misp-taxonomies/cycat/machinetag.json

111 lines
3.5 KiB
JSON

{
"namespace": "cycat",
"expanded": " Universal Cybersecurity Resource Catalogue",
"description": "Taxonomy used by CyCAT, the Universal Cybersecurity Resource Catalogue, to categorize the namespaces it supports and uses.",
"version": 1,
"refs": [
"https://www.cycat.org/"
],
"values": [
{
"predicate": "type",
"entry": [
{
"value": "tool",
"expanded": "Tool",
"description": "Open source or proprietary tool used in cybersecurity."
},
{
"value": "playbook",
"expanded": "Playbook",
"description": "Playbook, such as a defined set of rules with one or more actions triggered by different events to respond to, orchestrate or automate cybersecurity related actions."
},
{
"value": "taxonomy",
"expanded": "Taxonomy",
"description": "Cybersecurity taxonomy is a set of labels used to classify (in both terms - arrange in classes or/and design to national classification) cybersecurity related information."
},
{
"value": "ruleset",
"expanded": "Ruleset",
"description": "Set of detection rules used in the cybersecurity field. Rulesets can be in different formats for (N/L)IDS/SIEM (such as Snort, Suricata, Zeek, SIGMA or YARA) or any other tool capable of parsing them."
},
{
"value": "notebook",
"expanded": "Notebook",
"description": "Interactive document to code, experiment, train or visualize cybersecurity-related information. A notebook can be transcribed in a format such as Jupyter Notebooks, Apache Zeppelin, Pluton or Google Colab."
},
{
"value": "vulnerability",
"expanded": "Vulnerability",
"description": "Public or non-public information about a security vulnerability in a specific software, hardware or service."
},
{
"value": "proof-of-concept",
"expanded": "Proof-of-concept",
"description": "Code to validate a known vulnerability."
},
{
"value": "fingerprint",
"expanded": "Fingerprint",
"description": "Code to uniquely identify specific cybersecurity-relevant patterns. Fingerprints can be expressed in different formats such as ja3, ja3s, hassh, jarm or favicon-mmh3."
},
{
"value": "policy",
"expanded": "Policy",
"description": "Public or non-public policy used in organisation's risk management practices."
}
]
},
{
"predicate": "scope",
"entry": [
{
"value": "identify",
"expanded": "Identify"
},
{
"value": "protect",
"expanded": "Protect"
},
{
"value": "detect",
"expanded": "Detect"
},
{
"value": "respond",
"expanded": "Respond"
},
{
"value": "recover",
"expanded": "Recover"
},
{
"value": "exploit",
"expanded": "Exploit"
},
{
"value": "investigate",
"expanded": "Investigate"
},
{
"value": "train",
"expanded": "Train"
}
]
}
],
"predicates": [
{
"value": "type",
"expanded": "Type",
"description": "Type of entry in the catalogue."
},
{
"value": "scope",
"expanded": "Scope",
"description": "Scope of usage for the entry in the catalogue."
}
]
}