracts Arrangement",
"description": "Information relating to contracts, agreements or other arrangements with other agencies, governments, public or private organizations."
},
{
"value": "contracts-rights",
"expanded": "Contracts Rights",
"description": "Information relating to moral or legal entitlement to have or do something."
},
{
"value": "contracts-obligation",
"expanded": "Contracts Obligation",
"description": "Information which is held by an organisation which relates to its obligations."
},
{
"value": "contracts-jurisdiction",
"expanded": "Contracts Jurisdicrion",
"description": "nformation about political and geographical areas in which an organisation operates."
}
],
"values": [
{
"predicate": "plans-budget",
"entry": [
{
"value": "capital",
"expanded": "Capital",
"description": "Detailed information relating to capital budget planning."
},
{
"value": "operating",
"expanded": "Operating",
"description": "Detailed information relating to operational budget planning."
}
]
},
{
"predicate": "plans-strategy",
"entry": [
{
"value": "strategic-directive",
"expanded": "Strategic Directive",
"description": "Detailed information relating to planning of strategic or organisational directives."
},
{
"value": "strategic-goal",
"expanded": "Strategic Goal",
"description": "Detailed information relating to strategic and organisational goals, such as key learning, key results, targets, and others."
},
{
"value": "strategic-objective",
"expanded": "Strategic Objective",
"description": "Detailed information relating to strategic and organisational objectives, such as KPIs."
},
{
"value": "strategic-outcome",
"expanded": "Strategic Outcome",
"description": "Detailed information relating to strategic business outcomes."
},
{
"value": "road-map",
"expanded": "Road Map",
"description": "Detailed information relating to strategic business road maps."
},
{
"value": "challenge",
"expanded": "Challenge",
"description": "Detailed information relating to strategic and organisational challenges."
},
{
"value": "opportunity",
"expanded": "Opportunity",
"description": "Detailed information relating to strategic and organisational opportunities."
}
]
},
{
"predicate": "plans-effort",
"entry": [
{
"value": "activity",
"expanded": "Activity",
"description": "Detailed information relating to planning of activities."
},
{
"value": "campaign",
"expanded": "Campaign",
"description": "Detailed information relating to planned campaigns."
},
{
"value": "care",
"expanded": "Care",
"description": "Detailed information relating to planning of activities for an individual to achieve an outcome (PDP)."
},
{
"value": "programme",
"expanded": "Programme",
"description": "Detailed information relating to programmes plans."
},
{
"value": "project",
"expanded": "Project",
"description": "Detailed information relating to project plans."
},
{
"value": "roster",
"expanded": "Roster",
"description": "Detailed information relating to rosters."
},
{
"value": "schedule",
"expanded": "Schedule",
"description": "Detailed information relating to schedules."
},
{
"value": "task",
"expanded": "Task",
"description": "Detailed information relating to planning of tasks."
}
]
},
{
"predicate": "plans-measure",
"entry": [
{
"value": "input",
"expanded": "Input",
"description": "Detailed information relating to input measurements."
},
{
"value": "output",
"expanded": "Output",
"description": "Detailed information relating to output measurements."
},
{
"value": "performance",
"expanded": "Performance",
"description": "Detailed information regarding the performance of an individual, group, organization, system or component."
},
{
"value": "benefit",
"expanded": "Benefit",
"description": "Detailed information regarding the benefits of individual, group, organization, system or component."
}
]
},
{
"predicate": "plans-risk",
"entry": [
{
"value": "consequence",
"expanded": "Consequence",
"description": "Detailed information relating to consequences of a risk."
},
{
"value": "hazard",
"expanded": "Hazard",
"description": "Detailed information relating to risk hazards."
},
{
"value": "likelihood",
"expanded": "Likelihood",
"description": "Detailed information relating to likelihood of a risk."
},
{
"value": "mitigation",
"expanded": "Mitigation",
"description": "Detailed information relating to risk mitigation."
},
{
"value": "influence",
"expanded": "Influence",
"description": "Detailed information relating to influences that can impact the organisation's operations, strategic goals, outcomes, etc."
},
{
"value": "disruption",
"expanded": "Disruption",
"description": "Detailed information relating to disruptions that can impact the organisation's operations, objectives, goals, outcomes, etc."
}
]
},
{
"predicate": "plans-specification",
"entry": [
{
"value": "functional-requirement",
"expanded": "Functional Requirement",
"description": "Detailed information relating to functional requirements."
},
{
"value": "non-functional-requirement",
"expanded": "Non-Functional Requirement",
"description": "Detailed information relating to non-functional requirements."
},
{
"value": "design",
"expanded": "Design",
"description": "Detailed information relating to solution designs."
}
]
},
{
"predicate": "controls-operational",
"entry": [
{
"value": "convention",
"expanded": "Convention",
"description": "Detailed information relating to conventions, which are general agreements about basic principles or procedures."
},
{
"value": "guideline",
"expanded": "Guideline",
"description": "Detailed information relating to guidelines, which are principles put forward to set standards or determine a course of action. For example guidelines on tax reform."
},
{
"value": "policy",
"expanded": "Policy",
"description": "Detailed information relating to policies. A policy is a plan or course of action intended to influence and determine decisions, actions, and other matters."
},
{
"value": "principle",
"expanded": "Principle",
"description": "Detailed information relating to principles, which are accepted rules or actions on conduct."
},
{
"value": "standard",
"expanded": "Standard",
"description": "Detailed information relating to standards, which are accepted or approved examples of something against which people, processes, items are measured."
},
{
"value": "procedure",
"expanded": "Procedure",
"description": "Detailed information relating to procedures. A procedure is a series of steps taken to accomplish an end."
},
{
"value": "process",
"expanded": "Process",
"description": "Detailed information relating to processes. A process is a series of operations performed in the making or treatment of a product."
},
{
"value": "capability",
"expanded": "Capability",
"description": "Detailed information relating to capabilities; capacity to be used, treated, or developed for a specific purpose."
},
{
"value": "rule",
"expanded": "Rule",
"description": "Detailed information relating to rules."
},
{
"value": "exception",
"expanded": "Exception",
"description": "Detailed information around anything excluded from or not in conformance with a general rules, principles, regulations, etc."
},
{
"value": "scope-of-use",
"expanded": "Scope of Use",
"description": "Detailed information around the scope of use of assets."
}
]
},
{
"predicate": "controls-finance",
"entry": [
{
"value": "financial-asset",
"expanded": "Financial Asset",
"description": "Detailed information relating to the financial control of assets."
},
{
"value": "equity",
"expanded": "Equity",
"description": "Detailed information relating to the financial control of equities, monetary value of a property or business beyond any amounts owed on it in mortgages, claims, liens, etc."
},
{
"value": "expense",
"expanded": "Expense",
"description": "Detailed information relating to the financial control of expenses. An expense is a cost of something, such as time or labour, necessary for the attainment of a goal."
},
{
"value": "fee",
"expanded": "Fee",
"description": "Detailed information relating to the financial control of fees; a fixed sum charged, as by an institution or by law, for a privilege: a license fee; tuition fees. Also a charge for professional services: a surgeon's fee."
},
{
"value": "income",
"expanded": "Income",
"description": "Detailed information relating to the financial control of income."
},
{
"value": "financial-liability",
"expanded": "Financial Liability",
"description": "Detailed information relating to financial obligations entered in the balance sheet of the organisation."
},
{
"value": "acquisition-method",
"expanded": "Acquisition Method",
"description": "Detailed information relating to acquisition methods. An acquisition method defines the method by which assets are acquired."
}
]
},
{
"predicate": "controls-industry",
"entry": [
{
"value": "best-practice",
"expanded": "Best Practice",
"description": "Detailed information relating to endorsed or recommended industry practices."
},
{
"value": "regulation",
"expanded": "Regulation",
"description": "Detailed information relating to endorsed or recommended industry specific regulations, rules of behaviour and procedure."
},
{
"value": "terminology",
"expanded": "Terminology",
"description": "Detailed information of defined sets of concepts and related terms, including definitions and usage guidelines, and the industry-specific business context within which they are to be used."
}
]
},
{
"predicate": "controls-technological",
"entry": [
{
"value": "enforced-rules",
"expanded": "Enforced Rules",
"description": "Detailed information relating to enforced rules around chosen or legacy systems, i.e. Windows policies."
},
{
"value": "constraints",
"expanded": "Constraints",
"description": "Detailed information relating to technical constraints imposed by a chosen or legacy technology."
}
]
},
{
"predicate": "controls-law",
"entry": [
{
"value": "common-law",
"expanded": "Common Law",
"description": "Detailed information relating to common laws A common law is established by court decisions rather than by statutes enacted by legislatures."
},
{
"value": "legislative-instrument",
"expanded": "Legislative Instrument",
"description": "Detailed information relating to legislation, which are laws enacted by a legislative body."
},
{
"value": "act",
"expanded": "Act",
"description": "Detailed information relating to Acts."
},
{
"value": "cabinet-minute",
"expanded": "Cabinet Minute",
"description": "Detailed information relating to Cabinet minutes."
}
]
},
{
"predicate": "controls-personal",
"entry": [
{
"value": "personal-directive",
"expanded": "Personal Directive",
"description": "Detailed information relating to directives of an individual, such as release of personal information, advance care directive."
}
]
},
{
"predicate": "contracts-arrangement",
"entry": [
{
"value": "memorandum-of-understanding",
"expanded": "Memorandum of Understanding",
"description": "Detailed information relating to terms of agreement, not the legal instrument."
},
{
"value": "offer",
"expanded": "Offer",
"description": "Detailed information relating to offers, such as proposals, quotes, and others."
},
{
"value": "order",
"expanded": "Order",
"description": "Detailed information relating to orders, official request to be made, supplied, or served."
},
{
"value": "agreement",
"expanded": "Agreement",
"description": "Detailed information relating to Service level Agreements (SLA), Master Service Agreements (MSA), Statement of Work (SoW), Purchase Agreement (PA), etc."
},
{
"value": "request",
"expanded": "Request",
"description": "Detailed information relating to requests, such as request for information, request for assistance, etc."
},
{
"value": "confidentiality",
"expanded": "Confidentiality",
"description": "Detailed information relating to confidentiality, such as commercial-in-confidence (CIC), non-disclosure, privacy, and other"
},
{
"value": "employment",
"expanded": "Employment",
"description": "Detailed information relating to employment contracts."
},
{
"value": "service",
"expanded": "Service",
"description": "Detailed information relating to service contracts."
},
{
"value": "supply",
"expanded": "Supply",
"description": "Detailed information relating to supply contracts."
}
]
},
{
"predicate": "contracts-rights",
"entry": [
{
"value": "eligibility",
"expanded": "Eligibility",
"description": "Detailed information related to eligibilities (fit or proper to be chosen; worthy of choice; desirable)."
},
{
"value": "credits",
"expanded": "Credits",
"description": "Detailed information relating to credit rights like account receivable, e. i. a legally enforceable claim for payment held by a business against its customer/clients for goods supplied and/or services rendered in execution of the customer's order."
},
{
"value": "access-right",
"expanded": "Access Right",
"description": "Detailed information related to access rights to facilities, services, processes, information, etc."
},
{
"value": "authorisation",
"expanded": "Authorisation",
"description": "Detailed information related to authorisation, e. i. right to give orders or make decisions."
},
{
"value": "human-right",
"expanded": "Human Right",
"description": "Detailed information related to human rights."
},
{
"value": "employment-right",
"expanded": "Employment Right",
"description": "Detailed information related to employment rights. New Zealand has a comprehensive set of employment laws that help keep workplaces fair."
},
{
"value": "property-right",
"expanded": "Property Right",
"description": "Detailed information related to property rights."
},
{
"value": "consumer-right",
"expanded": "Consumer Right",
"description": "Detailed information related to consumer rights."
}
]
},
{
"predicate": "contracts-obligation",
"entry": [
{
"value": "duty-of-care",
"expanded": "Duty of Care",
"description": "Detailed information relating to the obligations of duty of care."
},
{
"value": "fitness-for-purpose",
"expanded": "Fitness for Purpose",
"description": "Detailed information relating to something that is good enough to do the job it was designed to do."
},
{
"value": "warranty",
"expanded": "Warranty",
"description": "Detailed information relating to warranties."
},
{
"value": "privacy",
"expanded": "Privacy",
"description": "Detailed information relating to privacy obligations."
},
{
"value": "truthfulness",
"expanded": "Truthfulness",
"description": "Detailed information relating to the obligation to be truthful."
},
{
"value": "enforce-the-law",
"expanded": "Enforce the Law",
"description": "Detailed information relating to the obligation to enforce laws and regulations."
},
{
"value": "obey-the-law",
"expanded": "Obey the Law",
"description": "Detailed information relating to the obligation to obey laws and regulations."
},
{
"value": "account-payable",
"expanded": "Account Payable",
"description": "Detailed information related to account payables or billable, i.e. money which an agency owes to vendors for products and services purchased on credit."
},
{
"value": "enforce-rules",
"expanded": "Enforce Rules",
"description": "Detailed information relating to the obligation to enforce rules, like organisational rules, educational rules, industrial rules, etc."
},
{
"value": "obey-rules",
"expanded": "Obey Rules",
"description": "Detailed information relating to the obligation to obey rules, like organisational rules, educational rules, industrial rules, etc."
}
]
},
{
"predicate": "contracts-jurisdiction",
"entry": [
{
"value": "national",
"expanded": "National",
"description": "Detailed information relating to national jurisdictions."
},
{
"value": "international",
"expanded": "International",
"description": "Detailed information relating to international jurisdictions."
},
{
"value": "local",
"expanded": "Local",
"description": "Detailed information relating to local jurisdictions."
},
{
"value": "political",
"expanded": "Political",
"description": "Detailed information relating to political jurisdictions."
},
{
"value": "regional",
"expanded": "Regional",
"description": "Detailed information relating to regional jurisdictions."
}
]
},
{
"predicate": "controls-risk-governance",
"entry": [
{
"value": "residual",
"expanded": "Residual"
},
{
"value": "acceptance",
"expanded": "Acceptance"
},
{
"value": "analysis",
"expanded": "Analysis"
},
{
"value": "assessement",
"expanded": "Assessement"
},
{
"value": "management",
"expanded": "Management"
},
{
"value": "treatment",
"expanded": "Treatment"
}
]
}
]
}

567
ics/machinetag.json Normal file
View File

@ -0,0 +1,567 @@
{
"predicates": [
{
"value": "ot-security-issues",
"expanded": "OT IR Security Issues"
},
{
"expanded": "OT Network/Data Transmission Protocols in Automobile / Vehicle / Aviation",
"value": "ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation"
},
{
"expanded": "OT Network/Data Transmission Protocols in Automatic Meter Reading",
"value": "ot-network-data-transmission-protocols-automatic-meter-reading"
},
{
"expanded": "OT Network/Data Transmission Protocols in Industrial Control System",
"value": "ot-network-data-transmission-protocols-industrial-control-system"
},
{
"expanded": "OT Network/Data Transmission Protocols in Building Automation",
"value": "ot-network-data-transmission-protocols-building-automation"
},
{
"expanded": "OT Network/Data Transmission Protocols in Power System Automation",
"value": "ot-network-data-transmission-protocols-power-system-automation"
},
{
"expanded": "OT Network/Data Transmission Protocols in Process Automation",
"value": "ot-network-data-transmission-protocols-process-automation"
},
{
"expanded": "OT IR Communication Interface",
"value": "ot-communication-interface"
},
{
"expanded": "OT Operating Systems",
"value": "ot-operating-systems"
},
{
"expanded": "OT Components Category",
"value": "ot-components-category"
}
],
"values": [
{
"predicate": "ot-security-issues",
"entry": [
{
"value": "Message Authentication",
"expanded": "Message Authentication",
"description": "Auth in used protocols is attacked and falsification command can be sent"
},
{
"value": "Message Integrity Checking",
"expanded": "Message Integrity Checking",
"description": "Message poart of the sent protocol is maliciously tampered"
},
{
"value": "Message Encryption",
"expanded": "Message Encryption",
"description": "Self explanatory, i.e. Weak encryption is attacked"
},
{
"value": "Command Injection",
"expanded": "Command Injection",
"description": "Either Remote Command Injection or Local. On local can be timer triggered under tampered firmware"
},
{
"value": "Replay Attack",
"expanded": "Replay Attack",
"description": "Self explanatory"
},
{
"value": "Man in the middle (MITM) Attack",
"expanded": "Man in the middle (MITM) Attack",
"description": "Self explanatory"
},
{
"value": "Undocumented instructions",
"expanded": "Undocumented instructions",
"description": "Vendor's left several instruction used for development or trouble shooting that is finally leaked and used to performed malicious activities on the devices."
},
{
"value": "Vendor proprietary protocols",
"expanded": "Vendor proprietary protocols",
"description": "Internal vendor protocols used for development or trouble shooting, that is being maliciously for an attack."
}
]
},
{
"predicate": "ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation",
"entry": [
{
"value": "ARINC 429",
"expanded": "ARINC 429"
},
{
"value": "CAN bus (ARINC 825 SAE J1939 NMEA 2000 FMS)",
"expanded": "CAN bus (ARINC 825 SAE J1939 NMEA 2000 FMS)"
},
{
"value": "Factory Instrumentation Protocol",
"expanded": "Factory Instrumentation Protocol"
},
{
"value": "FlexRay",
"expanded": "FlexRay"
},
{
"value": "IEBus",
"expanded": "IEBus"
},
{
"value": "J1587",
"expanded": "J1587"
},
{
"value": "J1708",
"expanded": "J1708"
},
{
"value": "Keyword Protocol 2000",
"expanded": "Keyword Protocol 2000"
},
{
"value": "Unified Diagnostic Services",
"expanded": "Unified Diagnostic Services"
},
{
"value": "LIN",
"expanded": "LIN"
},
{
"value": "MOST",
"expanded": "MOST"
},
{
"value": "VAN",
"expanded": "VAN"
}
]
},
{
"predicate": "ot-network-data-transmission-protocols-automatic-meter-reading",
"entry": [
{
"value": "ANSI C12.18",
"expanded": "ANSI C12.18"
},
{
"value": "IEC 61107",
"expanded": "IEC 61107"
},
{
"value": "DLMS/IEC 62056",
"expanded": "DLMS/IEC 62056"
},
{
"value": "M-Bus",
"expanded": "M-Bus"
},
{
"value": "Modbus",
"expanded": "Modbus"
},
{
"value": "ZigBee",
"expanded": "ZigBee"
}
]
},
{
"predicate": "ot-network-data-transmission-protocols-industrial-control-system",
"entry": [
{
"value": "MTConnect",
"expanded": "MTConnect"
},
{
"value": "OPC",
"expanded": "OPC"
},
{
"value": "DA",
"expanded": "DA"
},
{
"value": "HDA",
"expanded": "HDA"
},
{
"value": "UA",
"expanded": "UA"
}
]
},
{
"predicate": "ot-network-data-transmission-protocols-building-automation",
"entry": [
{
"value": "1-Wire",
"expanded": "1-Wire"
},
{
"value": "BACnet",
"expanded": "BACnet"
},
{
"value": "C-Bus",
"expanded": "C-Bus"
},
{
"value": "CEBus",
"expanded": "CEBus"
},
{
"value": "DALI",
"expanded": "DALI"
},
{
"value": "DSI",
"expanded": "DSI"
},
{
"value": "DyNet",
"expanded": "DyNet"
},
{
"value": "Factory Instrumentation Protocol",
"expanded": "Factory Instrumentation Protocol"
},
{
"value": "KNX",
"expanded": "KNX"
},
{
"value": "LonTalk",
"expanded": "LonTalk"
},
{
"value": "Modbus",
"expanded": "Modbus"
},
{
"value": "oBIX",
"expanded": "oBIX"
},
{
"value": "VSCP",
"expanded": "VSCP"
},
{
"value": "X10",
"expanded": "X10"
},
{
"value": "xAP",
"expanded": "xAP"
},
{
"value": "xPL",
"expanded": "xPL"
},
{
"value": "ZigBee",
"expanded": "ZigBee"
}
]
},
{
"predicate": "ot-network-data-transmission-protocols-power-system-automation",
"entry": [
{
"value": "IEC 60870",
"expanded": "IEC 60870"
},
{
"value": "DNP3",
"expanded": "DNP3"
},
{
"value": "Factory Instrumentation Protocol",
"expanded": "Factory Instrumentation Protocol"
},
{
"value": "IEC 61850",
"expanded": "IEC 61850"
},
{
"value": "IEC 62351",
"expanded": "IEC 62351"
},
{
"value": "Modbus",
"expanded": "Modbus"
},
{
"value": "Profibus",
"expanded": "Profibus"
}
]
},
{
"predicate": "ot-network-data-transmission-protocols-process-automation",
"entry": [
{
"value": "AS-i",
"expanded": "AS-i"
},
{
"value": "BSAP",
"expanded": "BSAP"
},
{
"value": "CC-Link Industrial Networks",
"expanded": "CC-Link Industrial Networks"
},
{
"value": "CIP",
"expanded": "CIP"
},
{
"value": "CAN bus",
"expanded": "CAN bus"
},
{
"value": "ControlNet",
"expanded": "ControlNet"
},
{
"value": "DF-1",
"expanded": "DF-1"
},
{
"value": "DirectNET",
"expanded": "DirectNET"
},
{
"value": "EtherCAT",
"expanded": "EtherCAT"
},
{
"value": "Ethernet Global Data (EGD)",
"expanded": "Ethernet Global Data (EGD)"
},
{
"value": "Ethernet Powerlink",
"expanded": "Ethernet Powerlink"
},
{
"value": "EtherNet/IP",
"expanded": "EtherNet/IP"
},
{
"value": "Experimental Physics and Industrial Control System (EPICS) StreamDevice protocol (i.e RF:FREQ 499.655 MHZ)",
"expanded": "Experimental Physics and Industrial Control System (EPICS) StreamDevice protocol (i.e RF:FREQ 499.655 MHZ)"
},
{
"value": "Factory Instrumentation Protocol",
"expanded": "Factory Instrumentation Protocol"
},
{
"value": "FINS",
"expanded": "FINS"
},
{
"value": "FOUNDATION fieldbus (H1 HSE)",
"expanded": "FOUNDATION fieldbus (H1 HSE)"
},
{
"value": "GE SRTP",
"expanded": "GE SRTP"
},
{
"value": "HART Protocol",
"expanded": "HART Protocol"
},
{
"value": "Honeywell SDS",
"expanded": "Honeywell SDS"
},
{
"value": "HostLink",
"expanded": "HostLink"
},
{
"value": "INTERBUS",
"expanded": "INTERBUS"
},
{
"value": "IO-Link",
"expanded": "IO-Link"
},
{
"value": "MECHATROLINK",
"expanded": "MECHATROLINK"
},
{
"value": "MelsecNet",
"expanded": "MelsecNet"
},
{
"value": "Modbus",
"expanded": "Modbus"
},
{
"value": "Optomu",
"expanded": "Optomu"
},
{
"value": "PieP",
"expanded": "PieP"
},
{
"value": "Profibus",
"expanded": "Profibus"
},
{
"value": "PROFINET IO",
"expanded": "PROFINET IO"
},
{
"value": "RAPIEnet",
"expanded": "RAPIEnet"
},
{
"value": "SERCOS interface",
"expanded": "SERCOS interface"
},
{
"value": "SERCOS III",
"expanded": "SERCOS III"
},
{
"value": "Sinec H1",
"expanded": "Sinec H1"
},
{
"value": "SynqNet",
"expanded": "SynqNet"
},
{
"value": "TTEthernet",
"expanded": "TTEthernet"
},
{
"value": "TCP/IP",
"expanded": "TCP/IP"
}
]
},
{
"predicate": "ot-communication-interface",
"entry": [
{
"value": "rs-232",
"expanded": "RS-232 (comm port)",
"description": "Serial communication with an implementation comprises 2 data lines, 6 control lines and one ground."
},
{
"value": "rs-422, rs-423 or rs-485",
"expanded": "RS-422, RS-423 or RS-485",
"description": "RS-422 is compatible to RS-232, used in situations where long distances are required, it can drive up to 1200m at 100kbit/s, and up to 1Mbit/s over short distances. RS-422 uses a differential driver, uses a four-conductor cable, and up to ten receivers can be on a multi-dropped network or bus. RS-485 is like RS-422 but RS-422 allows just one driver with multiple receivers whereas RS-485 supports multiple drivers and receivers RS-485 also allows up to thirty two (32) multi-dropped receivers or transmitters on a multi-dropped network or bus. At 90 kbit/s, the maximum cable length is 1250 m, and at 10 Mbit/s it is 15 m. The devices are half-duplex (i.e. send or receive, but not both at the same time). For more nodes or long distances, you can use repeaters that regenerate the signals and begin a new RS-485 line. "
},
{
"value": "ieee-488-gpib",
"expanded": "IEEE-488 (GPIB)",
"description": "Known as Hewlett-Packard HP-IB but was renamed as GPIB (General Purpose Interface Bus) by the IEEE-488 (1975). IEEE-488 interface comprises 8 data lines, 8 control lines and 8 ground lines. Up to 15 devices can be interconnected on one bus. Each device is assigned a unique primary address, ranging from 4-30, by setting the address switches on the device. Devices are linked in either a daisy-chain or star (or some combination) configuration with up to 20 m of shielded 24-conductor cable. A maximum separation of 4 m is specified between any two devices, and an average of 2m over the entire bus. The data transfer rate can be up to 1 Mbyte/s. Three types of devices can be connected to an IEEE-488 bus (Listeners, Talkers, and Controllers)"
},
{
"value": "ieee-1394-firewire",
"expanded": "IEEE-1394 (FireWire)",
"description": "The IEEE-1394 defines a serial serial interface that can use the bus cable to power devices. Firewire transmits data in packets and incurs some overhead as a result. Firewire frames are 125 msec long which means that despite a 'headline' transfer speed of 400 Mbit/s Firewire can be substantially slower in responding to instruments' service requests. Firewire uses a peer-peer protocol, similar to IEEE-488. Using standard cable, the maximum length bus comprises 16 hops of 4.5m each. Each hop connects two devices, but each physical device can contain four logical nodes. A Firewire cable contains two twisted-pairs (signals and clock) and two untwisted conductors (power and ground)."
},
{
"value": "usb-universal-serial-bus",
"expanded": "USB (Universal Serial Bus)",
"description": "USB is the bus topology, and host-target protocol, mean that giving existing PC-based instruments a USB port not as trivial as it could be, but instruments with USB ports are coming onto the ICS market increasing numbers. USB 1.1 has many features as serial data transmission, device powering, data sent in 1 ms packets. USB offers 1.5- and 12-Mbit/s speeds. Individual devices can use the bus for a maximum of 50% of the time. In practice, the maximum rate is not more than 0.6 Mbyte/s. USB 2.0 specification was released in 2000. In addition to increasing the signaling rate from 12 MHz to 480 MHz, the specification describes a more advanced feature set and uses bandwidth more efficiently than 'Classic' USB. Version 2 of USB seems likely to prevent IEEE 1394 becoming widely adopted in instrument systems."
},
{
"value": "ethernet",
"expanded": "Ethernet",
"description": "Instruments with ethernet interfaces have the great advantage that they can be accessed and controlled from a desktop anywhere in the world. A web-enabled ICS device behaves can be operated with standard browser. Systems with comm based on these interface can make use of existing Ethernet networks and connecting an instrument directly into the internet makes sharing of data easy. Fast data transfer is possible. However, when connected to the public internet it is difficult to secure or maintain its security and a full evaluation of the risks involved for this interface usage is very essential."
},
{
"value": "others",
"expanded": "Others",
"description": "Other communication interface not listed."
}
]
},
{
"predicate": "ot-operating-systems",
"entry": [
{
"value": "rtos",
"expanded": "RTOS",
"description": "Please see the URL reference, there are a lot of it to be listed in here. These OS are also referred as Firmware. https://en.wikipedia.org/wiki/Comparison_of_real-time_operating_systems"
},
{
"value": "linux-embedded-base-os",
"expanded": "Linux Embedded Base OS",
"description": "Yocto\\nBuildroot\\nOpenWRT\\nB & R Linux\\n Scientific Linux\\nRaspbian\\nAndroid"
},
{
"value": "bsd",
"expanded": "BSD",
"description": "NetBSD (NetBSD Embedded Systems)\\nFreeBSD (Modified. i.e.: Orbis OS)"
},
{
"value": "microsoft",
"expanded": "Microsoft",
"description": "Windows 10 IoT Enterprise\\n Windows Embedded 8.1 Industry Professional\\n Windows 7 Professional/Ultimate\\n Windows Embedded Standard 7\\n Windows Embedded Standard 2009\\n Windows CE 6.0\\n"
}
]
},
{
"predicate": "ot-components-category",
"entry": [
{
"value": "programmable-logic-controller",
"expanded": "Programmable Logic Controller (PLC)",
"description": "1. Computing device with user-programmable memory to storing instructions to operate a physical process.\\n\\n 2.Various PLC types for different processses"
},
{
"value": "remote-terminal-unit",
"expanded": "Remote Terminal Unit (RTU)",
"description": "1. Data aquisitionand control unit designedto support field sites and remote stations.\\n\\n2. Wired and wireless communication capabilities.\\n\\n3. No stored program logic."
},
{
"value": "human-machine-interface",
"expanded": "Human-Machine Interface (HMI)",
"description": "1. Hardware/software that operators used to interact with control system.\\n\\n2. From physical control panels to a complete computer systems"
},
{
"value": "sensors",
"expanded": "Sensors",
"description": "Pressure, Temperature, Flow, Voltage, Optical, Proximity"
},
{
"value": "actuators",
"expanded": "Actuators",
"description": "Variable Frequency Drive, Servo Drive, Valve, Circuit Breaker"
},
{
"value": "communications",
"expanded": "Communications",
"description": "Modems, Routers, Serial - Ethernet Converters, Swtiches"
},
{
"value": "supervisory-level-devices",
"expanded": "Supervisory Level Devices",
"description": "1. Control Server (Supervisory systems that hosts control software to manage lower level control devices like PLC).\\n\\n2. Data Historian (Centralized database for information about process, control activity and status record).\\n\\n3. Engineering workstations (Creating and revising control systems anbd programs, incl. project files)."
}
]
}
],
"refs": [
"https://www.first.org/global/sigs/cti/",
"https://www.isa.org/isa99/",
"https://www.isa.org/intech/201810standards/"
],
"version": 1,
"description": "FIRST.ORG CTI SIG - MISP Proposal for ICS/OT Threat Attribution (IOC) Project",
"expanded": "Industrial Control System (ICS)",
"namespace": "ics"
}

View File

@ -1,15 +1,17 @@
{
"namespace": "ifx-vetting",
"description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process",
"version": 2,
"version": 3,
"predicates": [
{
"value": "vetted",
"expanded": "state of the vetted intelligence"
"expanded": "state of the vetted intelligence",
"exclusive": true
},
{
"value": "score",
"expanded": "A numerical score added by a scoring algorithm of choice. The score can either be considered by an analyst or in combination with other tags be used for automatic processing of the data."
"expanded": "A numerical score added by a scoring algorithm of choice. The score can either be considered by an analyst or in combination with other tags be used for automatic processing of the data.",
"exclusive": true
}
],
"values": [
@ -59,407 +61,508 @@
"entry": [
{
"value": "0",
"expanded": "0"
"expanded": "0",
"numerical_value": 0
},
{
"value": "1",
"expanded": "1"
"expanded": "1",
"numerical_value": 1
},
{
"value": "2",
"expanded": "2"
"expanded": "2",
"numerical_value": 2
},
{
"value": "3",
"expanded": "3"
"expanded": "3",
"numerical_value": 3
},
{
"value": "4",
"expanded": "4"
"expanded": "4",
"numerical_value": 4
},
{
"value": "5",
"expanded": "5"
"expanded": "5",
"numerical_value": 5
},
{
"value": "6",
"expanded": "6"
"expanded": "6",
"numerical_value": 6
},
{
"value": "7",
"expanded": "7"
"expanded": "7",
"numerical_value": 7
},
{
"value": "8",
"expanded": "8"
"expanded": "8",
"numerical_value": 8
},
{
"value": "9",
"expanded": "9"
"expanded": "9",
"numerical_value": 9
},
{
"value": "10",
"expanded": "10"
"expanded": "10",
"numerical_value": 10
},
{
"value": "11",
"expanded": "11"
"expanded": "11",
"numerical_value": 11
},
{
"value": "12",
"expanded": "12"
"expanded": "12",
"numerical_value": 12
},
{
"value": "13",
"expanded": "13"
"expanded": "13",
"numerical_value": 13
},
{
"value": "14",
"expanded": "14"
"expanded": "14",
"numerical_value": 14
},
{
"value": "15",
"expanded": "15"
"expanded": "15",
"numerical_value": 15
},
{
"value": "16",
"expanded": "16"
"expanded": "16",
"numerical_value": 16
},
{
"value": "17",
"expanded": "17"
"expanded": "17",
"numerical_value": 17
},
{
"value": "18",
"expanded": "18"
"expanded": "18",
"numerical_value": 18
},
{
"value": "19",
"expanded": "19"
"expanded": "19",
"numerical_value": 19
},
{
"value": "20",
"expanded": "20"
"expanded": "20",
"numerical_value": 20
},
{
"value": "21",
"expanded": "21"
"expanded": "21",
"numerical_value": 21
},
{
"value": "22",
"expanded": "22"
"expanded": "22",
"numerical_value": 22
},
{
"value": "23",
"expanded": "23"
"expanded": "23",
"numerical_value": 23
},
{
"value": "24",
"expanded": "24"
"expanded": "24",
"numerical_value": 24
},
{
"value": "25",
"expanded": "25"
"expanded": "25",
"numerical_value": 25
},
{
"value": "26",
"expanded": "26"
"expanded": "26",
"numerical_value": 26
},
{
"value": "27",
"expanded": "27"
"expanded": "27",
"numerical_value": 27
},
{
"value": "28",
"expanded": "28"
"expanded": "28",
"numerical_value": 28
},
{
"value": "29",
"expanded": "29"
"expanded": "29",
"numerical_value": 29
},
{
"value": "30",
"expanded": "30"
"expanded": "30",
"numerical_value": 30
},
{
"value": "31",
"expanded": "31"
"expanded": "31",
"numerical_value": 31
},
{
"value": "32",
"expanded": "32"
"expanded": "32",
"numerical_value": 32
},
{
"value": "33",
"expanded": "33"
"expanded": "33",
"numerical_value": 33
},
{
"value": "34",
"expanded": "34"
"expanded": "34",
"numerical_value": 34
},
{
"value": "35",
"expanded": "35"
"expanded": "35",
"numerical_value": 35
},
{
"value": "36",
"expanded": "36"
"expanded": "36",
"numerical_value": 36
},
{
"value": "37",
"expanded": "37"
"expanded": "37",
"numerical_value": 37
},
{
"value": "38",
"expanded": "38"
"expanded": "38",
"numerical_value": 38
},
{
"value": "39",
"expanded": "39"
"expanded": "39",
"numerical_value": 39
},
{
"value": "40",
"expanded": "40"
"expanded": "40",
"numerical_value": 40
},
{
"value": "41",
"expanded": "41"
"expanded": "41",
"numerical_value": 41
},
{
"value": "42",
"expanded": "42"
"expanded": "42",
"numerical_value": 42
},
{
"value": "43",
"expanded": "43"
"expanded": "43",
"numerical_value": 43
},
{
"value": "44",
"expanded": "44"
"expanded": "44",
"numerical_value": 44
},
{
"value": "45",
"expanded": "45"
"expanded": "45",
"numerical_value": 45
},
{
"value": "46",
"expanded": "46"
"expanded": "46",
"numerical_value": 46
},
{
"value": "47",
"expanded": "47"
"expanded": "47",
"numerical_value": 47
},
{
"value": "48",
"expanded": "48"
"expanded": "48",
"numerical_value": 48
},
{
"value": "49",
"expanded": "49"
"expanded": "49",
"numerical_value": 49
},
{
"value": "50",
"expanded": "50"
"expanded": "50",
"numerical_value": 50
},
{
"value": "51",
"expanded": "51"
"expanded": "51",
"numerical_value": 51
},
{
"value": "52",
"expanded": "52"
"expanded": "52",
"numerical_value": 52
},
{
"value": "53",
"expanded": "53"
"expanded": "53",
"numerical_value": 53
},
{
"value": "54",
"expanded": "54"
"expanded": "54",
"numerical_value": 54
},
{
"value": "55",
"expanded": "55"
"expanded": "55",
"numerical_value": 55
},
{
"value": "56",
"expanded": "56"
"expanded": "56",
"numerical_value": 56
},
{
"value": "57",
"expanded": "57"
"expanded": "57",
"numerical_value": 57
},
{
"value": "58",
"expanded": "58"
"expanded": "58",
"numerical_value": 58
},
{
"value": "59",
"expanded": "59"
"expanded": "59",
"numerical_value": 59
},
{
"value": "60",
"expanded": "60"
"expanded": "60",
"numerical_value": 60
},
{
"value": "61",
"expanded": "61"
"expanded": "61",
"numerical_value": 61
},
{
"value": "62",
"expanded": "62"
"expanded": "62",
"numerical_value": 62
},
{
"value": "63",
"expanded": "63"
"expanded": "63",
"numerical_value": 63
},
{
"value": "64",
"expanded": "64"
"expanded": "64",
"numerical_value": 64
},
{
"value": "65",
"expanded": "65"
"expanded": "65",
"numerical_value": 65
},
{
"value": "66",
"expanded": "66"
"expanded": "66",
"numerical_value": 66
},
{
"value": "67",
"expanded": "67"
"expanded": "67",
"numerical_value": 67
},
{
"value": "68",
"expanded": "68"
"expanded": "68",
"numerical_value": 68
},
{
"value": "69",
"expanded": "69"
"expanded": "69",
"numerical_value": 69
},
{
"value": "70",
"expanded": "70"
"expanded": "70",
"numerical_value": 70
},
{
"value": "71",
"expanded": "71"
"expanded": "71",
"numerical_value": 71
},
{
"value": "72",
"expanded": "72"
"expanded": "72",
"numerical_value": 72
},
{
"value": "73",
"expanded": "73"
"expanded": "73",
"numerical_value": 73
},
{
"value": "74",
"expanded": "74"
"expanded": "74",
"numerical_value": 74
},
{
"value": "75",
"expanded": "75"
"expanded": "75",
"numerical_value": 75
},
{
"value": "76",
"expanded": "76"
"expanded": "76",
"numerical_value": 76
},
{
"value": "77",
"expanded": "77"
"expanded": "77",
"numerical_value": 77
},
{
"value": "78",
"expanded": "78"
"expanded": "78",
"numerical_value": 78
},
{
"value": "79",
"expanded": "79"
"expanded": "79",
"numerical_value": 79
},
{
"value": "80",
"expanded": "80"
"expanded": "80",
"numerical_value": 80
},
{
"value": "81",
"expanded": "81"
"expanded": "81",
"numerical_value": 81
},
{
"value": "82",
"expanded": "82"
"expanded": "82",
"numerical_value": 82
},
{
"value": "83",
"expanded": "83"
"expanded": "83",
"numerical_value": 83
},
{
"value": "84",
"expanded": "84"
"expanded": "84",
"numerical_value": 84
},
{
"value": "85",
"expanded": "85"
"expanded": "85",
"numerical_value": 85
},
{
"value": "86",
"expanded": "86"
"expanded": "86",
"numerical_value": 86
},
{
"value": "87",
"expanded": "87"
"expanded": "87",
"numerical_value": 87
},
{
"value": "88",
"expanded": "88"
"expanded": "88",
"numerical_value": 88
},
{
"value": "89",
"expanded": "89"
"expanded": "89",
"numerical_value": 89
},
{
"value": "90",
"expanded": "90"
"expanded": "90",
"numerical_value": 90
},
{
"value": "91",
"expanded": "91"
"expanded": "91",
"numerical_value": 91
},
{
"value": "92",
"expanded": "92"
"expanded": "92",
"numerical_value": 92
},
{
"value": "93",
"expanded": "93"
"expanded": "93",
"numerical_value": 93
},
{
"value": "94",
"expanded": "94"
"expanded": "94",
"numerical_value": 94
},
{
"value": "95",
"expanded": "95"
"expanded": "95",
"numerical_value": 95
},
{
"value": "96",
"expanded": "96"
"expanded": "96",
"numerical_value": 96
},
{
"value": "97",
"expanded": "97"
"expanded": "97",
"numerical_value": 97
},
{
"value": "98",
"expanded": "98"
"expanded": "98",
"numerical_value": 98
},
{
"value": "99",
"expanded": "99"
"expanded": "99",
"numerical_value": 99
},
{
"value": "100",
"expanded": "100"
"expanded": "100",
"numerical_value": 100
}
]
}

View File

@ -1,7 +1,7 @@
{
"namespace": "incident-disposition",
"description": "How an incident is classified in its process to be resolved. The taxonomy is inspired from NASA Incident Response and Management Handbook. https://www.nasa.gov/pdf/589502main_ITS-HBK-2810.09-02%20%5bNASA%20Information%20Security%20Incident%20Management%5d.pdf#page=9",
"version": 1,
"version": 2,
"predicates": [
{
"value": "incident",

View File

@ -10,7 +10,8 @@
},
{
"value": "confirmed",
"expanded": "Confirmed information leak or not"
"expanded": "Confirmed information leak or not",
"exclusive": true
},
{
"expanded": "Source of the information leak",
@ -22,18 +23,16 @@
},
{
"expanded": "Output format",
"value": "output-format"
"value": "output-format",
"exclusive": true
},
{
"value": "certainty",
"expanded": "Certainty of the information to be a leak"
},
{
"value": "test",
"expanded": "Test"
"expanded": "Certainty of the information to be a leak",
"exclusive": true
}
],
"version": 4,
"version": 7,
"description": "A taxonomy describing information leaks and especially information classified as being potentially leaked. The taxonomy is based on the work by CIRCL on the AIL framework. The taxonomy aim is to be used at large to improve classification of leaked information.",
"namespace": "infoleak",
"values": [
@ -52,6 +51,10 @@
"value": "iban",
"expanded": "IBAN"
},
{
"value": "ip",
"expanded": "IP address"
},
{
"value": "mail",
"expanded": "Mail"
@ -124,6 +127,10 @@
"value": "ec-private-key",
"expanded": "EC private key"
},
{
"value": "public-key",
"expanded": "Public key"
},
{
"value": "base64",
"expanded": "Base64"
@ -173,6 +180,10 @@
"value": "iban",
"expanded": "IBAN"
},
{
"value": "ip",
"expanded": "IP address"
},
{
"value": "mail",
"expanded": "Mail"
@ -245,6 +256,10 @@
"value": "ec-private-key",
"expanded": "EC private key"
},
{
"value": "public-key",
"expanded": "Public key"
},
{
"value": "base64",
"expanded": "Base64"

131
iot/machinetag.json Normal file
View File

@ -0,0 +1,131 @@
{
"namespace": "iot",
"description": "Internet of Things taxonomy, based on IOT UK report https://iotuk.org.uk/wp-content/uploads/2017/01/IOT-Taxonomy-Report.pdf",
"version": 2,
"expanded": "Internet of Things",
"predicates": [
{
"value": "TCom",
"expanded": "Technical complexity",
"description": "IoT projects vary tremendously in terms of their technical sophistication. Digital Catapult has developed a scale based on technology complexity (TCom) that enables us to understand the state of IoT in the UK, and to assess what is currently being researched, trialled or deployed in real-life implementations."
},
{
"value": "SSL",
"expanded": "System Security Level",
"description": "A second characteristic of an IoT system concerns the inherent level of safety, privacy and security of that system. At one end of the spectrum, an IoT system may not gather data that is sensitive either in terms of safety or privacy, while at the other it may collect data about identifiable individuals or groups of individuals, involve financial transactions, or access to system data or have the ability to control objects that could compromise health, safety or security."
},
{
"value": "DSL",
"expanded": "Data Sharing Level",
"description": "A third characteristic of IoT systems concerns the degree of sharing of sensitive data between the object and the system, and subsequently between the system and the system operator(s) or participants, and third parties. Systems do not always need to share data, so IoT product, platform, service and system designers must be clear about when data is shared, what is shared and why.",
"exclusive": true
}
],
"values": [
{
"predicate": "TCom",
"entry": [
{
"value": "0",
"expanded": "Unidentiable object",
"description": "Dumb/passive objects . Not connected, identified or monitored. Example: Any unconnected, unidentified object"
},
{
"value": "1",
"expanded": "Identifiable object",
"description": "Identifiable dumb/passive objects with a virtual existence that can meaningfully be counted/tracked by online systems. Examples: RFID Tags, barcoded or QR-coded objects"
},
{
"value": "2",
"expanded": "Connected object",
"description": "Connected objects . Objects linked to an IP network, with some means of reading, programming or controlling them . These should be counted as elements within the IoT universe, but they are often underused assets. Examples: Printers, doorbells, IP connected fire alarms or security systems"
},
{
"value": "3",
"expanded": "Connected homogeneous object",
"description": "Connected broadly homogeneous objects in a simple integrated system, whether the benefit of that system accrues to the end user or the system provider. Examples: Networks of multiple temperature sensors within a single building or campus . Environmental monitoring networks, wearable devices (such as Fitbit or other wellness technologies)"
},
{
"value": "4",
"expanded": "Connected heterogeneous objects",
"description": "Connected heterogeneous objects in a single, integrated system . This involves taking data from a variety of sensors of different types, all deployed for the same end user or organisation to help improve processes, make better decisions or change outcomes. Examples: The deployment of a range of sensors in a care home or hospital or the combination of parking, traffic volume and traffic control data in an urban road management system"
},
{
"value": "5",
"expanded": "Different objects in similar domain",
"description": "Different objects deployed across multiple interconnected systems for multiple organisations, in multiple locations, all within a similar domain .System supports analysis of aggregated data derived from all deployment locations. Examples: Partnering university campuses security cameras, fire alarms, temperature sensors, access control systems and energy monitoring systems integrated into a single unified control and monitoring solution"
},
{
"value": "6",
"expanded": "Different objects in multiple connected domains",
"description": "As for TCom 5, but where multiple domains are connected . This involves gathering data from a variety of sensor types, across a variety of systems and ecosystems, and creating combined views of the data that offer new sources of value (economic or social) or where there is a high degree of automation across homogeneous systems. Examples: Smart cities where multiple organisations, or different city departments and their partners, have built applications that draw on diverse sets of data from multiple sources to develop or improve services. Such applications might include the adjustment of street lighting in response to incoming data on night-time police activity levels, or the adjustment of traffic lights in response to real-time data sources about local environment data, or current people movement data based on mobile phone location data. Or, in the second case, the automated adjustment of environmental controls across a service providers care estate based on real-time data feeds from sensors deployed in those settings ."
},
{
"value": "7",
"expanded": "Involves multiple ecosystems and a high degree of automation",
"description": "As for TCom 6, but involving both multiple ecosystems and a high degree of automation. Examples: A smart city solution drawing data from multiple providers and sources, which is then used for automated traffic control and routing of emergency services, or the automated adjustment of traffic lights based on real-time mobile phone location data"
}
]
},
{
"predicate": "SSL",
"entry": [
{
"value": "0",
"expanded": "No data involved",
"description": "No data involved, no control of the system"
},
{
"value": "1",
"expanded": "No sensitive data involved",
"description": "No sensitive data involved, no control of the objects in the system. Example: Wireless doorbell"
},
{
"value": "2",
"expanded": "Anonymous or aggregated data",
"description": "System provides anonymous, aggregated statistics, no control of the system. Example: Remote temperature sensors"
},
{
"value": "3",
"expanded": "Sensitive data",
"description": "System generates sensitive data or supports some degree of remote control of the system objects. Examples: Biometric data, door actuation mechanisms"
},
{
"value": "4",
"expanded": "Connects with external systems",
"description": "System generates sensitive data, supports some degree of remote control of the system objects and connects with external systems. Examples: Integrated facilities management systems, tele-health monitoring, security and safety systems"
}
]
},
{
"predicate": "DSL",
"entry": [
{
"value": "0",
"expanded": "No data shared",
"description": "No data is shared. Examples: Simple point-to-point monitoring systems such as consumer weather stations and wireless doorbells"
},
{
"value": "1",
"expanded": "Sharing between two parties",
"description": "Basic sharing between two parties: agreed sharing of sensitive data between the customer/buyer/user and the seller or provider (whether that seller or provider operates in the commercial or public sector). Examples: Cloud-based security systems, remote cameras, home monitoring systems"
},
{
"value": "2",
"expanded": "Third-party sharing",
"description": "Third person sharing: sharing of sensitive data between the seller or provider and unrelated third parties in a commercial context. Examples: Person tracking information to support targeted marketing offers"
},
{
"value": "3",
"expanded": "Multi-domain sharing",
"description": "Multi-domain and third-party sharing: sharing of sensitive data between the customer/buyer/user and multiple sellers or providers involved in delivering services, where those providers come from different ecosystems (including the commercial and public sectors). Examples: The aggregation of parking, traffic and environmental data in an urban traffic management application"
},
{
"value": "4",
"expanded": "Open access to sensitive data",
"description": "Open access to sensitive data, including data generated through use of public finance or infrastructure. Examples: Integration of multiple security systems in a public safety context"
}
]
}
]
}

37
misp/machinetag.json Executable file → Normal file
View File

@ -153,6 +153,26 @@
"value": "invalid"
}
]
},
{
"predicate": "ids",
"entry": [
{
"expanded": "force",
"value": "force",
"description": "Force the IDS flag to be the one from the tag."
},
{
"expanded": "true",
"value": "true",
"description": "Overwrite the current IDS flag of the information tag by IDS true."
},
{
"expanded": "false",
"value": "false",
"description": "Overwrite the current IDS flag of the information tag by IDS false."
}
]
}
],
"predicates": [
@ -165,8 +185,8 @@
"value": "api"
},
{
"expanded": "misp2yara export tool",
"value": "misp2yara"
"expanded": "IDS related tag unfluencing the MISP behavior of the IDS flag.",
"value": "ids"
},
{
"description": "Expansion tag incluencing the MISP behavior using expansion modules",
@ -179,11 +199,13 @@
},
{
"expanded": "Confidence level",
"value": "confidence-level"
"value": "confidence-level",
"exclusive": true
},
{
"expanded": "Cyberthreat Effect Universal Scale - MISP's internal threat level taxonomy",
"value": "threat-level"
"value": "threat-level",
"exclusive": true
},
{
"expanded": "Automation level",
@ -199,9 +221,14 @@
"description": "Tool associated with the information taggged",
"expanded": "Tool",
"value": "tool"
},
{
"expanded": "misp2yara export tool",
"value": "misp2yara",
"exclusive": true
}
],
"version": 9,
"version": 11,
"description": "MISP taxonomy to infer with MISP behavior or operation.",
"expanded": "MISP",
"namespace": "misp"

View File

@ -48,7 +48,8 @@
"value": "classification"
}
],
"version": 1,
"version": 2,
"description": "NATO classification markings.",
"namespace": "nato"
"namespace": "nato",
"exclusive": true
}

View File

@ -13,7 +13,7 @@
"value": "certainty"
}
],
"version": 10,
"version": 11,
"description": "Open Source Intelligence - Classification (MISP taxonomies)",
"namespace": "osint",
"values": [

230
phishing/machinetag.json Normal file
View File

@ -0,0 +1,230 @@
{
"namespace": "phishing",
"description": "Taxonomy to classify phishing attacks including techniques, collection mechanisms and analysis status.",
"version": 4,
"predicates": [
{
"value": "techniques",
"expanded": "Techniques",
"description": "Phishing techniques used."
},
{
"value": "distribution",
"expanded": "Distribution",
"description": "How the phishing is distributed."
},
{
"value": "report-type",
"expanded": "Report type",
"description": "How the phishing information was reported."
},
{
"value": "report-origin",
"expanded": "Report origin",
"description": "Origin or source of the phishing information such as tools or services."
},
{
"value": "action",
"expanded": "Action",
"description": "Action(s) taken related to the phishing tagged with this taxonomy."
},
{
"value": "state",
"expanded": "State",
"description": "State of the phishing.",
"exclusive": true
},
{
"value": "psychological-acceptability",
"expanded": "Psychological acceptability",
"description": "Quality of the phishing by its level of acceptance by the target.",
"exclusive": true
},
{
"value": "principle-of-persuasion",
"expanded": "Principle of Persuasion",
"description": "The principle of persuasion used during the attack to higher psychological acceptability."
}
],
"values": [
{
"predicate": "techniques",
"entry": [
{
"value": "fake-website",
"expanded": "Social engineering fake website",
"description": "Adversary controls a fake website to phish for credentials or information."
},
{
"value": "email-spoofing",
"expanded": "Social engineering email spoofing",
"description": "Adversary sends email with domains related to target. Adversary controls the domains used."
},
{
"value": "clone-phishing",
"expanded": "Clone phishing",
"description": "Adversary clones an email to target potential victims with duplicated content."
},
{
"value": "voice-phishing",
"expanded": "Voice phishing",
"description": "Adversary uses voice-based techniques to trick a potential victim to give credentials or sensitive information. This is also known as vishing."
},
{
"value": "search-engines-abuse",
"expanded": "Social engineering search engines abuse",
"description": "Adversary controls the search engine result to get an advantage"
},
{
"value": "sms-phishing",
"expanded": "SMS phishing",
"description": "Adversary sends an SMS to a potential victims to gather sensitive information or use another phishing technique at a later stage."
}
]
},
{
"predicate": "distribution",
"entry": [
{
"value": "spear-phishing",
"expanded": "Spear phishing",
"description": "Adversary attempts targeted phishing to a user or a specific group of users based on knowledge known by the adversary."
},
{
"value": "bulk-phishing",
"expanded": "Bulk phishing",
"description": "Adversary attempts to target a large group of potential targets without specific knowledge of the victims."
}
]
},
{
"predicate": "report-type",
"entry": [
{
"value": "manual-reporting",
"expanded": "Manual reporting",
"description": "Phishing reported by a human (e.g. tickets, manual reporting)."
},
{
"value": "automatic-reporting",
"expanded": "Automatic reporting",
"description": "Phishing collected by automatic reporting (e.g. phishing report tool, API)."
}
]
},
{
"predicate": "report-origin",
"entry": [
{
"value": "url-abuse",
"expanded": "url-abuse",
"description": "CIRCL url-abuse service."
},
{
"value": "lookyloo",
"expanded": "lookyloo",
"description": "CIRCL lookyloo service."
},
{
"value": "phishtank",
"expanded": "Phishtank",
"description": "Phishtank service."
},
{
"value": "spambee",
"expanded": "Spambee",
"description": "C-3 Spambee service."
}
]
},
{
"predicate": "action",
"entry": [
{
"value": "take-down",
"expanded": "Take down",
"description": "Take down notification sent to the operator where the phishing infrastructure is hosted."
},
{
"value": "pending-law-enforcement-request",
"expanded": "Pending law enforcement request",
"description": "Law enforcement requests are ongoing on the phishing infrastructure."
},
{
"value": "pending-dispute-resolution",
"expanded": "Pending dispute resolution",
"description": "Dispute resolution sent to competent authorities (e.g. domain authority, trademark dispute)."
}
]
},
{
"predicate": "state",
"entry": [
{
"value": "unknown",
"expanded": "Phishing state is unknown or cannot be evaluated",
"numerical_value": 50
},
{
"value": "active",
"expanded": "Phishing state is active and actively used by the adversary",
"numerical_value": 100
},
{
"value": "down",
"expanded": "Phishing state is known to be down",
"numerical_value": 0
}
]
},
{
"predicate": "psychological-acceptability",
"entry": [
{
"value": "unknown",
"expanded": "Phishing acceptance rate is unknown."
},
{
"value": "low",
"expanded": "Phishing acceptance rate is low.",
"numerical_value": 25
},
{
"value": "medium",
"expanded": "Phishing acceptance rate is medium.",
"numerical_value": 50
},
{
"value": "high",
"expanded": "Phishing acceptance rate is high.",
"numerical_value": 75
}
]
},
{
"predicate": "principle-of-persuasion",
"entry": [
{
"value": "authority",
"expanded": "Society trains people not to question authority so they are conditioned to respond to it. People usually follow an expert or pretense of authority and do a great deal for someone they think is an authority."
},
{
"value": "social-proof",
"expanded": "People tend to mimic what the majority of people do or seem to be doing. People let their guard and suspicion down when everyone else appears to share the same behaviours and risks. In this way, they will not be held solely responsible for their actions."
},
{
"value": "liking-similarity-deception",
"expanded": "People prefer to abide to whom (they think) they know or like, or to whom they are similar to or familiar with, as well as attracted to."
},
{
"value": "commitment-reciprocation-consistency",
"expanded": "People feel more confident in their decision once they commit (publically) to a specific action and need to follow it through until the end. This is true whether in the workplace, or in a situation when their action is illegal. People have tendency to believe what others say and need, and they want to appear consistent in what they do, for instance, when they owe a favour. There is an automatic response of repaying a favour."
},
{
"value": "distraction",
"expanded": "People focus on one thing and ignore other things that may happen without them noticing; they focus attention on what they can gain, what they need, what they can lose or miss out on, or if that thing will soon be unavailable, has been censored, restricted or will be more expensive later. These distractions can heighten peoples emotional state and make them forget other logical facts to consider when making decisions."
}
]
}
]
}

View File

@ -50,7 +50,7 @@
"numerical_value": 0
}
],
"version": 1,
"version": 2,
"description": "After an incident is scored, it is assigned a priority level. The six levels listed below are aligned with NCCIC, DHS, and the CISS to help provide a common lexicon when discussing incidents. This priority assignment drives NCCIC urgency, pre-approved incident response offerings, reporting requirements, and recommendations for leadership escalation. Generally, incident priority distribution should follow a similar pattern to the graph below. Based on https://www.us-cert.gov/NCCIC-Cyber-Incident-Scoring-System.",
"namespace": "priority-level",
"exclusive": true

View File

@ -2,7 +2,8 @@
"namespace": "retention",
"expanded": "retention",
"description": "Add a retenion time to events to automatically remove the IDS-flag on ip-dst or ip-src attributes. We calculate the time elapsed based on the date of the event. Supported time units are: d(ays), w(eeks), m(onths), y(ears). The numerical_value is just for sorting in the web-interface and is not used for calculations.",
"version": 1,
"version": 3,
"exclusive": true,
"refs": [
"https://en.wikipedia.org/wiki/Retention_period"
],
@ -56,6 +57,11 @@
"value": "1y",
"expanded": "1 year",
"numerical_value": 365
},
{
"value": "10y",
"expanded": "10 year",
"numerical_value": 3650
}
]
}

View File

@ -206,12 +206,7 @@
"description": "Publicly accessible services potentially disclosing sensitive information, e.g. SNMP or Redis.",
"expanded": "Information disclosure",
"value": "information-disclosure"
}
],
"predicate": "vulnerable"
},
{
"entry": [
{
"description": "A system which is vulnerable to certain attacks. Example: misconfigured client proxy settings (example: WPAD), outdated operating system version, etc.",
"expanded": "Vulnerable system",
@ -298,7 +293,7 @@
"value": "test"
}
],
"version": 2,
"version": 3,
"description": "Reference Security Incident Classification Taxonomy",
"namespace": "rsit"
}

View File

@ -1,7 +1,8 @@
{
"namespace": "rt_event_status",
"description": "Status of events used in Request Tracker.",
"version": 1,
"version": 2,
"exclusive": true,
"predicates": [
{
"value": "event-status",

View File

@ -0,0 +1,67 @@
{
"predicates": [
{
"description": "Potentially Suspect Data Accepted",
"expanded": "accepted-suspect",
"value": "-3"
},
{
"description": "Accepted value from continuous analyzer replacing flask data",
"expanded": "accepted-continuous-analyzer",
"value": "-2"
},
{
"description": "Acepted Value retained although individual measurements deviated by more than selected tolerance",
"expanded": "accepted-deviated-tolerance",
"value": "-1"
},
{
"description": "Accepted Value",
"expanded": "accepted",
"value": "0"
},
{
"description": "Rejected during analysis",
"expanded": "rejected-during-analysis",
"value": "1"
},
{
"description": "Rejected unacceptably large flask-analyzer differences associated with night sampling (used only at MLO between Dec 1962 and Sep 1968)",
"expanded": "rejected-legacy-difference-night-mlo",
"value": "2"
},
{
"description": "Rejected flask measurement; used continuous data instead",
"expanded": "rejected-continuous-data",
"value": "3"
},
{
"description": "Rejected Replicates do not agree to selected tolerance or single flask",
"expanded": "rejected-tolerance-single-flask",
"value": "4"
},
{
"description": "Rejected Daily average deviates from fit by more than 3 standard deviations",
"expanded": "rejected-derivation",
"value": "5"
},
{
"description": "Rejected to improve local distribution of data such as too many data of generally poor quality (used only at two stations: KUM Aug 1979 - Jun 1980 and LJO Apr 1979 - Sep 1985)",
"expanded": "rejected-legacy-poor-quality-kum-ljo",
"value": "6"
},
{
"description": "Rejected Unsteady air at site (La Jolla only)",
"expanded": "rejected-unsteady-ljo",
"value": "7"
},
{
"description": "Rejected manually (see input/flag_flasks.csv)",
"expanded": "rejected-manual",
"value": "8"
}
],
"version": 1,
"description": "Flags describing the sample",
"namespace": "scrippsco2-fgc"
}

View File

@ -0,0 +1,42 @@
{
"predicates": [
{
"description": "Suspect but accepted isotopic measurement",
"expanded": "accepted-suspect",
"value": "-3"
},
{
"description": "Accepted isotopic measurement",
"expanded": "accepted",
"value": "0"
},
{
"description": "Rejected",
"expanded": "rejected",
"value": "3"
},
{
"description": "Outlier from fit",
"expanded": "outlier",
"value": "5"
},
{
"description": "Other rejected, older data",
"expanded": "rejected-old-data",
"value": "6"
},
{
"description": "Flask extracted but not analyzed yet",
"expanded": "extracted-not-analyzed",
"value": "8"
},
{
"description": "Flask not extracted",
"expanded": "not-extracted",
"value": "9"
}
],
"version": 1,
"description": "Flags describing the sample for isotopic data (C14, O18)",
"namespace": "scrippsco2-fgi"
}

View File

@ -0,0 +1,59 @@
{
"predicates": [
{
"expanded": "Alert, NWT, Canada",
"value": "ALT"
},
{
"expanded": "Point Barrow, Alaska",
"value": "PTB"
},
{
"expanded": "Station P",
"value": "STP"
},
{
"expanded": "La Jolla Pier, California",
"value": "LJO"
},
{
"expanded": "Baja California Sur, Mexico",
"value": "BCS"
},
{
"expanded": "Mauna Loa Observatory, Hawaii",
"value": "MLO"
},
{
"expanded": "Cape Kumukahi, Hawaii ",
"value": "KUM"
},
{
"expanded": "Christmas Island, Fanning Island",
"value": "CHR"
},
{
"expanded": "American Samoa",
"value": "SAM"
},
{
"expanded": "Kermadec Islands, Raoul Island",
"value": "KER"
},
{
"expanded": "Baring Head, New Zealand",
"value": "NZD"
},
{
"expanded": "Palmer Station, Antarctica",
"value": "PSA"
},
{
"expanded": "South Pole",
"value": "SPO"
}
],
"version": 1,
"description": "Sampling stations of the Scripps CO2 Program",
"namespace": "scrippsco2-sampling-stations"
}

1156
summary.md Normal file

File diff suppressed because it is too large Load Diff

View File

@ -5,32 +5,32 @@
{
"expanded": "Not targeted, e.g. spam or financially motivated malware.",
"value": "not-targeted",
"numerical_value": 0
"numerical_value": 1
},
{
"expanded": "Targeted but not customized. Sent with a message that is obviously false with little to no validation required.",
"value": "targeted-but-not-customized",
"numerical_value": 1
"numerical_value": 25
},
{
"expanded": "Targeted and poorly customized. Content is generally relevant to the target. May look questionable.",
"value": "targeted-and-poorly-customized",
"numerical_value": 2
"numerical_value": 50
},
{
"expanded": "Targeted and customized. May use a real person/organization or content to convince the target the message is legitimate. Content is specifically relevant to the target and looks legitimate.",
"value": "targeted-and-customized",
"numerical_value": 3
"numerical_value": 65
},
{
"expanded": "Targeted and well-customized. Uses a real person/organization and content to convince the target the message is legitimate. Probably directly addressing the recipient. Content is specifically relevant to the target, looks legitimate, and can be externally referenced (e.g. by a website). May be sent from a hacked account.",
"value": "targeted-and-well-customized",
"numerical_value": 4
"numerical_value": 85
},
{
"expanded": "Targeted and highly customized using sensitive data. Individually targeted and customized, likely using inside/sensitive information that is directly relevant to the target.",
"value": "targeted-and-highly-customized-using-sensitive-data",
"numerical_value": 5
"numerical_value": 100
}
],
"predicate": "targeting-sophistication-base-value"
@ -45,22 +45,22 @@
{
"expanded": "The sample contains a simple method of protection, such as one of the following: code protection using publicly available tools where the reverse method is available, such as UPX packing; simple anti-reversing techniques such as not using import tables, or a call to IsDebuggerPresent(); self-disabling in the presence of AV software.",
"value": "the-sample-contains-a-simple-method-of-protection",
"numerical_value": 1.25
"numerical_value": 25
},
{
"expanded": "The sample contains multiple minor code protection techniques (anti-reversing tricks, packing, VM / reversing tools detection) that require some low-level knowledge. This level includes malware where code that contains the core functionality of the program is decrypted only in memory.",
"value": "the-sample-contains-multiple-minor-code-protection-techniques",
"numerical_value": 1.5
"numerical_value": 50
},
{
"expanded": "The sample contains minor code protection techniques along with at least one advanced protection method such as rootkit functionality or a custom virtualized packer.",
"value": "the-sample-contains-minor-code-protection-techniques-plus-one-advanced",
"numerical_value": 1.75
"numerical_value": 75
},
{
"expanded": "The sample contains multiple advanced protection techniques, e.g. rootkit capability, virtualized packer, multiple anti-reversing techniques, and is clearly designed by a professional software engineering team.",
"value": "the-sample-contains-multiple-advanced-protection-techniques",
"numerical_value": 2
"numerical_value": 100
}
],
"predicate": "technical-sophistication-multiplier"
@ -78,9 +78,10 @@
"value": "technical-sophistication-multiplier"
}
],
"version": 1,
"version": 3,
"refs": [
"https://citizenlab.org/2013/10/targeted-threat-index/"
"https://citizenlab.org/2013/10/targeted-threat-index/",
"https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-hardy.pdf"
],
"description": "The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victims computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman.",
"namespace": "targeted-threat-index"

52
tools/gen_manifest.py Executable file
View File

@ -0,0 +1,52 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import json
from pathlib import Path
from datetime import datetime
TAXONOMY_ROOT_PATH = Path(__file__).resolve().parent.parent
def fetchTaxonomies():
taxonomiesFolder = TAXONOMY_ROOT_PATH
taxonomies = []
allTaxonomies = list(taxonomiesFolder.glob('./*/machinetag.json'))
allTaxonomies.sort()
for taxonomyFile in allTaxonomies:
with open(taxonomyFile, 'rb') as f:
taxonomy = json.load(f)
taxonomies.append(taxonomy)
return taxonomies
def generateManifest(taxonomies):
manifest = {}
manifest['taxonomies'] = []
manifest['path'] = 'machinetag.json'
manifest['url'] = 'https://raw.githubusercontent.com/MISP/misp-taxonomies/master/'
manifest['description'] = 'Manifest file of MISP taxonomies available.'
manifest['license'] = 'CC-0'
now = datetime.now()
manifest['version'] = '{}{:02}{:02}'.format(now.year, now.month, now.day)
for taxonomy in taxonomies:
taxObj = {
'name': taxonomy['namespace'],
'description': taxonomy['description'],
'version': taxonomy['version']
}
manifest['taxonomies'].append(taxObj)
return manifest
def saveManifest(manifest):
with open(TAXONOMY_ROOT_PATH / 'MANIFEST.json', 'w') as f:
json.dump(manifest, f, indent=2, sort_keys=True, ensure_ascii=False)
f.write('\n')
def awesomePrint(text):
print('\033[1;32m{}\033[0;39m'.format(text))
if __name__ == "__main__":
taxonomies = fetchTaxonomies()
manifest = generateManifest(taxonomies)
saveManifest(manifest)
awesomePrint('> Manifest saved!')

52
tools/gen_markdown.py Executable file
View File

@ -0,0 +1,52 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import json
from pathlib import Path
from datetime import datetime
TAXONOMY_ROOT_PATH = Path(__file__).resolve().parent.parent
def fetchTaxonomies():
taxonomiesFolder = TAXONOMY_ROOT_PATH
taxonomies = []
allTaxonomies = list(taxonomiesFolder.glob('./*/machinetag.json'))
allTaxonomies.sort()
for taxonomyFile in allTaxonomies:
with open(taxonomyFile, 'rb') as f:
taxonomy = json.load(f)
taxonomies.append(taxonomy)
return taxonomies
def generateMarkdown(taxonomies):
markdown_line_array = []
markdown_line_array.append("# Taxonomies")
markdown_line_array.append("- Generation date: %s" % datetime.now().isoformat().split('T')[0])
markdown_line_array.append("- license: %s" % 'CC-0')
markdown_line_array.append("- description: %s" % 'Manifest file of MISP taxonomies available.')
markdown_line_array.append("")
markdown_line_array.append("## Taxonomies")
markdown_line_array.append("")
for taxonomy in taxonomies:
markdown_line_array.append("### %s" % taxonomy['namespace'])
markdown_line_array.append("- description: %s" % taxonomy['description'])
markdown_line_array.append("- version: %s" % taxonomy['version'])
markdown_line_array.append("- Predicates")
markdown_line_array = markdown_line_array + [' - '+p['value'] for p in taxonomy['predicates']]
markdown = '\n'.join(markdown_line_array)
return markdown
def saveMarkdown(markdown):
with open(TAXONOMY_ROOT_PATH / 'summary.md', 'w') as f:
f.write(markdown)
def awesomePrint(text):
print('\033[1;32m{}\033[0;39m'.format(text))
if __name__ == "__main__":
taxonomies = fetchTaxonomies()
markdown = generateMarkdown(taxonomies)
saveMarkdown(markdown)
awesomePrint('> Markdown saved!')

View File

@ -38,10 +38,11 @@
"value": "degré-de-probabilité"
}
],
"version": 2,
"version": 3,
"description": "Ce vocabulaire attribue des valeurs en pourcentage à certains énoncés de probabilité",
"expanded": "Vocabulaire des probabilités estimatives",
"namespace": "vocabulaire-des-probabilites-estimatives",
"exclusive": true,
"refs": [
"http://publications.gc.ca/collections/collection_2013/sp-ps/PS64-106-2007-fra.pdf"
]

View File

@ -2,7 +2,7 @@
"namespace": "workflow",
"expanded": "workflow to support analysis",
"description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.",
"version": 9,
"version": 10,
"predicates": [
{
"value": "todo",
@ -12,7 +12,8 @@
{
"value": "state",
"expanded": "State",
"description": "State are the different states of the information or data being tagged."
"description": "State are the different states of the information or data being tagged.",
"exclusive": true
}
],
"values": [