{ "namespace": "cssa", "description": "The CSSA agreed sharing taxonomy.", "version": 6, "predicates": [ { "value": "sharing-class", "expanded": "Sharing Class" }, { "value": "origin", "expanded": "Origin" }, { "value": "report", "expanded": "Report" }, { "value": "analyse", "expanded": "Please analyse sample", "colour": "#fab74d" } ], "values": [ { "predicate": "sharing-class", "entry": [ { "value": "high_profile", "expanded": "Generated within the company during incident/case related investigations or forensic analysis or via malware reversing, validated by humans and highly contextualized.", "colour": "#007695", "numerical_value": 95 }, { "value": "vetted", "expanded": "Generated within the company, validated by a human prior to sharing, data points have been contextualized (to a degree) e.g. IPs are related to C2 or drop site.", "colour": "#008aaf", "numerical_value": 50 }, { "value": "unvetted", "expanded": "Generated within the company by automated means without human interaction e.g., by malware sandbox, honeypots, IDS, etc.", "colour": "#00b3e2", "numerical_value": 10 } ] }, { "predicate": "report", "entry": [ { "value": "details", "expanded": "Description of the incidence.", "colour": "#fbc166" }, { "value": "link", "expanded": "Link to the original report location.", "colour": "#fbcb7f" }, { "value": "attached", "expanded": "Attached report.", "colour": "#fcd597" } ] }, { "predicate": "origin", "entry": [ { "value": "manual_investigation", "expanded": "Information gathered by an analyst/incident responder/forensic expert/etc.", "colour": "#29775d" }, { "value": "honeypot", "expanded": "Information coming out of honeypots.", "colour": "#2f8a6c" }, { "value": "sandbox", "expanded": "Information coming out of sandboxes.", "colour": "#369d7b" }, { "value": "email", "expanded": "Information coming out of email infrastructure.", "colour": "#3db08a" }, { "value": "3rd-party", "expanded": "Information from outside the company.", "colour": "#46c098" }, { "value": "report", "expanded": "Information coming from a report.", "colour": "#22644e" }, { "value": "other", "expanded": "If none of the other origins applies.", "colour": "#59c6a2" }, { "value": "unknown", "expanded": "Origin of the data unknown.", "colour": "#6ccdad" } ] } ] }