From 13d595dd7874662d7fab8333c07583769259dfe4 Mon Sep 17 00:00:00 2001 From: RaphaelOtto Date: Tue, 7 Aug 2018 09:51:10 +0200 Subject: [PATCH 1/3] add ifx-vetting taxonomy --- ifx-vetting/machinetag.json | 467 ++++++++++++++++++++++++++++++++++++ 1 file changed, 467 insertions(+) create mode 100644 ifx-vetting/machinetag.json diff --git a/ifx-vetting/machinetag.json b/ifx-vetting/machinetag.json new file mode 100644 index 0000000..3c4e925 --- /dev/null +++ b/ifx-vetting/machinetag.json @@ -0,0 +1,467 @@ +{ + "namespace": "IFX", + "description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process", + "version": 1, + "predicates": [ + { + "value": "vetted", + "expanded": "state of the vetted intelligence" + }, + { + "value": "score", + "expanded": "" + } + ], + "values": [ + { + "predicate": "vetted", + "entry": [ + { + "value": "legit-but-compromised", + "expanded": "" + }, + { + "value": "legit", + "expanded": "" + }, + { + "value": "legit-uncertain", + "expanded": "" + }, + { + "value": "malicious", + "expanded": "" + }, + { + "value": "malicious-uncertain", + "expanded": "" + }, + { + "value": "invalid", + "expanded": "" + }, + { + "value": "irrelevant", + "expanded": "" + }, + { + "value": "undetermined", + "expanded": "" + }, + { + "value": "fast-track", + "expanded": "this intelligence piece was not vetted but passed through for operational reasons" + } + ] + }, + { + "predicate": "score", + "entry": [ + { + "value": "0", + "expanded": "" + }, + { + "value": "1", + "expanded": "" + }, + { + "value": "2", + "expanded": "" + }, + { + "value": "3", + "expanded": "" + }, + { + "value": "4", + "expanded": "" + }, + { + "value": "5", + "expanded": "" + }, + { + "value": "6", + "expanded": "" + }, + { + "value": "7", + "expanded": "" + }, + { + "value": "8", + "expanded": "" + }, + { + "value": "9", + "expanded": "" + }, + { + "value": "10", + "expanded": "" + }, + { + "value": "11", + "expanded": "" + }, + { + "value": "12", + "expanded": "" + }, + { + "value": "13", + "expanded": "" + }, + { + "value": "14", + "expanded": "" + }, + { + "value": "15", + "expanded": "" + }, + { + "value": "16", + "expanded": "" + }, + { + "value": "17", + "expanded": "" + }, + { + "value": "18", + "expanded": "" + }, + { + "value": "19", + "expanded": "" + }, + { + "value": "20", + "expanded": "" + }, + { + "value": "21", + "expanded": "" + }, + { + "value": "22", + "expanded": "" + }, + { + "value": "23", + "expanded": "" + }, + { + "value": "24", + "expanded": "" + }, + { + "value": "25", + "expanded": "" + }, + { + "value": "26", + "expanded": "" + }, + { + "value": "27", + "expanded": "" + }, + { + "value": "28", + "expanded": "" + }, + { + "value": "29", + "expanded": "" + }, + { + "value": "30", + "expanded": "" + }, + { + "value": "31", + "expanded": "" + }, + { + "value": "32", + "expanded": "" + }, + { + "value": "33", + "expanded": "" + }, + { + "value": "34", + "expanded": "" + }, + { + "value": "35", + "expanded": "" + }, + { + "value": "36", + "expanded": "" + }, + { + "value": "37", + "expanded": "" + }, + { + "value": "38", + "expanded": "" + }, + { + "value": "39", + "expanded": "" + }, + { + "value": "40", + "expanded": "" + }, + { + "value": "41", + "expanded": "" + }, + { + "value": "42", + "expanded": "" + }, + { + "value": "43", + "expanded": "" + }, + { + "value": "44", + "expanded": "" + }, + { + "value": "45", + "expanded": "" + }, + { + "value": "46", + "expanded": "" + }, + { + "value": "47", + "expanded": "" + }, + { + "value": "48", + "expanded": "" + }, + { + "value": "49", + "expanded": "" + }, + { + "value": "50", + "expanded": "" + }, + { + "value": "51", + "expanded": "" + }, + { + "value": "52", + "expanded": "" + }, + { + "value": "53", + "expanded": "" + }, + { + "value": "54", + "expanded": "" + }, + { + "value": "55", + "expanded": "" + }, + { + "value": "56", + "expanded": "" + }, + { + "value": "57", + "expanded": "" + }, + { + "value": "58", + "expanded": "" + }, + { + "value": "59", + "expanded": "" + }, + { + "value": "60", + "expanded": "" + }, + { + "value": "61", + "expanded": "" + }, + { + "value": "62", + "expanded": "" + }, + { + "value": "63", + "expanded": "" + }, + { + "value": "64", + "expanded": "" + }, + { + "value": "65", + "expanded": "" + }, + { + "value": "66", + "expanded": "" + }, + { + "value": "67", + "expanded": "" + }, + { + "value": "68", + "expanded": "" + }, + { + "value": "69", + "expanded": "" + }, + { + "value": "70", + "expanded": "" + }, + { + "value": "71", + "expanded": "" + }, + { + "value": "72", + "expanded": "" + }, + { + "value": "73", + "expanded": "" + }, + { + "value": "74", + "expanded": "" + }, + { + "value": "75", + "expanded": "" + }, + { + "value": "76", + "expanded": "" + }, + { + "value": "77", + "expanded": "" + }, + { + "value": "78", + "expanded": "" + }, + { + "value": "79", + "expanded": "" + }, + { + "value": "80", + "expanded": "" + }, + { + "value": "81", + "expanded": "" + }, + { + "value": "82", + "expanded": "" + }, + { + "value": "83", + "expanded": "" + }, + { + "value": "84", + "expanded": "" + }, + { + "value": "85", + "expanded": "" + }, + { + "value": "86", + "expanded": "" + }, + { + "value": "87", + "expanded": "" + }, + { + "value": "88", + "expanded": "" + }, + { + "value": "89", + "expanded": "" + }, + { + "value": "90", + "expanded": "" + }, + { + "value": "91", + "expanded": "" + }, + { + "value": "92", + "expanded": "" + }, + { + "value": "93", + "expanded": "" + }, + { + "value": "94", + "expanded": "" + }, + { + "value": "95", + "expanded": "" + }, + { + "value": "96", + "expanded": "" + }, + { + "value": "97", + "expanded": "" + }, + { + "value": "98", + "expanded": "" + }, + { + "value": "99", + "expanded": "" + }, + { + "value": "100", + "expanded": "" + } + ] + } + ] +} \ No newline at end of file From 80516d7f1b33a60e1f203a68b280ec0b07e6556a Mon Sep 17 00:00:00 2001 From: RaphaelOtto Date: Tue, 7 Aug 2018 10:28:23 +0200 Subject: [PATCH 2/3] Update machinetag.json Added description for all fields --- ifx-vetting/machinetag.json | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/ifx-vetting/machinetag.json b/ifx-vetting/machinetag.json index 3c4e925..a7ccdec 100644 --- a/ifx-vetting/machinetag.json +++ b/ifx-vetting/machinetag.json @@ -9,7 +9,7 @@ }, { "value": "score", - "expanded": "" + "expanded": "A numerical score added by a scoring algorithm of choice. The score can either be considered by an analyst or in combination with other tags be used for automatic processing of the data." } ], "values": [ @@ -18,39 +18,39 @@ "entry": [ { "value": "legit-but-compromised", - "expanded": "" + "expanded": "The attribute/event describes something that is legitly used, but seems to be compromised by 3rd parties to be used for malicious activities. Consider this if blocking is your course of action." }, { "value": "legit", - "expanded": "" + "expanded": "The attribute/event describes something legitly used, that does not show signes of compromise or misuse." }, { "value": "legit-uncertain", - "expanded": "" + "expanded": "The attribute/event describes something where it is not 100% clear if it is used only legitly." }, { "value": "malicious", - "expanded": "" + "expanded": "The attribute/event describes something that is definitly used maliciously." }, { "value": "malicious-uncertain", - "expanded": "" + "expanded": "The attribute/event describes something that seems to be used maliciously, but there is no 100% proof." }, { "value": "invalid", - "expanded": "" + "expanded": "The attribute/event is invalid or wrong in respect to the situation described by the event." }, { "value": "irrelevant", - "expanded": "" + "expanded": "The attribute/event is irrelevant to your organization or CTI process." }, { "value": "undetermined", - "expanded": "" + "expanded": "The nature of the attribute/event cannot be further determined. Use this only as a last resort." }, { "value": "fast-track", - "expanded": "this intelligence piece was not vetted but passed through for operational reasons" + "expanded": "The attribute/event was not vetted but passed through for operational reasons. A result might be higher false-positive rates." } ] }, @@ -464,4 +464,4 @@ ] } ] -} \ No newline at end of file +} From f39722d80b39eb38aa32fa3a7fd39afdd6f12b0d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 7 Aug 2018 14:45:02 +0200 Subject: [PATCH 3/3] chg: jq all the things(tm) --- ifx-vetting/machinetag.json | 918 ++++++++++++++++++------------------ 1 file changed, 459 insertions(+), 459 deletions(-) diff --git a/ifx-vetting/machinetag.json b/ifx-vetting/machinetag.json index a7ccdec..cedec10 100644 --- a/ifx-vetting/machinetag.json +++ b/ifx-vetting/machinetag.json @@ -1,467 +1,467 @@ { - "namespace": "IFX", - "description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process", - "version": 1, - "predicates": [ + "namespace": "IFX", + "description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process", + "version": 1, + "predicates": [ + { + "value": "vetted", + "expanded": "state of the vetted intelligence" + }, + { + "value": "score", + "expanded": "A numerical score added by a scoring algorithm of choice. The score can either be considered by an analyst or in combination with other tags be used for automatic processing of the data." + } + ], + "values": [ + { + "predicate": "vetted", + "entry": [ { - "value": "vetted", - "expanded": "state of the vetted intelligence" + "value": "legit-but-compromised", + "expanded": "The attribute/event describes something that is legitly used, but seems to be compromised by 3rd parties to be used for malicious activities. Consider this if blocking is your course of action." }, { - "value": "score", - "expanded": "A numerical score added by a scoring algorithm of choice. The score can either be considered by an analyst or in combination with other tags be used for automatic processing of the data." - } - ], - "values": [ - { - "predicate": "vetted", - "entry": [ - { - "value": "legit-but-compromised", - "expanded": "The attribute/event describes something that is legitly used, but seems to be compromised by 3rd parties to be used for malicious activities. Consider this if blocking is your course of action." - }, - { - "value": "legit", - "expanded": "The attribute/event describes something legitly used, that does not show signes of compromise or misuse." - }, - { - "value": "legit-uncertain", - "expanded": "The attribute/event describes something where it is not 100% clear if it is used only legitly." - }, - { - "value": "malicious", - "expanded": "The attribute/event describes something that is definitly used maliciously." - }, - { - "value": "malicious-uncertain", - "expanded": "The attribute/event describes something that seems to be used maliciously, but there is no 100% proof." - }, - { - "value": "invalid", - "expanded": "The attribute/event is invalid or wrong in respect to the situation described by the event." - }, - { - "value": "irrelevant", - "expanded": "The attribute/event is irrelevant to your organization or CTI process." - }, - { - "value": "undetermined", - "expanded": "The nature of the attribute/event cannot be further determined. Use this only as a last resort." - }, - { - "value": "fast-track", - "expanded": "The attribute/event was not vetted but passed through for operational reasons. A result might be higher false-positive rates." - } - ] + "value": "legit", + "expanded": "The attribute/event describes something legitly used, that does not show signes of compromise or misuse." }, { - "predicate": "score", - "entry": [ - { - "value": "0", - "expanded": "" - }, - { - "value": "1", - "expanded": "" - }, - { - "value": "2", - "expanded": "" - }, - { - "value": "3", - "expanded": "" - }, - { - "value": "4", - "expanded": "" - }, - { - "value": "5", - "expanded": "" - }, - { - "value": "6", - "expanded": "" - }, - { - "value": "7", - "expanded": "" - }, - { - "value": "8", - "expanded": "" - }, - { - "value": "9", - "expanded": "" - }, - { - "value": "10", - "expanded": "" - }, - { - "value": "11", - "expanded": "" - }, - { - "value": "12", - "expanded": "" - }, - { - "value": "13", - "expanded": "" - }, - { - "value": "14", - "expanded": "" - }, - { - "value": "15", - "expanded": "" - }, - { - "value": "16", - "expanded": "" - }, - { - "value": "17", - "expanded": "" - }, - { - "value": "18", - "expanded": "" - }, - { - "value": "19", - "expanded": "" - }, - { - "value": "20", - "expanded": "" - }, - { - "value": "21", - "expanded": "" - }, - { - "value": "22", - "expanded": "" - }, - { - "value": "23", - "expanded": "" - }, - { - "value": "24", - "expanded": "" - }, - { - "value": "25", - "expanded": "" - }, - { - "value": "26", - "expanded": "" - }, - { - "value": "27", - "expanded": "" - }, - { - "value": "28", - "expanded": "" - }, - { - "value": "29", - "expanded": "" - }, - { - "value": "30", - "expanded": "" - }, - { - "value": "31", - "expanded": "" - }, - { - "value": "32", - "expanded": "" - }, - { - "value": "33", - "expanded": "" - }, - { - "value": "34", - "expanded": "" - }, - { - "value": "35", - "expanded": "" - }, - { - "value": "36", - "expanded": "" - }, - { - "value": "37", - "expanded": "" - }, - { - "value": "38", - "expanded": "" - }, - { - "value": "39", - "expanded": "" - }, - { - "value": "40", - "expanded": "" - }, - { - "value": "41", - "expanded": "" - }, - { - "value": "42", - "expanded": "" - }, - { - "value": "43", - "expanded": "" - }, - { - "value": "44", - "expanded": "" - }, - { - "value": "45", - "expanded": "" - }, - { - "value": "46", - "expanded": "" - }, - { - "value": "47", - "expanded": "" - }, - { - "value": "48", - "expanded": "" - }, - { - "value": "49", - "expanded": "" - }, - { - "value": "50", - "expanded": "" - }, - { - "value": "51", - "expanded": "" - }, - { - "value": "52", - "expanded": "" - }, - { - "value": "53", - "expanded": "" - }, - { - "value": "54", - "expanded": "" - }, - { - "value": "55", - "expanded": "" - }, - { - "value": "56", - "expanded": "" - }, - { - "value": "57", - "expanded": "" - }, - { - "value": "58", - "expanded": "" - }, - { - "value": "59", - "expanded": "" - }, - { - "value": "60", - "expanded": "" - }, - { - "value": "61", - "expanded": "" - }, - { - "value": "62", - "expanded": "" - }, - { - "value": "63", - "expanded": "" - }, - { - "value": "64", - "expanded": "" - }, - { - "value": "65", - "expanded": "" - }, - { - "value": "66", - "expanded": "" - }, - { - "value": "67", - "expanded": "" - }, - { - "value": "68", - "expanded": "" - }, - { - "value": "69", - "expanded": "" - }, - { - "value": "70", - "expanded": "" - }, - { - "value": "71", - "expanded": "" - }, - { - "value": "72", - "expanded": "" - }, - { - "value": "73", - "expanded": "" - }, - { - "value": "74", - "expanded": "" - }, - { - "value": "75", - "expanded": "" - }, - { - "value": "76", - "expanded": "" - }, - { - "value": "77", - "expanded": "" - }, - { - "value": "78", - "expanded": "" - }, - { - "value": "79", - "expanded": "" - }, - { - "value": "80", - "expanded": "" - }, - { - "value": "81", - "expanded": "" - }, - { - "value": "82", - "expanded": "" - }, - { - "value": "83", - "expanded": "" - }, - { - "value": "84", - "expanded": "" - }, - { - "value": "85", - "expanded": "" - }, - { - "value": "86", - "expanded": "" - }, - { - "value": "87", - "expanded": "" - }, - { - "value": "88", - "expanded": "" - }, - { - "value": "89", - "expanded": "" - }, - { - "value": "90", - "expanded": "" - }, - { - "value": "91", - "expanded": "" - }, - { - "value": "92", - "expanded": "" - }, - { - "value": "93", - "expanded": "" - }, - { - "value": "94", - "expanded": "" - }, - { - "value": "95", - "expanded": "" - }, - { - "value": "96", - "expanded": "" - }, - { - "value": "97", - "expanded": "" - }, - { - "value": "98", - "expanded": "" - }, - { - "value": "99", - "expanded": "" - }, - { - "value": "100", - "expanded": "" - } - ] + "value": "legit-uncertain", + "expanded": "The attribute/event describes something where it is not 100% clear if it is used only legitly." + }, + { + "value": "malicious", + "expanded": "The attribute/event describes something that is definitly used maliciously." + }, + { + "value": "malicious-uncertain", + "expanded": "The attribute/event describes something that seems to be used maliciously, but there is no 100% proof." + }, + { + "value": "invalid", + "expanded": "The attribute/event is invalid or wrong in respect to the situation described by the event." + }, + { + "value": "irrelevant", + "expanded": "The attribute/event is irrelevant to your organization or CTI process." + }, + { + "value": "undetermined", + "expanded": "The nature of the attribute/event cannot be further determined. Use this only as a last resort." + }, + { + "value": "fast-track", + "expanded": "The attribute/event was not vetted but passed through for operational reasons. A result might be higher false-positive rates." } - ] + ] + }, + { + "predicate": "score", + "entry": [ + { + "value": "0", + "expanded": "" + }, + { + "value": "1", + "expanded": "" + }, + { + "value": "2", + "expanded": "" + }, + { + "value": "3", + "expanded": "" + }, + { + "value": "4", + "expanded": "" + }, + { + "value": "5", + "expanded": "" + }, + { + "value": "6", + "expanded": "" + }, + { + "value": "7", + "expanded": "" + }, + { + "value": "8", + "expanded": "" + }, + { + "value": "9", + "expanded": "" + }, + { + "value": "10", + "expanded": "" + }, + { + "value": "11", + "expanded": "" + }, + { + "value": "12", + "expanded": "" + }, + { + "value": "13", + "expanded": "" + }, + { + "value": "14", + "expanded": "" + }, + { + "value": "15", + "expanded": "" + }, + { + "value": "16", + "expanded": "" + }, + { + "value": "17", + "expanded": "" + }, + { + "value": "18", + "expanded": "" + }, + { + "value": "19", + "expanded": "" + }, + { + "value": "20", + "expanded": "" + }, + { + "value": "21", + "expanded": "" + }, + { + "value": "22", + "expanded": "" + }, + { + "value": "23", + "expanded": "" + }, + { + "value": "24", + "expanded": "" + }, + { + "value": "25", + "expanded": "" + }, + { + "value": "26", + "expanded": "" + }, + { + "value": "27", + "expanded": "" + }, + { + "value": "28", + "expanded": "" + }, + { + "value": "29", + "expanded": "" + }, + { + "value": "30", + "expanded": "" + }, + { + "value": "31", + "expanded": "" + }, + { + "value": "32", + "expanded": "" + }, + { + "value": "33", + "expanded": "" + }, + { + "value": "34", + "expanded": "" + }, + { + "value": "35", + "expanded": "" + }, + { + "value": "36", + "expanded": "" + }, + { + "value": "37", + "expanded": "" + }, + { + "value": "38", + "expanded": "" + }, + { + "value": "39", + "expanded": "" + }, + { + "value": "40", + "expanded": "" + }, + { + "value": "41", + "expanded": "" + }, + { + "value": "42", + "expanded": "" + }, + { + "value": "43", + "expanded": "" + }, + { + "value": "44", + "expanded": "" + }, + { + "value": "45", + "expanded": "" + }, + { + "value": "46", + "expanded": "" + }, + { + "value": "47", + "expanded": "" + }, + { + "value": "48", + "expanded": "" + }, + { + "value": "49", + "expanded": "" + }, + { + "value": "50", + "expanded": "" + }, + { + "value": "51", + "expanded": "" + }, + { + "value": "52", + "expanded": "" + }, + { + "value": "53", + "expanded": "" + }, + { + "value": "54", + "expanded": "" + }, + { + "value": "55", + "expanded": "" + }, + { + "value": "56", + "expanded": "" + }, + { + "value": "57", + "expanded": "" + }, + { + "value": "58", + "expanded": "" + }, + { + "value": "59", + "expanded": "" + }, + { + "value": "60", + "expanded": "" + }, + { + "value": "61", + "expanded": "" + }, + { + "value": "62", + "expanded": "" + }, + { + "value": "63", + "expanded": "" + }, + { + "value": "64", + "expanded": "" + }, + { + "value": "65", + "expanded": "" + }, + { + "value": "66", + "expanded": "" + }, + { + "value": "67", + "expanded": "" + }, + { + "value": "68", + "expanded": "" + }, + { + "value": "69", + "expanded": "" + }, + { + "value": "70", + "expanded": "" + }, + { + "value": "71", + "expanded": "" + }, + { + "value": "72", + "expanded": "" + }, + { + "value": "73", + "expanded": "" + }, + { + "value": "74", + "expanded": "" + }, + { + "value": "75", + "expanded": "" + }, + { + "value": "76", + "expanded": "" + }, + { + "value": "77", + "expanded": "" + }, + { + "value": "78", + "expanded": "" + }, + { + "value": "79", + "expanded": "" + }, + { + "value": "80", + "expanded": "" + }, + { + "value": "81", + "expanded": "" + }, + { + "value": "82", + "expanded": "" + }, + { + "value": "83", + "expanded": "" + }, + { + "value": "84", + "expanded": "" + }, + { + "value": "85", + "expanded": "" + }, + { + "value": "86", + "expanded": "" + }, + { + "value": "87", + "expanded": "" + }, + { + "value": "88", + "expanded": "" + }, + { + "value": "89", + "expanded": "" + }, + { + "value": "90", + "expanded": "" + }, + { + "value": "91", + "expanded": "" + }, + { + "value": "92", + "expanded": "" + }, + { + "value": "93", + "expanded": "" + }, + { + "value": "94", + "expanded": "" + }, + { + "value": "95", + "expanded": "" + }, + { + "value": "96", + "expanded": "" + }, + { + "value": "97", + "expanded": "" + }, + { + "value": "98", + "expanded": "" + }, + { + "value": "99", + "expanded": "" + }, + { + "value": "100", + "expanded": "" + } + ] + } + ] }