From ea8d785e58eac3eab8f7335fb7a41c5c4e69c819 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 21 Jul 2016 23:22:04 +0200 Subject: [PATCH] Open Threat Taxonomy added --- README.md | 5 +++++ tools/machinetag.py | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 936afd4..420553f 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,7 @@ The following taxonomies are described: - [Malware](./malware) classification based on a SANS document - [ms-caro-malware](./ms-caro-malware) Malware Type and Platform classification based on Microsoft's implementation of the Computer Antivirus Research Organization (CARO) Naming Scheme and Malware Terminology. - [NATO Classification Marking](./nato) +- [Open Threat Taxonomy v1.1 (SANS)](./open-threat) - [OSINT Open Source Intelligence - Classification](./osint) - [TLP - Traffic Light Protocol](./tlp) - Vocabulary for Event Recording and Incident Sharing [VERIS](./veris) @@ -107,6 +108,10 @@ Malware classification based on a [SANS whitepaper about malware](https://www.sa Marking of Classified and Unclassified materials as described by the North Atlantic Treaty Organization, NATO. +### [Open Threat Taxonomy v1.1](./open-threat) + +Open Threat Taxonomy v1.1 base on James Tarala of SANS [ref](http://www.auditscripts.com/resources/open_threat_taxonomy_v1.1a.pdf). + ### [TLP - Traffic Light Protocol](./tlp) The Traffic Light Protocol - or short: TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time. diff --git a/tools/machinetag.py b/tools/machinetag.py index e7be956..4bec940 100755 --- a/tools/machinetag.py +++ b/tools/machinetag.py @@ -30,7 +30,7 @@ import json import os.path import argparse -taxonomies = ['admiralty-scale', 'adversary', 'tlp', 'circl', 'iep', 'kill-chain', 'veris', 'ecsirt', 'enisa', 'dni-ism', 'europol-events', 'europol-incident', 'nato', 'euci', 'osint', 'first_csirt_case_classification', 'malware', 'de-vs', 'fr-classification','eu-critical-sectors','dhs-ciip-sectors','estimative-language', 'ms-caro-malware', 'information-security-indicators'] +taxonomies = ['admiralty-scale', 'adversary', 'tlp', 'circl', 'iep', 'kill-chain', 'veris', 'ecsirt', 'enisa', 'dni-ism', 'europol-events', 'europol-incident', 'nato', 'euci', 'osint', 'first_csirt_case_classification', 'malware', 'de-vs', 'fr-classification','eu-critical-sectors','dhs-ciip-sectors','estimative-language', 'ms-caro-malware', 'information-security-indicators', 'open-threat'] argParser = argparse.ArgumentParser(description='Dump Machine Tags (Triple Tags) from MISP taxonomies', epilog='Available taxonomies are {0}'.format(taxonomies)) argParser.add_argument('-e', action='store_true', help='Include expanded tags') argParser.add_argument('-a', action='store_true', help='Generate asciidoctor document from MISP taxonomies')