MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-taxonomies/infoleak/machinetag.json

442 lines
10 KiB
JSON
Raw Blame History

{
"predicates": [
{
"expanded": "Type of information leak detected from automatic analysis",
"value": "automatic-detection"
},
{
"expanded": "Type of information leak detected from a human analysis",
"value": "analyst-detection"
},
{
"value": "confirmed",
"expanded": "Confirmed information leak or not",
"exclusive": true
},
{
"expanded": "Source of the information leak",
"value": "source"
},
{
"expanded": "type of submission",
"value": "submission"
},
{
"expanded": "Output format",
"value": "output-format",
"exclusive": true
},
{
"value": "certainty",
"expanded": "Certainty of the information to be a leak",
"exclusive": true
}
],
"version": 7,
"description": "A taxonomy describing information leaks and especially information classified as being potentially leaked. The taxonomy is based on the work by CIRCL on the AIL framework. The taxonomy aim is to be used at large to improve classification of leaked information.",
"namespace": "infoleak",
"values": [
{
"predicate": "automatic-detection",
"entry": [
{
"value": "credential",
"expanded": "Credential"
},
{
"value": "credit-card",
"expanded": "Credit card"
},
{
"value": "iban",
"expanded": "IBAN"
},
{
"value": "ip",
"expanded": "IP address"
},
{
"value": "mail",
"expanded": "Mail"
},
{
"value": "phone-number",
"expanded": "Phone number"
},
{
"value": "api-key",
"expanded": "API key"
},
{
"value": "google-api-key",
"expanded": "Google API key"
},
{
"value": "aws-key",
"expanded": "AWS key"
},
{
"value": "private-key",
"expanded": "Private key at large"
},
{
"value": "encrypted-private-key",
"expanded": "Encrypted private key at large"
},
{
"value": "private-ssh-key",
"expanded": "Private SSH key"
},
{
"value": "private-static-key",
"expanded": "Private state key"
},
{
"value": "vpn-static-key",
"expanded": "VPN static key"
},
{
"value": "pgp-message",
"expanded": "PGP message"
},
{
"value": "pgp-public-key-block",
"expanded": "PGP public key block"
},
{
"value": "pgp-signature",
"expanded": "PGP signature"
},
{
"value": "pgp-private-key",
"expanded": "PGP private key"
},
{
"value": "certificate",
"expanded": "Certificate"
},
{
"value": "rsa-private-key",
"expanded": "RSA private key"
},
{
"value": "dsa-private-key",
"expanded": "DSA private key"
},
{
"value": "ec-private-key",
"expanded": "EC private key"
},
{
"value": "public-key",
"expanded": "Public key"
},
{
"value": "base64",
"expanded": "Base64"
},
{
"value": "binary",
"expanded": "Binary"
},
{
"value": "hexadecimal",
"expanded": "Hexadecimal"
},
{
"value": "bitcoin-address",
"expanded": "Bitcoin address"
},
{
"value": "bitcoin-private-key",
"expanded": "Bitcoin private key"
},
{
"value": "cve",
"expanded": "CVE"
},
{
"value": "onion",
"expanded": "Onion link"
},
{
"value": "sql-injection",
"expanded": "SQL injection"
}
]
},
{
"predicate": "analyst-detection",
"entry": [
{
"value": "credential",
"expanded": "Credential"
},
{
"value": "credit-card",
"expanded": "Credit card"
},
{
"value": "iban",
"expanded": "IBAN"
},
{
"value": "ip",
"expanded": "IP address"
},
{
"value": "mail",
"expanded": "Mail"
},
{
"value": "phone-number",
"expanded": "Phone number"
},
{
"value": "api-key",
"expanded": "API key"
},
{
"value": "google-api-key",
"expanded": "Google API key"
},
{
"value": "aws-key",
"expanded": "AWS key"
},
{
"value": "private-key",
"expanded": "Private key at large"
},
{
"value": "encrypted-private-key",
"expanded": "Encrypted private key at large"
},
{
"value": "private-ssh-key",
"expanded": "Private SSH key"
},
{
"value": "private-static-key",
"expanded": "Private state key"
},
{
"value": "vpn-static-key",
"expanded": "VPN static key"
},
{
"value": "pgp-message",
"expanded": "PGP message"
},
{
"value": "pgp-public-key-block",
"expanded": "PGP public key block"
},
{
"value": "pgp-signature",
"expanded": "PGP signature"
},
{
"value": "pgp-private-key",
"expanded": "PGP private key"
},
{
"value": "certificate",
"expanded": "Certificate"
},
{
"value": "rsa-private-key",
"expanded": "RSA private key"
},
{
"value": "dsa-private-key",
"expanded": "DSA private key"
},
{
"value": "ec-private-key",
"expanded": "EC private key"
},
{
"value": "public-key",
"expanded": "Public key"
},
{
"value": "base64",
"expanded": "Base64"
},
{
"value": "binary",
"expanded": "Binary"
},
{
"value": "hexadecimal",
"expanded": "Hexadecimal"
},
{
"value": "bitcoin-address",
"expanded": "Bitcoin address"
},
{
"value": "bitcoin-private-key",
"expanded": "Bitcoin private key"
},
{
"value": "cve",
"expanded": "CVE"
},
{
"value": "onion",
"expanded": "Onion link"
},
{
"value": "sql-injection",
"expanded": "SQL injection"
}
]
},
{
"predicate": "confirmed",
"entry": [
{
"value": "false-positive",
"expanded": "False positive"
},
{
"value": "false-negative",
"expanded": "False negative"
},
{
"value": "true-positive",
"expanded": "True positive"
},
{
"value": "true-negative",
"expanded": "True negative"
}
]
},
{
"predicate": "source",
"entry": [
{
"value": "public-website",
"expanded": "Public website"
},
{
"value": "pastie-website",
"expanded": "Pastie-like website"
},
{
"value": "electronic-forum",
"expanded": "Electronic forum"
},
{
"value": "mailing-list",
"expanded": "Mailing-list"
},
{
"value": "source-code-repository",
"expanded": "Source code repository"
},
{
"value": "automatic-collection",
"expanded": "Automatic collection including honeypots, spamtramps or equivalent technologies"
},
{
"value": "manual-analysis",
"expanded": "Manual analysis or investigation where detection took place"
},
{
"value": "unknown",
"expanded": "Unknown"
},
{
"value": "other",
"expanded": "Other source not specified in this list"
}
]
},
{
"predicate": "submission",
"entry": [
{
"value": "manual",
"expanded": "Manual"
},
{
"value": "automatic",
"expanded": "Automatic"
},
{
"value": "crawler",
"expanded": "Crawler"
}
]
},
{
"predicate": "output-format",
"entry": [
{
"value": "ail-daily",
"expanded": "Daily event"
},
{
"value": "ail-weekly",
"expanded": "Weekly event"
},
{
"value": "ail-monthly",
"expanded": "Monthly event"
}
]
},
{
"entry": [
{
"description": "Certainty",
"expanded": "Certainty (probability equals 1 - 100%)",
"value": "100",
"numerical_value": 100
},
{
"description": "Almost certain",
"expanded": "Almost certain (probability equals 0.93 - 93%)",
"value": "93",
"numerical_value": 93
},
{
"description": "Probable",
"expanded": "Probable (probability equals 0.75 - 75%)",
"value": "75",
"numerical_value": 75
},
{
"description": "Chances about even",
"expanded": "Chances about even (probability equals 0.50 - 50%)",
"value": "50",
"numerical_value": 50
},
{
"description": "Probably not",
"expanded": "Probably not (probability equals 0.30 - 30%)",
"value": "30",
"numerical_value": 30
},
{
"description": "Almost certainly not",
"expanded": "Almost certainly not (probability equals 0.07 - 7%)",
"value": "7",
"numerical_value": 7
},
{
"description": "Impossibility",
"expanded": "Impossibility (probability equals 0 - 0%)",
"value": "0",
"numerical_value": 0
}
],
"predicate": "certainty"
}
]
}
Reference in New Issue View Git Blame Copy Permalink