diff --git a/ifx-vetting/machinetag.json b/ifx-vetting/machinetag.json new file mode 100644 index 0000000..cedec10 --- /dev/null +++ b/ifx-vetting/machinetag.json @@ -0,0 +1,467 @@ +{ + "namespace": "IFX", + "description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process", + "version": 1, + "predicates": [ + { + "value": "vetted", + "expanded": "state of the vetted intelligence" + }, + { + "value": "score", + "expanded": "A numerical score added by a scoring algorithm of choice. The score can either be considered by an analyst or in combination with other tags be used for automatic processing of the data." + } + ], + "values": [ + { + "predicate": "vetted", + "entry": [ + { + "value": "legit-but-compromised", + "expanded": "The attribute/event describes something that is legitly used, but seems to be compromised by 3rd parties to be used for malicious activities. Consider this if blocking is your course of action." + }, + { + "value": "legit", + "expanded": "The attribute/event describes something legitly used, that does not show signes of compromise or misuse." + }, + { + "value": "legit-uncertain", + "expanded": "The attribute/event describes something where it is not 100% clear if it is used only legitly." + }, + { + "value": "malicious", + "expanded": "The attribute/event describes something that is definitly used maliciously." + }, + { + "value": "malicious-uncertain", + "expanded": "The attribute/event describes something that seems to be used maliciously, but there is no 100% proof." + }, + { + "value": "invalid", + "expanded": "The attribute/event is invalid or wrong in respect to the situation described by the event." + }, + { + "value": "irrelevant", + "expanded": "The attribute/event is irrelevant to your organization or CTI process." + }, + { + "value": "undetermined", + "expanded": "The nature of the attribute/event cannot be further determined. Use this only as a last resort." + }, + { + "value": "fast-track", + "expanded": "The attribute/event was not vetted but passed through for operational reasons. A result might be higher false-positive rates." + } + ] + }, + { + "predicate": "score", + "entry": [ + { + "value": "0", + "expanded": "" + }, + { + "value": "1", + "expanded": "" + }, + { + "value": "2", + "expanded": "" + }, + { + "value": "3", + "expanded": "" + }, + { + "value": "4", + "expanded": "" + }, + { + "value": "5", + "expanded": "" + }, + { + "value": "6", + "expanded": "" + }, + { + "value": "7", + "expanded": "" + }, + { + "value": "8", + "expanded": "" + }, + { + "value": "9", + "expanded": "" + }, + { + "value": "10", + "expanded": "" + }, + { + "value": "11", + "expanded": "" + }, + { + "value": "12", + "expanded": "" + }, + { + "value": "13", + "expanded": "" + }, + { + "value": "14", + "expanded": "" + }, + { + "value": "15", + "expanded": "" + }, + { + "value": "16", + "expanded": "" + }, + { + "value": "17", + "expanded": "" + }, + { + "value": "18", + "expanded": "" + }, + { + "value": "19", + "expanded": "" + }, + { + "value": "20", + "expanded": "" + }, + { + "value": "21", + "expanded": "" + }, + { + "value": "22", + "expanded": "" + }, + { + "value": "23", + "expanded": "" + }, + { + "value": "24", + "expanded": "" + }, + { + "value": "25", + "expanded": "" + }, + { + "value": "26", + "expanded": "" + }, + { + "value": "27", + "expanded": "" + }, + { + "value": "28", + "expanded": "" + }, + { + "value": "29", + "expanded": "" + }, + { + "value": "30", + "expanded": "" + }, + { + "value": "31", + "expanded": "" + }, + { + "value": "32", + "expanded": "" + }, + { + "value": "33", + "expanded": "" + }, + { + "value": "34", + "expanded": "" + }, + { + "value": "35", + "expanded": "" + }, + { + "value": "36", + "expanded": "" + }, + { + "value": "37", + "expanded": "" + }, + { + "value": "38", + "expanded": "" + }, + { + "value": "39", + "expanded": "" + }, + { + "value": "40", + "expanded": "" + }, + { + "value": "41", + "expanded": "" + }, + { + "value": "42", + "expanded": "" + }, + { + "value": "43", + "expanded": "" + }, + { + "value": "44", + "expanded": "" + }, + { + "value": "45", + "expanded": "" + }, + { + "value": "46", + "expanded": "" + }, + { + "value": "47", + "expanded": "" + }, + { + "value": "48", + "expanded": "" + }, + { + "value": "49", + "expanded": "" + }, + { + "value": "50", + "expanded": "" + }, + { + "value": "51", + "expanded": "" + }, + { + "value": "52", + "expanded": "" + }, + { + "value": "53", + "expanded": "" + }, + { + "value": "54", + "expanded": "" + }, + { + "value": "55", + "expanded": "" + }, + { + "value": "56", + "expanded": "" + }, + { + "value": "57", + "expanded": "" + }, + { + "value": "58", + "expanded": "" + }, + { + "value": "59", + "expanded": "" + }, + { + "value": "60", + "expanded": "" + }, + { + "value": "61", + "expanded": "" + }, + { + "value": "62", + "expanded": "" + }, + { + "value": "63", + "expanded": "" + }, + { + "value": "64", + "expanded": "" + }, + { + "value": "65", + "expanded": "" + }, + { + "value": "66", + "expanded": "" + }, + { + "value": "67", + "expanded": "" + }, + { + "value": "68", + "expanded": "" + }, + { + "value": "69", + "expanded": "" + }, + { + "value": "70", + "expanded": "" + }, + { + "value": "71", + "expanded": "" + }, + { + "value": "72", + "expanded": "" + }, + { + "value": "73", + "expanded": "" + }, + { + "value": "74", + "expanded": "" + }, + { + "value": "75", + "expanded": "" + }, + { + "value": "76", + "expanded": "" + }, + { + "value": "77", + "expanded": "" + }, + { + "value": "78", + "expanded": "" + }, + { + "value": "79", + "expanded": "" + }, + { + "value": "80", + "expanded": "" + }, + { + "value": "81", + "expanded": "" + }, + { + "value": "82", + "expanded": "" + }, + { + "value": "83", + "expanded": "" + }, + { + "value": "84", + "expanded": "" + }, + { + "value": "85", + "expanded": "" + }, + { + "value": "86", + "expanded": "" + }, + { + "value": "87", + "expanded": "" + }, + { + "value": "88", + "expanded": "" + }, + { + "value": "89", + "expanded": "" + }, + { + "value": "90", + "expanded": "" + }, + { + "value": "91", + "expanded": "" + }, + { + "value": "92", + "expanded": "" + }, + { + "value": "93", + "expanded": "" + }, + { + "value": "94", + "expanded": "" + }, + { + "value": "95", + "expanded": "" + }, + { + "value": "96", + "expanded": "" + }, + { + "value": "97", + "expanded": "" + }, + { + "value": "98", + "expanded": "" + }, + { + "value": "99", + "expanded": "" + }, + { + "value": "100", + "expanded": "" + } + ] + } + ] +}