MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [doc] index updated

pull/254/head
Alexandre Dulaunoy 2022-09-18 11:26:33 +02:00
parent eb6e250b8c
commit f771941734
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 58 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
MANIFEST.json
View File

@ -316,7 +316,7 @@
{
"description": "Financial taxonomy to describe financial services, infrastructure and financial scope.",
"name": "financial",
"version": 1
"version": 3
},
{
"description": "Flesch Reading Ease is a revised system for determining the comprehension difficulty of written material. The scoring of the flesh score can have a maximum of 121.22 and there is no limit on how low a score can be (negative score are valid).",

64
README.md
View File

@ -27,6 +27,11 @@ DFRLab Dichotomies of Disinformation. [Overview](https://www.misp-project.org/ta
[DML](https://github.com/MISP/misp-taxonomies/tree/main/DML) :
The Detection Maturity Level (DML) model is a capability maturity model for referencing ones maturity in detecting cyber attacks. It's designed for organizations who perform intel-driven detection and response and who put an emphasis on having a mature detection program. [Overview](https://www.misp-project.org/taxonomies.html#_dml)
### GrayZone
[GrayZone](https://github.com/MISP/misp-taxonomies/tree/main/GrayZone) :
Gray Zone of Active defense includes all elements which lay between reactive defense elements and offensive operations. It does fill the gray spot between them. Taxo may be used for active defense planning or modeling. [Overview](https://www.misp-project.org/taxonomies.html#_grayzone)
### PAP
[PAP](https://github.com/MISP/misp-taxonomies/tree/main/PAP) :
@ -72,6 +77,11 @@ A series of assessment predicates describing the analyst capabilities to perform
[approved-category-of-action](https://github.com/MISP/misp-taxonomies/tree/main/approved-category-of-action) :
A pre-approved category of action for indicators being shared with partners (MIMIC). [Overview](https://www.misp-project.org/taxonomies.html#_approved_category_of_action)
### artificial-satellites
[artificial-satellites](https://github.com/MISP/misp-taxonomies/tree/main/artificial-satellites) :
This taxonomy was designed to describe artificial satellites [Overview](https://www.misp-project.org/taxonomies.html#_artificial_satellites)
### binary-class
[binary-class](https://github.com/MISP/misp-taxonomies/tree/main/binary-class) :
@ -87,6 +97,11 @@ Internal taxonomy for CCCS. [Overview](https://www.misp-project.org/taxonomies.h
[circl](https://github.com/MISP/misp-taxonomies/tree/main/circl) :
CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection [Overview](https://www.misp-project.org/taxonomies.html#_circl)
### cnsd
[cnsd](https://github.com/MISP/misp-taxonomies/tree/main/cnsd) :
La presente taxonomia es la primera versión disponible para el Centro Nacional de Seguridad Digital del Perú. [Overview](https://www.misp-project.org/taxonomies.html#_cnsd)
### coa
[coa](https://github.com/MISP/misp-taxonomies/tree/main/coa) :
@ -182,11 +197,21 @@ Distributed Denial of Service - or short: DDoS - taxonomy supports the descripti
[de-vs](https://github.com/MISP/misp-taxonomies/tree/main/de-vs) :
German (DE) Government classification markings (VS). [Overview](https://www.misp-project.org/taxonomies.html#_de_vs)
### death-possibilities
[death-possibilities](https://github.com/MISP/misp-taxonomies/tree/main/death-possibilities) :
Taxonomy of Death Possibilities [Overview](https://www.misp-project.org/taxonomies.html#_death_possibilities)
### deception
[deception](https://github.com/MISP/misp-taxonomies/tree/main/deception) :
Deception is an important component of information operations, valuable for both offense and defense. [Overview](https://www.misp-project.org/taxonomies.html#_deception)
### dga
[dga](https://github.com/MISP/misp-taxonomies/tree/main/dga) :
A taxonomy to describe domain-generation algorithms often called DGA. Ref: A Comprehensive Measurement Study of Domain Generating Malware Daniel Plohmann and others. [Overview](https://www.misp-project.org/taxonomies.html#_dga)
### dhs-ciip-sectors
[dhs-ciip-sectors](https://github.com/MISP/misp-taxonomies/tree/main/dhs-ciip-sectors) :
@ -197,6 +222,11 @@ DHS critical sectors as in https://www.dhs.gov/critical-infrastructure-sectors [
[diamond-model](https://github.com/MISP/misp-taxonomies/tree/main/diamond-model) :
The Diamond Model for Intrusion Analysis establishes the basic atomic element of any intrusion activity, the event, composed of four core features: adversary, infrastructure, capability, and victim. [Overview](https://www.misp-project.org/taxonomies.html#_diamond_model)
### diamond-model-for-influence-operations
[diamond-model-for-influence-operations](https://github.com/MISP/misp-taxonomies/tree/main/diamond-model-for-influence-operations) :
The diamond model for influence operations analysis is a framework that leads analysts and researchers toward a comprehensive understanding of a malign influence campaign by addressing the socio-political, technical, and psychological aspects of the campaign. The diamond model for influence operations analysis consists of 5 components: 4 corners and a core element. The 4 corners are divided into 2 axes: influencer and audience on the socio-political axis, capabilities and infrastructure on the technical axis. Narrative makes up the core of the diamond. [Overview](https://www.misp-project.org/taxonomies.html#_diamond_model_for_influence_operations)
### dni-ism
[dni-ism](https://github.com/MISP/misp-taxonomies/tree/main/dni-ism) :
@ -275,7 +305,7 @@ Exercise is a taxonomy to describe if the information is part of one or more cyb
### extended-event
[extended-event](https://github.com/MISP/misp-taxonomies/tree/main/extended-event) :
Reasons why an event has been extended. [Overview](https://www.misp-project.org/taxonomies.html#_extended_event)
Reasons why an event has been extended. This taxonomy must be used on the extended event. The competitive analysis aspect is from Psychology of Intelligence Analysis by Richard J. Heuer, Jr. ref:http://www.foo.be/docs/intelligence/PsychofIntelNew.pdf [Overview](https://www.misp-project.org/taxonomies.html#_extended_event)
### failure-mode-in-machine-learning
@ -292,6 +322,11 @@ This taxonomy aims to ballpark the expected amount of false positives. [Overview
[file-type](https://github.com/MISP/misp-taxonomies/tree/main/file-type) :
List of known file types. [Overview](https://www.misp-project.org/taxonomies.html#_file_type)
### financial
[financial](https://github.com/MISP/misp-taxonomies/tree/main/financial) :
Financial taxonomy to describe financial services, infrastructure and financial scope. [Overview](https://www.misp-project.org/taxonomies.html#_financial)
### flesch-reading-ease
[flesch-reading-ease](https://github.com/MISP/misp-taxonomies/tree/main/flesch-reading-ease) :
@ -497,6 +532,11 @@ NATO classification markings. [Overview](https://www.misp-project.org/taxonomies
[nis](https://github.com/MISP/misp-taxonomies/tree/main/nis) :
The taxonomy is meant for large scale cybersecurity incidents, as mentioned in the Commission Recommendation of 13 September 2017, also known as the blueprint. It has two core parts: The nature of the incident, i.e. the underlying cause, that triggered the incident, and the impact of the incident, i.e. the impact on services, in which sector(s) of economy and society. [Overview](https://www.misp-project.org/taxonomies.html#_nis)
### nis2
[nis2](https://github.com/MISP/misp-taxonomies/tree/main/nis2) :
The taxonomy is meant for large scale cybersecurity incidents, as mentioned in the Commission Recommendation of 13 May 2022, also known as the provisional agreement. It has two core parts: The nature of the incident, i.e. the underlying cause, that triggered the incident, and the impact of the incident, i.e. the impact on services, in which sector(s) of economy and society. [Overview](https://www.misp-project.org/taxonomies.html#_nis2)
### open_threat
[open_threat](https://github.com/MISP/misp-taxonomies/tree/main/open_threat) :
@ -527,6 +567,11 @@ Penetration test (pentest) classification. [Overview](https://www.misp-project.o
[phishing](https://github.com/MISP/misp-taxonomies/tree/main/phishing) :
Taxonomy to classify phishing attacks including techniques, collection mechanisms and analysis status. [Overview](https://www.misp-project.org/taxonomies.html#_phishing)
### poison-taxonomy
[poison-taxonomy](https://github.com/MISP/misp-taxonomies/tree/main/poison-taxonomy) :
Non-exhaustive taxonomy of natural poison [Overview](https://www.misp-project.org/taxonomies.html#_poison_taxonomy)
### political-spectrum
[political-spectrum](https://github.com/MISP/misp-taxonomies/tree/main/political-spectrum) :
@ -537,11 +582,21 @@ A political spectrum is a system to characterize and classify different politica
[priority-level](https://github.com/MISP/misp-taxonomies/tree/main/priority-level) :
After an incident is scored, it is assigned a priority level. The six levels listed below are aligned with NCCIC, DHS, and the CISS to help provide a common lexicon when discussing incidents. This priority assignment drives NCCIC urgency, pre-approved incident response offerings, reporting requirements, and recommendations for leadership escalation. Generally, incident priority distribution should follow a similar pattern to the graph below. Based on https://www.us-cert.gov/NCCIC-Cyber-Incident-Scoring-System. [Overview](https://www.misp-project.org/taxonomies.html#_priority_level)
### pyoti
[pyoti](https://github.com/MISP/misp-taxonomies/tree/main/pyoti) :
PyOTI automated enrichment schemes for point in time classification of indicators. [Overview](https://www.misp-project.org/taxonomies.html#_pyoti)
### ransomware
[ransomware](https://github.com/MISP/misp-taxonomies/tree/main/ransomware) :
Ransomware is used to define ransomware types and the elements that compose them. [Overview](https://www.misp-project.org/taxonomies.html#_ransomware)
### ransomware-roles
[ransomware-roles](https://github.com/MISP/misp-taxonomies/tree/main/ransomware-roles) :
The seven roles seen in most ransomware incidents. [Overview](https://www.misp-project.org/taxonomies.html#_ransomware_roles)
### retention
[retention](https://github.com/MISP/misp-taxonomies/tree/main/retention) :
@ -625,7 +680,7 @@ An overview of some of the known attacks related to DNS as described by Torabi,
### tlp
[tlp](https://github.com/MISP/misp-taxonomies/tree/main/tlp) :
The Traffic Light Protocol - or short: TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time. [Overview](https://www.misp-project.org/taxonomies.html#_tlp)
The Traffic Light Protocol (TLP) (v2.0) was created to facilitate greater sharing of potentially sensitive information and more effective collaboration. Information sharing happens from an information source, towards one or more recipients. TLP is a set of four standard labels (a fifth label is included in amber to limit the diffusion) used to indicate the sharing boundaries to be applied by the recipients. Only labels listed in this standard are considered valid by FIRST. This taxonomy includes additional labels for backward compatibility which are no more validated by FIRST SIG. [Overview](https://www.misp-project.org/taxonomies.html#_tlp)
### tor
@ -672,11 +727,6 @@ Ce vocabulaire attribue des valeurs en pourcentage à certains énoncés de prob
[workflow](https://github.com/MISP/misp-taxonomies/tree/main/workflow) :
Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information. [Overview](https://www.misp-project.org/taxonomies.html#_workflow)
### workflow
[workflow](https://github.com/MISP/misp-taxonomies/tree/main/workflow) :
Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information. [Overview](https://www.misp-project.org/taxonomies.html#_workflow)
# Reserved Taxonomy
The following taxonomy namespaces are reserved and used internally to MISP.