Properly fix manifest.

2017-09-01 00:49:13 +02:00 · 2017-09-01 00:49:13 +02:00 · e89715212c
parent 8d4bc5fc26
commit e89715212c
4 changed files with 51 additions and 138 deletions
--- a/MANIFEST.json
+++ b/MANIFEST.json
@ -5,6 +5,11 @@
      "name": "accessnow",
      "description": "Access Now"
    },
+    {
+      "version": 1,
+      "name": "action-taken",
+      "description": "Action taken."
+    },
    {
      "version": 1,
      "name": "admiralty-scale",
@ -40,6 +45,11 @@
      "name": "cssa",
      "description": ""
    },
+    {
+      "version": 1,
+      "name": "ddos",
+      "description": "Distributed Denial of Service - or short: DDoS - taxonomy supports the description of Denial of Service attacks and especially the types they belong too."
+    },
    {
      "version": 1,
      "name": "de-vs",
@ -55,6 +65,11 @@
      "name": "diamond-model",
      "description": "The Diamond Model for Intrusion Analysis, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack."
    },
+    {
+      "version": 1,
+      "name": "DML",
+      "description": "The Detection Maturity Level (DML) model is a capability maturity model for referencing ones maturity in detecting cyber attacks.  It's designed for organizations who perform intel-driven detection and response and who put an emphasis on having a mature detection program."
+    },
    {
      "version": 3,
      "name": "dni-ism",
@ -100,6 +115,11 @@
      "name": "europol-incident",
      "description": "EUROPOL class of incident taxonomy."
    },
+    {
+      "version": 1,
+      "name": "event-assessment",
+      "description": "A series of assessment predicates describing the event assessment performed to make judgement(s) under a certain level of uncertainty."
+    },
    {
      "version": 1,
      "name": "fr-classif",
@ -160,85 +180,50 @@
      "name": "PAP",
      "description": "The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used."
    },
-    {
-      "version": 3,
-      "name": "tlp",
-      "description": "The Traffic Light Protocol - or short: TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time. Extended with TLP:EX:CHR."
-    },
-    {
-      "version": 2,
-      "name": "veris",
-      "description": "Vocabulary for Event Recording and Incident Sharing (VERIS)."
-    },
-    {
-      "version": 1,
-      "name": "stealth_malware",
-      "description": "Classification based on malware stealth techniques."
-    },
-    {
-      "version": 1,
-      "name": "targeted-threat-index",
-      "description": "The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman."
-    },
-    {
-      "version": 1,
-      "name": "stix-ttp",
-      "description": "Representation of the behavior or modus operandi of cyber adversaries (a.k.a TTP) as normalized in STIX"
-    },
-    {
-      "version": 1,
-      "name": "accessnow",
-      "description": "AccessNow Taxonomy"
-    },
    {
      "version": 1,
      "name": "passivetotal",
      "description": "Tags for RiskIQ's passivetotal service"
    },
-    {
-      "version": 1,
-      "name": "vocabulaire-des-probabilites-estimatives",
-      "description": "Vocabulaire des probabilités estimatives"
-    },
-    {
-      "version": 1,
-      "name": "DML",
-      "description": "The Detection Maturity Level (DML) model is a capability maturity model for referencing ones maturity in detecting cyber attacks.  It's designed for organizations who perform intel-driven detection and response and who put an emphasis on having a mature detection program."
-    },
-    {
-      "version": 1,
-      "name": "action-taken",
-      "description": "Action taken"
-    },
-    {
-      "version": 2,
-      "name": "analyst-assessment",
-      "description": "A series of assessment predicates describing the analyst capabilities to perform analysis. These assessment can be assigned by the analyst him/herself or by another party evaluating the analyst."
-    },
-    {
-      "version": 1,
-      "name": "binary-class",
-      "description": "Custom taxonomy for types of binary file."
-    },
-    {
-      "version": 1,
-      "name": "ddos",
-      "description": "Distributed Denial of Service - or short: DDoS - taxonomy supports the description of Denial of Service attacks and especially the types they belong too."
-    },
-    {
-      "version": 1,
-      "name": "event-assessment",
-      "description": "A series of assessment predicates describing the event assessment performed to make judgement(s) under a certain level of uncertainty."
-    },
    {
      "version": 1,
      "name": "rt_event_status",
      "description": "Status of events used in Request Tracker."
    },
+    {
+      "version": 1,
+      "name": "stealth_malware",
+      "description": "Classification based on malware stealth techniques."
+    },
+    {
+      "version": 1,
+      "name": "stix-ttp",
+      "description": "Representation of the behavior or modus operandi of cyber adversaries (a.k.a TTP) as normalized in STIX"
+    },
+    {
+      "version": 1,
+      "name": "targeted-threat-index",
+      "description": "The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman."
+    },
+    {
+      "version": 3,
+      "name": "tlp",
+      "description": "The Traffic Light Protocol - or short: TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time. Extended with TLP:EX:CHR."
+    },
    {
      "version": 1,
      "name": "tor",
      "description": "Taxonomy to describe Tor network infrastructure"
+    },
+    {
+      "version": 2,
+      "name": "veris",
+      "description": "Vocabulary for Event Recording and Incident Sharing (VERIS)."
+    },
+    {
+      "version": 1,
+      "name": "vocabulaire-des-probabilites-estimatives",
+      "description": "Vocabulaire des probabilités estimatives"
    }
  ],
  "path": "machinetag.json",
--- a/stealth-malware/README.md
+++ b/stealth-malware/README.md
@ -1,35 +0,0 @@
-# Stealth Malware Taxonomy
-
-## Malware Types
-
-All malware samples should be classified into one of the categories listed in the table below.
-
-<dl>
-<dt>Type 0</dt>
-<dd>No OS or system compromise. The malware runs as a normal user process using only official API calls.<dd>
-
-<dt>Type I</dt>
-<dd>The malware modifies constant sections of the kernel and/or processes such as code sections.<dd>
-
-<dt>Type II</dt>
-<dd>The malware does not modify constant sections but only the dynamic sections of the kernel and/or processes such as data sections.<dd>
-
-<dt>Type III</dt>
-<dd>The malware does not modify any sections of the kernel and/or processes but influences the system without modifying the OS. For example using hardware virtualization techniques.<dd>
-</dl>
-
-# Machine-parsable Stealth Malware Taxonomy
-
-The repository contains a [JSON file including the machine-parsable tags](machinetag.json)
-along with their human-readable description. The software can use both
-representation on the user-interface and store the tag as machine-parsable.
-
-~~~~
-stealth_malware:type="II"
-~~~~
-
-Based on:
-
-https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf
-
-
--- a/stealth-malware/machinetag.json
+++ b/stealth-malware/machinetag.json
@ -1,37 +0,0 @@
-{
-  "namespace": "stealth_malware",
-  "description": "Classification based on malware stealth techniques. Described in https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf",
-  "version": 1,
-  "refs": [
-    "https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf"
-  ],
-  "predicates": [
-    {
-      "value": "type",
-      "expanded": "Stealth technique type"
-    }
-  ],
-  "values": [
-    {
-      "predicate": "type",
-      "entry": [
-        {
-          "value": "0",
-          "expanded": "No OS or system compromise. The malware runs as a normal user process using only official API calls."
-        },
-        {
-          "value": "I",
-          "expanded": "The malware modifies constant sections of the kernel and/or processes such as code sections."
-        },
-        {
-          "value": "II",
-          "expanded": "The malware does not modify constant sections but only the dynamic sections of the kernel and/or processes such as data sections."
-        },
-        {
-          "value": "III",
-          "expanded": "The malware does not modify any sections of the kernel and/or processes but influences the system without modifying the OS. For example using hardware virtualization techniques."
-        }
-      ]
-    }
-  ]
-}
--- a/validate_all.sh
+++ b/validate_all.sh
@ -15,7 +15,7 @@ fi
 directories=`ls -d */ | wc -w`
 manifest_entries=`cat MANIFEST.json | jq '.taxonomies | length'`

-if ! [ $directories -eq $manifest_entries ]; then
+if ! [ $((directories-2)) -eq $manifest_entries ]; then
    echo "MANIFEST isn't up-to-date."
    exit 1
 fi