Taxonomies used in MISP taxonomy system and can be used by other information sharing tool. https://www.circl.lu/doc/misp-taxonomies/
 
 
Go to file
Alexandre Dulaunoy ab98df342f First version of Information Security Marking Metadata (DNI.gov) 2015-11-28 16:45:36 +01:00
admiralty-scale Added a version number in the JSON - Fix #2 2015-11-22 07:56:48 +01:00
circl CIRCL Taxonomy - Schemes of Classification in Incident Response and 2015-11-22 09:52:57 +01:00
dni-ism First version of Information Security Marking Metadata (DNI.gov) 2015-11-28 16:45:36 +01:00
ecsirt added Incident Classification by the ecsirt.net project WP4 clearinghouse policy and updated by IntelMQ. 2015-11-25 15:32:12 +01:00
tlp TLP (Traffic Light Protocol) added as triple tags format 2015-11-22 08:18:06 +01:00
tools added Incident Classification by the ecsirt.net project WP4 clearinghouse policy and updated by IntelMQ. 2015-11-25 15:32:12 +01:00
veris Added missing version 2015-11-24 10:57:19 +01:00
README.md eCSIRT added 2015-11-25 16:18:39 +01:00

README.md

MISP Taxonomies

Taxonomies that can be used in MISP (2.4) and other information sharing tool and expressed in Machine Tags (Triple Tags). A machine tag is composed of a namespace (MUST), a predicate (MUST) and an (OPTIONAL) value. Machine tags are often called triple tag due to their format.

The following taxonomies can be used in MISP (as local or distributed tags) or in other tools willing to share common taxonomies among security information sharing tools.

The following taxonomies are described:

Admiralty Scale

The Admiralty Scale (also called the NATO System) is used to rank the reliability of a source and the credibility of an information.

CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection

CIRCL Taxonomy is a simple scheme for incident classification and area topic where the incident took place.

eCSIRT and IntelMQ incident classification

eCSIRT incident classification Appendix C of the eCSIRT EU project including IntelMQ updates.

TLP - Traffic Light Protocol

The Traffic Light Protocol - or short: TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time.

Vocabulary for Event Recording and Incident Sharing VERIS

Vocabulary for Event Recording and Incident Sharing is a format created by the VERIS community.

How to contribute your taxonomy?

It is quite easy. Create a JSON file describing your taxonomy as triple tags (e.g. check an existing one like Admiralty Scale), create a directory matching your name space, put your machinetag file in the directory and pull your request. That's it. Everyone can benefit from your taxonomy and can be automatically enabled in information sharing tools like MISP.

MISP Taxonomies - tools

machinetag.py is a parsing tool to dump taxonomies expressed in Machine Tags (Triple Tags) and list all valid tags from a specific taxonomy.

% cd tools
% python machinetag.py 
        admiralty-scale:source-reliability="a"
        admiralty-scale:source-reliability="b"
        admiralty-scale:source-reliability="c"
        admiralty-scale:source-reliability="d"
        admiralty-scale:source-reliability="e"
        admiralty-scale:source-reliability="f"
        admiralty-scale:information-credibility="1"
        admiralty-scale:information-credibility="2"
        admiralty-scale:information-credibility="3"
        admiralty-scale:information-credibility="4"
        admiralty-scale:information-credibility="5"
        admiralty-scale:information-credibility="6"
        ...