Taxonomies used in MISP taxonomy system and can be used by other information sharing tool. https://www.circl.lu/doc/misp-taxonomies/
 
 
Go to file
Alexandre Dulaunoy 4b4c846eb4 first_csirt_case_classification added in the tool 2016-02-04 16:12:19 +01:00
admiralty-scale Added a version number in the JSON - Fix #2 2015-11-22 07:56:48 +01:00
adversary TDS fixed 2016-02-04 10:56:54 +01:00
circl CIRCL Taxonomy - Schemes of Classification in Incident Response and 2015-11-22 09:52:57 +01:00
dni-ism Missing atomicEnergyMarkings added 2015-11-28 18:11:09 +01:00
ecsirt added Incident Classification by the ecsirt.net project WP4 clearinghouse policy and updated by IntelMQ. 2015-11-25 15:32:12 +01:00
euci description fixed 2015-12-01 17:39:11 +01:00
first_csirt_case_classification tags 2016-02-04 15:59:30 +01:00
nato NATO classification markings. (first DRAFT) 2015-11-29 10:23:14 +01:00
osint Certainty scale added 2016-01-21 22:56:22 +01:00
tlp Expanded namespace for TLP added 2016-01-10 17:04:42 +01:00
tools first_csirt_case_classification added in the tool 2016-02-04 16:12:19 +01:00
veris Added missing version 2015-11-24 10:57:19 +01:00
README.md OSINT add in the list 2016-01-22 08:29:48 +01:00

README.md

MISP Taxonomies

Taxonomies that can be used in MISP (2.4) and other information sharing tool and expressed in Machine Tags (Triple Tags). A machine tag is composed of a namespace (MUST), a predicate (MUST) and an (OPTIONAL) value. Machine tags are often called triple tag due to their format.

Overview of the MISP taxonomies

The following taxonomies can be used in MISP (as local or distributed tags) or in other tools willing to share common taxonomies among security information sharing tools.

The following taxonomies are described:

Admiralty Scale

The Admiralty Scale (also called the NATO System) is used to rank the reliability of a source and the credibility of an information.

CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection

CIRCL Taxonomy is a simple scheme for incident classification and area topic where the incident took place.

eCSIRT and IntelMQ incident classification

eCSIRT incident classification Appendix C of the eCSIRT EU project including IntelMQ updates.

EUCI classification

EU classified information (EUCI) means any information or material designated by a EU security classification, the unauthorised disclosure of which could cause varying degrees of prejudice to the interests of the European Union or of one or more of the Member States as described.

Information Security Marking Metadata DNI (Director of National Intelligence - US)

ISM (Information Security Marking Metadata) V13 as described by DNI.gov.

NATO Classification Marking

Marking of Classified and Unclassified materials as described by the North Atlantic Treaty Organization, NATO.

TLP - Traffic Light Protocol

The Traffic Light Protocol - or short: TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time.

Vocabulary for Event Recording and Incident Sharing VERIS

Vocabulary for Event Recording and Incident Sharing is a format created by the VERIS community.

How to contribute your taxonomy?

It is quite easy. Create a JSON file describing your taxonomy as triple tags (e.g. check an existing one like Admiralty Scale), create a directory matching your name space, put your machinetag file in the directory and pull your request. That's it. Everyone can benefit from your taxonomy and can be automatically enabled in information sharing tools like MISP.

MISP Taxonomies - tools

machinetag.py is a parsing tool to dump taxonomies expressed in Machine Tags (Triple Tags) and list all valid tags from a specific taxonomy.

% cd tools
% python machinetag.py 
        admiralty-scale:source-reliability="a"
        admiralty-scale:source-reliability="b"
        admiralty-scale:source-reliability="c"
        admiralty-scale:source-reliability="d"
        admiralty-scale:source-reliability="e"
        admiralty-scale:source-reliability="f"
        admiralty-scale:information-credibility="1"
        admiralty-scale:information-credibility="2"
        admiralty-scale:information-credibility="3"
        admiralty-scale:information-credibility="4"
        admiralty-scale:information-credibility="5"
        admiralty-scale:information-credibility="6"
        ...