MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [workflow] updated to the new OSINT acquisition process

pull/176/head
Alexandre Dulaunoy 2019-07-18 10:49:48 +02:00
parent 78847bb522
commit fb574ff35b
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
workflow/machinetag.json
View File

@ -2,7 +2,7 @@
"namespace": "workflow",
"expanded": "workflow to support analysis",
"description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.",
"version": 8,
"version": 9,
"predicates": [
{
"value": "todo",
@ -55,10 +55,18 @@
"value": "create-missing-misp-galaxy-cluster",
"expanded": "Create missing MISP galaxy cluster about the information tagged"
},
{
"value": "create-missing-misp-galaxy-cluster-relationship",
"expanded": "create missing MISP galaxy cluster relationships (e.g. relationships between MISP clusters)"
},
{
"value": "create-missing-misp-galaxy",
"expanded": "Create missing MISP galaxy at large about the information tagged (e.g. a new category of malware or activity)"
},
{
"value": "create-missing-relationship",
"exapanded": "Create missing relationship about the information tagged (e.g. create new relationship between MISP objects)"
},
{
"value": "add-context",
"expanded": "Add contextual information about the information tagged"
@ -90,6 +98,14 @@
{
"value": "additional-task",
"expanded": "Used to point an additional task that can not be describe by the rest of the taxonomy and need to be done"
},
{
"value": "create-event",
"expanded": "A new MISP event need to be created from the tag reference"
},
{
"value": "preserve-evidence",
"expanded": "Preseve evidence mentioned in the information tagged"
}
]
},
@ -107,6 +123,10 @@
{
"value": "draft",
"expanded": "Draft means the information tagged can be released as a preliminary version or outline"
},
{
"value": "ongoing",
"expanded": "Analyst is currently working on this analysis. To remove when there is no more work to be done by the analyst."
}
]
}