diff --git a/ifx-vetting/machinetag.json b/ifx-vetting/machinetag.json index a7ccdec..cedec10 100644 --- a/ifx-vetting/machinetag.json +++ b/ifx-vetting/machinetag.json @@ -1,467 +1,467 @@ { - "namespace": "IFX", - "description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process", - "version": 1, - "predicates": [ + "namespace": "IFX", + "description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process", + "version": 1, + "predicates": [ + { + "value": "vetted", + "expanded": "state of the vetted intelligence" + }, + { + "value": "score", + "expanded": "A numerical score added by a scoring algorithm of choice. The score can either be considered by an analyst or in combination with other tags be used for automatic processing of the data." + } + ], + "values": [ + { + "predicate": "vetted", + "entry": [ { - "value": "vetted", - "expanded": "state of the vetted intelligence" + "value": "legit-but-compromised", + "expanded": "The attribute/event describes something that is legitly used, but seems to be compromised by 3rd parties to be used for malicious activities. Consider this if blocking is your course of action." }, { - "value": "score", - "expanded": "A numerical score added by a scoring algorithm of choice. The score can either be considered by an analyst or in combination with other tags be used for automatic processing of the data." - } - ], - "values": [ - { - "predicate": "vetted", - "entry": [ - { - "value": "legit-but-compromised", - "expanded": "The attribute/event describes something that is legitly used, but seems to be compromised by 3rd parties to be used for malicious activities. Consider this if blocking is your course of action." - }, - { - "value": "legit", - "expanded": "The attribute/event describes something legitly used, that does not show signes of compromise or misuse." - }, - { - "value": "legit-uncertain", - "expanded": "The attribute/event describes something where it is not 100% clear if it is used only legitly." - }, - { - "value": "malicious", - "expanded": "The attribute/event describes something that is definitly used maliciously." - }, - { - "value": "malicious-uncertain", - "expanded": "The attribute/event describes something that seems to be used maliciously, but there is no 100% proof." - }, - { - "value": "invalid", - "expanded": "The attribute/event is invalid or wrong in respect to the situation described by the event." - }, - { - "value": "irrelevant", - "expanded": "The attribute/event is irrelevant to your organization or CTI process." - }, - { - "value": "undetermined", - "expanded": "The nature of the attribute/event cannot be further determined. Use this only as a last resort." - }, - { - "value": "fast-track", - "expanded": "The attribute/event was not vetted but passed through for operational reasons. A result might be higher false-positive rates." - } - ] + "value": "legit", + "expanded": "The attribute/event describes something legitly used, that does not show signes of compromise or misuse." }, { - "predicate": "score", - "entry": [ - { - "value": "0", - "expanded": "" - }, - { - "value": "1", - "expanded": "" - }, - { - "value": "2", - "expanded": "" - }, - { - "value": "3", - "expanded": "" - }, - { - "value": "4", - "expanded": "" - }, - { - "value": "5", - "expanded": "" - }, - { - "value": "6", - "expanded": "" - }, - { - "value": "7", - "expanded": "" - }, - { - "value": "8", - "expanded": "" - }, - { - "value": "9", - "expanded": "" - }, - { - "value": "10", - "expanded": "" - }, - { - "value": "11", - "expanded": "" - }, - { - "value": "12", - "expanded": "" - }, - { - "value": "13", - "expanded": "" - }, - { - "value": "14", - "expanded": "" - }, - { - "value": "15", - "expanded": "" - }, - { - "value": "16", - "expanded": "" - }, - { - "value": "17", - "expanded": "" - }, - { - "value": "18", - "expanded": "" - }, - { - "value": "19", - "expanded": "" - }, - { - "value": "20", - "expanded": "" - }, - { - "value": "21", - "expanded": "" - }, - { - "value": "22", - "expanded": "" - }, - { - "value": "23", - "expanded": "" - }, - { - "value": "24", - "expanded": "" - }, - { - "value": "25", - "expanded": "" - }, - { - "value": "26", - "expanded": "" - }, - { - "value": "27", - "expanded": "" - }, - { - "value": "28", - "expanded": "" - }, - { - "value": "29", - "expanded": "" - }, - { - "value": "30", - "expanded": "" - }, - { - "value": "31", - "expanded": "" - }, - { - "value": "32", - "expanded": "" - }, - { - "value": "33", - "expanded": "" - }, - { - "value": "34", - "expanded": "" - }, - { - "value": "35", - "expanded": "" - }, - { - "value": "36", - "expanded": "" - }, - { - "value": "37", - "expanded": "" - }, - { - "value": "38", - "expanded": "" - }, - { - "value": "39", - "expanded": "" - }, - { - "value": "40", - "expanded": "" - }, - { - "value": "41", - "expanded": "" - }, - { - "value": "42", - "expanded": "" - }, - { - "value": "43", - "expanded": "" - }, - { - "value": "44", - "expanded": "" - }, - { - "value": "45", - "expanded": "" - }, - { - "value": "46", - "expanded": "" - }, - { - "value": "47", - "expanded": "" - }, - { - "value": "48", - "expanded": "" - }, - { - "value": "49", - "expanded": "" - }, - { - "value": "50", - "expanded": "" - }, - { - "value": "51", - "expanded": "" - }, - { - "value": "52", - "expanded": "" - }, - { - "value": "53", - "expanded": "" - }, - { - "value": "54", - "expanded": "" - }, - { - "value": "55", - "expanded": "" - }, - { - "value": "56", - "expanded": "" - }, - { - "value": "57", - "expanded": "" - }, - { - "value": "58", - "expanded": "" - }, - { - "value": "59", - "expanded": "" - }, - { - "value": "60", - "expanded": "" - }, - { - "value": "61", - "expanded": "" - }, - { - "value": "62", - "expanded": "" - }, - { - "value": "63", - "expanded": "" - }, - { - "value": "64", - "expanded": "" - }, - { - "value": "65", - "expanded": "" - }, - { - "value": "66", - "expanded": "" - }, - { - "value": "67", - "expanded": "" - }, - { - "value": "68", - "expanded": "" - }, - { - "value": "69", - "expanded": "" - }, - { - "value": "70", - "expanded": "" - }, - { - "value": "71", - "expanded": "" - }, - { - "value": "72", - "expanded": "" - }, - { - "value": "73", - "expanded": "" - }, - { - "value": "74", - "expanded": "" - }, - { - "value": "75", - "expanded": "" - }, - { - "value": "76", - "expanded": "" - }, - { - "value": "77", - "expanded": "" - }, - { - "value": "78", - "expanded": "" - }, - { - "value": "79", - "expanded": "" - }, - { - "value": "80", - "expanded": "" - }, - { - "value": "81", - "expanded": "" - }, - { - "value": "82", - "expanded": "" - }, - { - "value": "83", - "expanded": "" - }, - { - "value": "84", - "expanded": "" - }, - { - "value": "85", - "expanded": "" - }, - { - "value": "86", - "expanded": "" - }, - { - "value": "87", - "expanded": "" - }, - { - "value": "88", - "expanded": "" - }, - { - "value": "89", - "expanded": "" - }, - { - "value": "90", - "expanded": "" - }, - { - "value": "91", - "expanded": "" - }, - { - "value": "92", - "expanded": "" - }, - { - "value": "93", - "expanded": "" - }, - { - "value": "94", - "expanded": "" - }, - { - "value": "95", - "expanded": "" - }, - { - "value": "96", - "expanded": "" - }, - { - "value": "97", - "expanded": "" - }, - { - "value": "98", - "expanded": "" - }, - { - "value": "99", - "expanded": "" - }, - { - "value": "100", - "expanded": "" - } - ] + "value": "legit-uncertain", + "expanded": "The attribute/event describes something where it is not 100% clear if it is used only legitly." + }, + { + "value": "malicious", + "expanded": "The attribute/event describes something that is definitly used maliciously." + }, + { + "value": "malicious-uncertain", + "expanded": "The attribute/event describes something that seems to be used maliciously, but there is no 100% proof." + }, + { + "value": "invalid", + "expanded": "The attribute/event is invalid or wrong in respect to the situation described by the event." + }, + { + "value": "irrelevant", + "expanded": "The attribute/event is irrelevant to your organization or CTI process." + }, + { + "value": "undetermined", + "expanded": "The nature of the attribute/event cannot be further determined. Use this only as a last resort." + }, + { + "value": "fast-track", + "expanded": "The attribute/event was not vetted but passed through for operational reasons. A result might be higher false-positive rates." } - ] + ] + }, + { + "predicate": "score", + "entry": [ + { + "value": "0", + "expanded": "" + }, + { + "value": "1", + "expanded": "" + }, + { + "value": "2", + "expanded": "" + }, + { + "value": "3", + "expanded": "" + }, + { + "value": "4", + "expanded": "" + }, + { + "value": "5", + "expanded": "" + }, + { + "value": "6", + "expanded": "" + }, + { + "value": "7", + "expanded": "" + }, + { + "value": "8", + "expanded": "" + }, + { + "value": "9", + "expanded": "" + }, + { + "value": "10", + "expanded": "" + }, + { + "value": "11", + "expanded": "" + }, + { + "value": "12", + "expanded": "" + }, + { + "value": "13", + "expanded": "" + }, + { + "value": "14", + "expanded": "" + }, + { + "value": "15", + "expanded": "" + }, + { + "value": "16", + "expanded": "" + }, + { + "value": "17", + "expanded": "" + }, + { + "value": "18", + "expanded": "" + }, + { + "value": "19", + "expanded": "" + }, + { + "value": "20", + "expanded": "" + }, + { + "value": "21", + "expanded": "" + }, + { + "value": "22", + "expanded": "" + }, + { + "value": "23", + "expanded": "" + }, + { + "value": "24", + "expanded": "" + }, + { + "value": "25", + "expanded": "" + }, + { + "value": "26", + "expanded": "" + }, + { + "value": "27", + "expanded": "" + }, + { + "value": "28", + "expanded": "" + }, + { + "value": "29", + "expanded": "" + }, + { + "value": "30", + "expanded": "" + }, + { + "value": "31", + "expanded": "" + }, + { + "value": "32", + "expanded": "" + }, + { + "value": "33", + "expanded": "" + }, + { + "value": "34", + "expanded": "" + }, + { + "value": "35", + "expanded": "" + }, + { + "value": "36", + "expanded": "" + }, + { + "value": "37", + "expanded": "" + }, + { + "value": "38", + "expanded": "" + }, + { + "value": "39", + "expanded": "" + }, + { + "value": "40", + "expanded": "" + }, + { + "value": "41", + "expanded": "" + }, + { + "value": "42", + "expanded": "" + }, + { + "value": "43", + "expanded": "" + }, + { + "value": "44", + "expanded": "" + }, + { + "value": "45", + "expanded": "" + }, + { + "value": "46", + "expanded": "" + }, + { + "value": "47", + "expanded": "" + }, + { + "value": "48", + "expanded": "" + }, + { + "value": "49", + "expanded": "" + }, + { + "value": "50", + "expanded": "" + }, + { + "value": "51", + "expanded": "" + }, + { + "value": "52", + "expanded": "" + }, + { + "value": "53", + "expanded": "" + }, + { + "value": "54", + "expanded": "" + }, + { + "value": "55", + "expanded": "" + }, + { + "value": "56", + "expanded": "" + }, + { + "value": "57", + "expanded": "" + }, + { + "value": "58", + "expanded": "" + }, + { + "value": "59", + "expanded": "" + }, + { + "value": "60", + "expanded": "" + }, + { + "value": "61", + "expanded": "" + }, + { + "value": "62", + "expanded": "" + }, + { + "value": "63", + "expanded": "" + }, + { + "value": "64", + "expanded": "" + }, + { + "value": "65", + "expanded": "" + }, + { + "value": "66", + "expanded": "" + }, + { + "value": "67", + "expanded": "" + }, + { + "value": "68", + "expanded": "" + }, + { + "value": "69", + "expanded": "" + }, + { + "value": "70", + "expanded": "" + }, + { + "value": "71", + "expanded": "" + }, + { + "value": "72", + "expanded": "" + }, + { + "value": "73", + "expanded": "" + }, + { + "value": "74", + "expanded": "" + }, + { + "value": "75", + "expanded": "" + }, + { + "value": "76", + "expanded": "" + }, + { + "value": "77", + "expanded": "" + }, + { + "value": "78", + "expanded": "" + }, + { + "value": "79", + "expanded": "" + }, + { + "value": "80", + "expanded": "" + }, + { + "value": "81", + "expanded": "" + }, + { + "value": "82", + "expanded": "" + }, + { + "value": "83", + "expanded": "" + }, + { + "value": "84", + "expanded": "" + }, + { + "value": "85", + "expanded": "" + }, + { + "value": "86", + "expanded": "" + }, + { + "value": "87", + "expanded": "" + }, + { + "value": "88", + "expanded": "" + }, + { + "value": "89", + "expanded": "" + }, + { + "value": "90", + "expanded": "" + }, + { + "value": "91", + "expanded": "" + }, + { + "value": "92", + "expanded": "" + }, + { + "value": "93", + "expanded": "" + }, + { + "value": "94", + "expanded": "" + }, + { + "value": "95", + "expanded": "" + }, + { + "value": "96", + "expanded": "" + }, + { + "value": "97", + "expanded": "" + }, + { + "value": "98", + "expanded": "" + }, + { + "value": "99", + "expanded": "" + }, + { + "value": "100", + "expanded": "" + } + ] + } + ] }