Merge branch 'master' of github.com:MISP/misp-taxonomies
Raphaël Vinot
commit
fcde7e1af8
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
"version": "20170104",
|
||||
"version": "20170129",
|
||||
"license": "CC-0",
|
||||
"description": "Manifest file of MISP taxonomies available.",
|
||||
"url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/master/",
|
||||
|
|
@ -35,6 +35,11 @@
|
|||
"name": "dhs-ciip-sectors",
|
||||
"version": 2
|
||||
},
|
||||
{
|
||||
"description": "The Diamond Model for Intrusion Analysis, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack.",
|
||||
"name": "diamond-model",
|
||||
"version": 1
|
||||
},
|
||||
{
|
||||
"description": "ISM (Information Security Marking Metadata) V13 as described by DNI.gov (Director of National Intelligence - US).",
|
||||
"name": "dni-ism",
|
||||
|
|
@ -133,7 +138,7 @@
|
|||
{
|
||||
"description": "Open Source Intelligence - Classification (MISP taxonomies).",
|
||||
"name": "osint",
|
||||
"version": 4
|
||||
"version": 5
|
||||
},
|
||||
{
|
||||
"description": "The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.",
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ The following taxonomies are described:
|
|||
- [Cyber Kill Chain](./kill-chain) from Lockheed Martin
|
||||
- DE German (DE) [Government classification markings (VS)](./de-vs)
|
||||
- [DHS CIIP Sectors](./dhs-ciip-sectors)
|
||||
- [Diamond Model for Intrusion Analysis](./diamond-model)
|
||||
- [Domain Name Abuse](./domain-abuse)
|
||||
- [eCSIRT](./ecsirt) and IntelMQ incident classification
|
||||
- [ENISA](./enisa) ENISA Threat Taxonomy
|
||||
|
|
@ -64,6 +65,11 @@ Taxonomy for the handling of protectively marked information in MISP with German
|
|||
|
||||
DHS critical sectors as described in https://www.dhs.gov/critical-infrastructure-sectors.
|
||||
|
||||
### [Diamond Model for Intrusion Analysis](./diamond-model)
|
||||
|
||||
The Diamond Model for Intrusion Analysis, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack
|
||||
as described in [http://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf](http://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf).
|
||||
|
||||
### [Domain Name Abuse](./domain-abuse)
|
||||
|
||||
Taxonomy to tag domain names used for cybercrime.
|
||||
|
|
|
|||
|
|
@ -2,14 +2,14 @@
|
|||
"namespace": "kill-chain",
|
||||
"expanded": "Cyber Kill Chain",
|
||||
"description": "The Cyber Kill Chain, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack.",
|
||||
"version": 1,
|
||||
"version": 2,
|
||||
"predicates": [
|
||||
{
|
||||
"value": "Reconnaissance",
|
||||
"expanded": "Research, identification and selection of targets, often represented as crawling Internet websites such as conference proceedings and mailing lists for email addresses, social relationships, or information on specific technologies."
|
||||
},
|
||||
{
|
||||
"value": "Weaponisation",
|
||||
"value": "Weaponization",
|
||||
"expanded": "Coupling a remote access trojan with an exploit into a deliverable payload, typically by means of an automated tool (weaponizer). Increasingly, client application data files such as Adobe Portable Document Format (PDF) or Microsoft Office documents serve as the weaponized deliverable."
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -34,6 +34,10 @@
|
|||
"expanded": "Block or Filter List",
|
||||
"value": "block-or-filter-list"
|
||||
},
|
||||
{
|
||||
"expanded": "Source code repository",
|
||||
"value": "source-code-repository"
|
||||
},
|
||||
{
|
||||
"expanded": "Expansion",
|
||||
"value": "expansion"
|
||||
|
|
@ -106,7 +110,7 @@
|
|||
],
|
||||
"namespace": "osint",
|
||||
"description": "Open Source Intelligence - Classification (MISP taxonomies)",
|
||||
"version": 4,
|
||||
"version": 5,
|
||||
"predicates": [
|
||||
{
|
||||
"value": "source-type",
|
||||
|
|
|
|||
|
|
@ -32,8 +32,12 @@ import argparse
|
|||
import os
|
||||
|
||||
taxonomies = []
|
||||
for folder in os.listdir('../'):
|
||||
if os.path.isfile(os.path.join('../', folder, 'machinetag.json')):
|
||||
|
||||
# Get our current directory from file location
|
||||
thisDir = os.path.dirname(__file__)
|
||||
|
||||
for folder in os.listdir(os.path.join(thisDir, '../')):
|
||||
if os.path.isfile(os.path.join(thisDir, '../', folder, 'machinetag.json')):
|
||||
taxonomies.append(folder)
|
||||
argParser = argparse.ArgumentParser(description='Dump Machine Tags (Triple Tags) from MISP taxonomies', epilog='Available taxonomies are {0}'.format(taxonomies))
|
||||
argParser.add_argument('-e', action='store_true', help='Include expanded tags')
|
||||
|
|
@ -83,7 +87,7 @@ def machineTag(namespace=False, predicate=False, value=None):
|
|||
return (u'{0}:{1}=\"{2}\"'.format(namespace, predicate, value))
|
||||
|
||||
for taxonomy in taxonomies:
|
||||
filename = os.path.join("../", taxonomy, "machinetag.json")
|
||||
filename = os.path.join(thisDir, "../", taxonomy, "machinetag.json")
|
||||
with open(filename) as fp:
|
||||
t = json.load(fp)
|
||||
namespace = t['namespace']
|
||||
|
|
|
|||
Loading…
Reference in New Issue