{ "values": [ { "entry": [ { "expanded": "tag to hide from the user-interface.", "value": "hide" } ], "predicate": "ui" }, { "entry": [ { "expanded": "tag to hide from the API.", "value": "hide" } ], "predicate": "api" }, { "entry": [ { "expanded": "block", "value": "block" } ], "predicate": "expansion" }, { "predicate": "contributor", "entry": [ { "expanded": "OpenPGP Fingerprint", "value": "pgpfingerprint" } ] }, { "predicate": "confidence-level", "entry": [ { "expanded": "Completely confident", "value": "completely-confident", "numerical_value": 100 }, { "expanded": "Usually confident", "value": "usually-confident", "numerical_value": 75 }, { "expanded": "Fairly confident", "value": "fairly-confident", "numerical_value": 50 }, { "expanded": "Rarely confident", "value": "rarely-confident", "numerical_value": 25 }, { "expanded": "Unconfident", "value": "unconfident", "numerical_value": 0 }, { "expanded": "Confidence cannot be evaluated", "value": "confidence-cannot-be-evalued", "numerical_value": 50 } ] }, { "predicate": "threat-level", "entry": [ { "expanded": "No risk", "value": "no-risk", "numerical_value": 0, "description": "Harmless information. (CEUS threat level)" }, { "expanded": "Low risk", "value": "low-risk", "numerical_value": 25, "description": "Low risk which can include mass-malware. (CEUS threat level)" }, { "expanded": "Medium risk", "value": "medium-risk", "numerical_value": 50, "description": "Medium risk which can include targeted attacks (e.g. APT). (CEUS threat level)" }, { "expanded": "High risk", "value": "high-risk", "numerical_value": 100, "description": "High risk which can include highly sophisticated attacks or 0-day attack. (CEUS threat level)" } ] }, { "predicate": "automation-level", "entry": [ { "expanded": "Generated automatically without human verification", "value": "unsupervised", "numerical_value": 0 }, { "expanded": "Generated automatically but verified by a human", "value": "reviewed", "numerical_value": 50 }, { "expanded": "Output of human analysis", "value": "manual", "numerical_value": 100 } ] }, { "predicate": "tool", "entry": [ { "expanded": "misp2stix", "value": "misp2stix" }, { "expanded": "misp2yara", "value": "misp2yara" } ] }, { "predicate": "misp2yara", "entry": [ { "expanded": "generated", "value": "generated" }, { "expanded": "as-is", "value": "as-is" }, { "expanded": "valid", "value": "valid" }, { "expanded": "invalid", "value": "invalid" } ] }, { "predicate": "ids", "entry": [ { "expanded": "force", "value": "force", "description": "Force the IDS flag to be the one from the tag." }, { "expanded": "true", "value": "true", "description": "Overwrite the current IDS flag of the information tag by IDS true." }, { "expanded": "false", "value": "false", "description": "Overwrite the current IDS flag of the information tag by IDS false." } ] } ], "predicates": [ { "expanded": "User-interface tag influencing the MISP behavior and visual interaction.", "value": "ui" }, { "expanded": "API related tag influencing the MISP behavior of the API.", "value": "api" }, { "expanded": "IDS related tag unfluencing the MISP behavior of the IDS flag.", "value": "ids" }, { "description": "Expansion tag incluencing the MISP behavior using expansion modules", "expanded": "Expansion", "value": "expansion" }, { "expanded": "Information related to the contributor.", "value": "contributor" }, { "expanded": "Confidence level", "value": "confidence-level", "exclusive": true }, { "expanded": "Cyberthreat Effect Universal Scale - MISP's internal threat level taxonomy", "value": "threat-level", "exclusive": true }, { "expanded": "Automation level", "value": "automation-level", "exclusive": true }, { "description": "Event with this tag should not be synced to other MISP instances", "expanded": "Should not sync", "value": "should-not-sync" }, { "description": "Tool associated with the information taggged", "expanded": "Tool", "value": "tool" }, { "expanded": "misp2yara export tool", "value": "misp2yara", "exclusive": true } ], "version": 11, "description": "MISP taxonomy to infer with MISP behavior or operation.", "expanded": "MISP", "namespace": "misp" }