MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

Open Threat Taxonomy added

pull/28/head
Alexandre Dulaunoy 2016-07-21 23:22:04 +02:00
parent 2115565963
commit ea8d785e58
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -29,6 +29,7 @@ The following taxonomies are described:
- [Malware](./malware) classification based on a SANS document
- [ms-caro-malware](./ms-caro-malware) Malware Type and Platform classification based on Microsoft's implementation of the Computer Antivirus Research Organization (CARO) Naming Scheme and Malware Terminology.
- [NATO Classification Marking](./nato)
- [Open Threat Taxonomy v1.1 (SANS)](./open-threat)
- [OSINT Open Source Intelligence - Classification](./osint)
- [TLP - Traffic Light Protocol](./tlp)
- Vocabulary for Event Recording and Incident Sharing [VERIS](./veris)
@ -107,6 +108,10 @@ Malware classification based on a [SANS whitepaper about malware](https://www.sa
Marking of Classified and Unclassified materials as described by the North Atlantic Treaty Organization, NATO.
### [Open Threat Taxonomy v1.1](./open-threat)
Open Threat Taxonomy v1.1 base on James Tarala of SANS [ref](http://www.auditscripts.com/resources/open_threat_taxonomy_v1.1a.pdf).
### [TLP - Traffic Light Protocol](./tlp)
The Traffic Light Protocol - or short: TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time.

2
tools/machinetag.py
View File

@ -30,7 +30,7 @@ import json
import os.path
import argparse
taxonomies = ['admiralty-scale', 'adversary', 'tlp', 'circl', 'iep', 'kill-chain', 'veris', 'ecsirt', 'enisa', 'dni-ism', 'europol-events', 'europol-incident', 'nato', 'euci', 'osint', 'first_csirt_case_classification', 'malware', 'de-vs', 'fr-classification','eu-critical-sectors','dhs-ciip-sectors','estimative-language', 'ms-caro-malware', 'information-security-indicators']
taxonomies = ['admiralty-scale', 'adversary', 'tlp', 'circl', 'iep', 'kill-chain', 'veris', 'ecsirt', 'enisa', 'dni-ism', 'europol-events', 'europol-incident', 'nato', 'euci', 'osint', 'first_csirt_case_classification', 'malware', 'de-vs', 'fr-classification','eu-critical-sectors','dhs-ciip-sectors','estimative-language', 'ms-caro-malware', 'information-security-indicators', 'open-threat']
argParser = argparse.ArgumentParser(description='Dump Machine Tags (Triple Tags) from MISP taxonomies', epilog='Available taxonomies are {0}'.format(taxonomies))
argParser.add_argument('-e', action='store_true', help='Include expanded tags')
argParser.add_argument('-a', action='store_true', help='Generate asciidoctor document from MISP taxonomies')