Open Threat Taxonomy added
parent
2115565963
commit
ea8d785e58
|
@ -29,6 +29,7 @@ The following taxonomies are described:
|
||||||
- [Malware](./malware) classification based on a SANS document
|
- [Malware](./malware) classification based on a SANS document
|
||||||
- [ms-caro-malware](./ms-caro-malware) Malware Type and Platform classification based on Microsoft's implementation of the Computer Antivirus Research Organization (CARO) Naming Scheme and Malware Terminology.
|
- [ms-caro-malware](./ms-caro-malware) Malware Type and Platform classification based on Microsoft's implementation of the Computer Antivirus Research Organization (CARO) Naming Scheme and Malware Terminology.
|
||||||
- [NATO Classification Marking](./nato)
|
- [NATO Classification Marking](./nato)
|
||||||
|
- [Open Threat Taxonomy v1.1 (SANS)](./open-threat)
|
||||||
- [OSINT Open Source Intelligence - Classification](./osint)
|
- [OSINT Open Source Intelligence - Classification](./osint)
|
||||||
- [TLP - Traffic Light Protocol](./tlp)
|
- [TLP - Traffic Light Protocol](./tlp)
|
||||||
- Vocabulary for Event Recording and Incident Sharing [VERIS](./veris)
|
- Vocabulary for Event Recording and Incident Sharing [VERIS](./veris)
|
||||||
|
@ -107,6 +108,10 @@ Malware classification based on a [SANS whitepaper about malware](https://www.sa
|
||||||
|
|
||||||
Marking of Classified and Unclassified materials as described by the North Atlantic Treaty Organization, NATO.
|
Marking of Classified and Unclassified materials as described by the North Atlantic Treaty Organization, NATO.
|
||||||
|
|
||||||
|
### [Open Threat Taxonomy v1.1](./open-threat)
|
||||||
|
|
||||||
|
Open Threat Taxonomy v1.1 base on James Tarala of SANS [ref](http://www.auditscripts.com/resources/open_threat_taxonomy_v1.1a.pdf).
|
||||||
|
|
||||||
### [TLP - Traffic Light Protocol](./tlp)
|
### [TLP - Traffic Light Protocol](./tlp)
|
||||||
|
|
||||||
The Traffic Light Protocol - or short: TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time.
|
The Traffic Light Protocol - or short: TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time.
|
||||||
|
|
|
@ -30,7 +30,7 @@ import json
|
||||||
import os.path
|
import os.path
|
||||||
import argparse
|
import argparse
|
||||||
|
|
||||||
taxonomies = ['admiralty-scale', 'adversary', 'tlp', 'circl', 'iep', 'kill-chain', 'veris', 'ecsirt', 'enisa', 'dni-ism', 'europol-events', 'europol-incident', 'nato', 'euci', 'osint', 'first_csirt_case_classification', 'malware', 'de-vs', 'fr-classification','eu-critical-sectors','dhs-ciip-sectors','estimative-language', 'ms-caro-malware', 'information-security-indicators']
|
taxonomies = ['admiralty-scale', 'adversary', 'tlp', 'circl', 'iep', 'kill-chain', 'veris', 'ecsirt', 'enisa', 'dni-ism', 'europol-events', 'europol-incident', 'nato', 'euci', 'osint', 'first_csirt_case_classification', 'malware', 'de-vs', 'fr-classification','eu-critical-sectors','dhs-ciip-sectors','estimative-language', 'ms-caro-malware', 'information-security-indicators', 'open-threat']
|
||||||
argParser = argparse.ArgumentParser(description='Dump Machine Tags (Triple Tags) from MISP taxonomies', epilog='Available taxonomies are {0}'.format(taxonomies))
|
argParser = argparse.ArgumentParser(description='Dump Machine Tags (Triple Tags) from MISP taxonomies', epilog='Available taxonomies are {0}'.format(taxonomies))
|
||||||
argParser.add_argument('-e', action='store_true', help='Include expanded tags')
|
argParser.add_argument('-e', action='store_true', help='Include expanded tags')
|
||||||
argParser.add_argument('-a', action='store_true', help='Generate asciidoctor document from MISP taxonomies')
|
argParser.add_argument('-a', action='store_true', help='Generate asciidoctor document from MISP taxonomies')
|
||||||
|
|
Loading…
Reference in New Issue