571 lines
13 KiB
JSON
571 lines
13 KiB
JSON
{
|
|
"namespace": "ifx-vetting",
|
|
"description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process",
|
|
"version": 3,
|
|
"predicates": [
|
|
{
|
|
"value": "vetted",
|
|
"expanded": "state of the vetted intelligence",
|
|
"exclusive": true
|
|
},
|
|
{
|
|
"value": "score",
|
|
"expanded": "A numerical score added by a scoring algorithm of choice. The score can either be considered by an analyst or in combination with other tags be used for automatic processing of the data.",
|
|
"exclusive": true
|
|
}
|
|
],
|
|
"values": [
|
|
{
|
|
"predicate": "vetted",
|
|
"entry": [
|
|
{
|
|
"value": "legit-but-compromised",
|
|
"expanded": "The attribute/event describes something that is legitly used, but seems to be compromised by 3rd parties to be used for malicious activities. Consider this if blocking is your course of action."
|
|
},
|
|
{
|
|
"value": "legit",
|
|
"expanded": "The attribute/event describes something legitly used, that does not show signes of compromise or misuse."
|
|
},
|
|
{
|
|
"value": "legit-uncertain",
|
|
"expanded": "The attribute/event describes something where it is not 100% clear if it is used only legitly."
|
|
},
|
|
{
|
|
"value": "malicious",
|
|
"expanded": "The attribute/event describes something that is definitly used maliciously."
|
|
},
|
|
{
|
|
"value": "malicious-uncertain",
|
|
"expanded": "The attribute/event describes something that seems to be used maliciously, but there is no 100% proof."
|
|
},
|
|
{
|
|
"value": "invalid",
|
|
"expanded": "The attribute/event is invalid or wrong in respect to the situation described by the event."
|
|
},
|
|
{
|
|
"value": "irrelevant",
|
|
"expanded": "The attribute/event is irrelevant to your organization or CTI process."
|
|
},
|
|
{
|
|
"value": "undetermined",
|
|
"expanded": "The nature of the attribute/event cannot be further determined. Use this only as a last resort."
|
|
},
|
|
{
|
|
"value": "fast-track",
|
|
"expanded": "The attribute/event was not vetted but passed through for operational reasons. A result might be higher false-positive rates."
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"predicate": "score",
|
|
"entry": [
|
|
{
|
|
"value": "0",
|
|
"expanded": "0",
|
|
"numerical_value": 0
|
|
},
|
|
{
|
|
"value": "1",
|
|
"expanded": "1",
|
|
"numerical_value": 1
|
|
},
|
|
{
|
|
"value": "2",
|
|
"expanded": "2",
|
|
"numerical_value": 2
|
|
},
|
|
{
|
|
"value": "3",
|
|
"expanded": "3",
|
|
"numerical_value": 3
|
|
},
|
|
{
|
|
"value": "4",
|
|
"expanded": "4",
|
|
"numerical_value": 4
|
|
},
|
|
{
|
|
"value": "5",
|
|
"expanded": "5",
|
|
"numerical_value": 5
|
|
},
|
|
{
|
|
"value": "6",
|
|
"expanded": "6",
|
|
"numerical_value": 6
|
|
},
|
|
{
|
|
"value": "7",
|
|
"expanded": "7",
|
|
"numerical_value": 7
|
|
},
|
|
{
|
|
"value": "8",
|
|
"expanded": "8",
|
|
"numerical_value": 8
|
|
},
|
|
{
|
|
"value": "9",
|
|
"expanded": "9",
|
|
"numerical_value": 9
|
|
},
|
|
{
|
|
"value": "10",
|
|
"expanded": "10",
|
|
"numerical_value": 10
|
|
},
|
|
{
|
|
"value": "11",
|
|
"expanded": "11",
|
|
"numerical_value": 11
|
|
},
|
|
{
|
|
"value": "12",
|
|
"expanded": "12",
|
|
"numerical_value": 12
|
|
},
|
|
{
|
|
"value": "13",
|
|
"expanded": "13",
|
|
"numerical_value": 13
|
|
},
|
|
{
|
|
"value": "14",
|
|
"expanded": "14",
|
|
"numerical_value": 14
|
|
},
|
|
{
|
|
"value": "15",
|
|
"expanded": "15",
|
|
"numerical_value": 15
|
|
},
|
|
{
|
|
"value": "16",
|
|
"expanded": "16",
|
|
"numerical_value": 16
|
|
},
|
|
{
|
|
"value": "17",
|
|
"expanded": "17",
|
|
"numerical_value": 17
|
|
},
|
|
{
|
|
"value": "18",
|
|
"expanded": "18",
|
|
"numerical_value": 18
|
|
},
|
|
{
|
|
"value": "19",
|
|
"expanded": "19",
|
|
"numerical_value": 19
|
|
},
|
|
{
|
|
"value": "20",
|
|
"expanded": "20",
|
|
"numerical_value": 20
|
|
},
|
|
{
|
|
"value": "21",
|
|
"expanded": "21",
|
|
"numerical_value": 21
|
|
},
|
|
{
|
|
"value": "22",
|
|
"expanded": "22",
|
|
"numerical_value": 22
|
|
},
|
|
{
|
|
"value": "23",
|
|
"expanded": "23",
|
|
"numerical_value": 23
|
|
},
|
|
{
|
|
"value": "24",
|
|
"expanded": "24",
|
|
"numerical_value": 24
|
|
},
|
|
{
|
|
"value": "25",
|
|
"expanded": "25",
|
|
"numerical_value": 25
|
|
},
|
|
{
|
|
"value": "26",
|
|
"expanded": "26",
|
|
"numerical_value": 26
|
|
},
|
|
{
|
|
"value": "27",
|
|
"expanded": "27",
|
|
"numerical_value": 27
|
|
},
|
|
{
|
|
"value": "28",
|
|
"expanded": "28",
|
|
"numerical_value": 28
|
|
},
|
|
{
|
|
"value": "29",
|
|
"expanded": "29",
|
|
"numerical_value": 29
|
|
},
|
|
{
|
|
"value": "30",
|
|
"expanded": "30",
|
|
"numerical_value": 30
|
|
},
|
|
{
|
|
"value": "31",
|
|
"expanded": "31",
|
|
"numerical_value": 31
|
|
},
|
|
{
|
|
"value": "32",
|
|
"expanded": "32",
|
|
"numerical_value": 32
|
|
},
|
|
{
|
|
"value": "33",
|
|
"expanded": "33",
|
|
"numerical_value": 33
|
|
},
|
|
{
|
|
"value": "34",
|
|
"expanded": "34",
|
|
"numerical_value": 34
|
|
},
|
|
{
|
|
"value": "35",
|
|
"expanded": "35",
|
|
"numerical_value": 35
|
|
},
|
|
{
|
|
"value": "36",
|
|
"expanded": "36",
|
|
"numerical_value": 36
|
|
},
|
|
{
|
|
"value": "37",
|
|
"expanded": "37",
|
|
"numerical_value": 37
|
|
},
|
|
{
|
|
"value": "38",
|
|
"expanded": "38",
|
|
"numerical_value": 38
|
|
},
|
|
{
|
|
"value": "39",
|
|
"expanded": "39",
|
|
"numerical_value": 39
|
|
},
|
|
{
|
|
"value": "40",
|
|
"expanded": "40",
|
|
"numerical_value": 40
|
|
},
|
|
{
|
|
"value": "41",
|
|
"expanded": "41",
|
|
"numerical_value": 41
|
|
},
|
|
{
|
|
"value": "42",
|
|
"expanded": "42",
|
|
"numerical_value": 42
|
|
},
|
|
{
|
|
"value": "43",
|
|
"expanded": "43",
|
|
"numerical_value": 43
|
|
},
|
|
{
|
|
"value": "44",
|
|
"expanded": "44",
|
|
"numerical_value": 44
|
|
},
|
|
{
|
|
"value": "45",
|
|
"expanded": "45",
|
|
"numerical_value": 45
|
|
},
|
|
{
|
|
"value": "46",
|
|
"expanded": "46",
|
|
"numerical_value": 46
|
|
},
|
|
{
|
|
"value": "47",
|
|
"expanded": "47",
|
|
"numerical_value": 47
|
|
},
|
|
{
|
|
"value": "48",
|
|
"expanded": "48",
|
|
"numerical_value": 48
|
|
},
|
|
{
|
|
"value": "49",
|
|
"expanded": "49",
|
|
"numerical_value": 49
|
|
},
|
|
{
|
|
"value": "50",
|
|
"expanded": "50",
|
|
"numerical_value": 50
|
|
},
|
|
{
|
|
"value": "51",
|
|
"expanded": "51",
|
|
"numerical_value": 51
|
|
},
|
|
{
|
|
"value": "52",
|
|
"expanded": "52",
|
|
"numerical_value": 52
|
|
},
|
|
{
|
|
"value": "53",
|
|
"expanded": "53",
|
|
"numerical_value": 53
|
|
},
|
|
{
|
|
"value": "54",
|
|
"expanded": "54",
|
|
"numerical_value": 54
|
|
},
|
|
{
|
|
"value": "55",
|
|
"expanded": "55",
|
|
"numerical_value": 55
|
|
},
|
|
{
|
|
"value": "56",
|
|
"expanded": "56",
|
|
"numerical_value": 56
|
|
},
|
|
{
|
|
"value": "57",
|
|
"expanded": "57",
|
|
"numerical_value": 57
|
|
},
|
|
{
|
|
"value": "58",
|
|
"expanded": "58",
|
|
"numerical_value": 58
|
|
},
|
|
{
|
|
"value": "59",
|
|
"expanded": "59",
|
|
"numerical_value": 59
|
|
},
|
|
{
|
|
"value": "60",
|
|
"expanded": "60",
|
|
"numerical_value": 60
|
|
},
|
|
{
|
|
"value": "61",
|
|
"expanded": "61",
|
|
"numerical_value": 61
|
|
},
|
|
{
|
|
"value": "62",
|
|
"expanded": "62",
|
|
"numerical_value": 62
|
|
},
|
|
{
|
|
"value": "63",
|
|
"expanded": "63",
|
|
"numerical_value": 63
|
|
},
|
|
{
|
|
"value": "64",
|
|
"expanded": "64",
|
|
"numerical_value": 64
|
|
},
|
|
{
|
|
"value": "65",
|
|
"expanded": "65",
|
|
"numerical_value": 65
|
|
},
|
|
{
|
|
"value": "66",
|
|
"expanded": "66",
|
|
"numerical_value": 66
|
|
},
|
|
{
|
|
"value": "67",
|
|
"expanded": "67",
|
|
"numerical_value": 67
|
|
},
|
|
{
|
|
"value": "68",
|
|
"expanded": "68",
|
|
"numerical_value": 68
|
|
},
|
|
{
|
|
"value": "69",
|
|
"expanded": "69",
|
|
"numerical_value": 69
|
|
},
|
|
{
|
|
"value": "70",
|
|
"expanded": "70",
|
|
"numerical_value": 70
|
|
},
|
|
{
|
|
"value": "71",
|
|
"expanded": "71",
|
|
"numerical_value": 71
|
|
},
|
|
{
|
|
"value": "72",
|
|
"expanded": "72",
|
|
"numerical_value": 72
|
|
},
|
|
{
|
|
"value": "73",
|
|
"expanded": "73",
|
|
"numerical_value": 73
|
|
},
|
|
{
|
|
"value": "74",
|
|
"expanded": "74",
|
|
"numerical_value": 74
|
|
},
|
|
{
|
|
"value": "75",
|
|
"expanded": "75",
|
|
"numerical_value": 75
|
|
},
|
|
{
|
|
"value": "76",
|
|
"expanded": "76",
|
|
"numerical_value": 76
|
|
},
|
|
{
|
|
"value": "77",
|
|
"expanded": "77",
|
|
"numerical_value": 77
|
|
},
|
|
{
|
|
"value": "78",
|
|
"expanded": "78",
|
|
"numerical_value": 78
|
|
},
|
|
{
|
|
"value": "79",
|
|
"expanded": "79",
|
|
"numerical_value": 79
|
|
},
|
|
{
|
|
"value": "80",
|
|
"expanded": "80",
|
|
"numerical_value": 80
|
|
},
|
|
{
|
|
"value": "81",
|
|
"expanded": "81",
|
|
"numerical_value": 81
|
|
},
|
|
{
|
|
"value": "82",
|
|
"expanded": "82",
|
|
"numerical_value": 82
|
|
},
|
|
{
|
|
"value": "83",
|
|
"expanded": "83",
|
|
"numerical_value": 83
|
|
},
|
|
{
|
|
"value": "84",
|
|
"expanded": "84",
|
|
"numerical_value": 84
|
|
},
|
|
{
|
|
"value": "85",
|
|
"expanded": "85",
|
|
"numerical_value": 85
|
|
},
|
|
{
|
|
"value": "86",
|
|
"expanded": "86",
|
|
"numerical_value": 86
|
|
},
|
|
{
|
|
"value": "87",
|
|
"expanded": "87",
|
|
"numerical_value": 87
|
|
},
|
|
{
|
|
"value": "88",
|
|
"expanded": "88",
|
|
"numerical_value": 88
|
|
},
|
|
{
|
|
"value": "89",
|
|
"expanded": "89",
|
|
"numerical_value": 89
|
|
},
|
|
{
|
|
"value": "90",
|
|
"expanded": "90",
|
|
"numerical_value": 90
|
|
},
|
|
{
|
|
"value": "91",
|
|
"expanded": "91",
|
|
"numerical_value": 91
|
|
},
|
|
{
|
|
"value": "92",
|
|
"expanded": "92",
|
|
"numerical_value": 92
|
|
},
|
|
{
|
|
"value": "93",
|
|
"expanded": "93",
|
|
"numerical_value": 93
|
|
},
|
|
{
|
|
"value": "94",
|
|
"expanded": "94",
|
|
"numerical_value": 94
|
|
},
|
|
{
|
|
"value": "95",
|
|
"expanded": "95",
|
|
"numerical_value": 95
|
|
},
|
|
{
|
|
"value": "96",
|
|
"expanded": "96",
|
|
"numerical_value": 96
|
|
},
|
|
{
|
|
"value": "97",
|
|
"expanded": "97",
|
|
"numerical_value": 97
|
|
},
|
|
{
|
|
"value": "98",
|
|
"expanded": "98",
|
|
"numerical_value": 98
|
|
},
|
|
{
|
|
"value": "99",
|
|
"expanded": "99",
|
|
"numerical_value": 99
|
|
},
|
|
{
|
|
"value": "100",
|
|
"expanded": "100",
|
|
"numerical_value": 100
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|