misp-taxonomies/information-security-data-s.../machinetag.json

259 lines
8.2 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

{
"namespace": "information-security-data-source",
"description": "Taxonomy to classify the information security data sources.",
"refs": [
"https://www.sciencedirect.com/science/article/pii/S0167404818304978"
],
"version": 1,
"predicates": [
{
"value": "originality",
"expanded": "Originality",
"description": "Originality and novelty of the provided information"
},
{
"value": "timeliness-sharing-behavior",
"expanded": "Timeliness sharing behavior",
"description": "Timeliness of the provided information"
},
{
"value": "type-of-information",
"expanded": "Type of information",
"description": "Type of provided information"
},
{
"value": "integrability-format",
"expanded": "Integrability format",
"description": "Level of integrability format for the provided information"
},
{
"value": "integrability-interface",
"expanded": "Integrability interface",
"description": "Level of integrability interface for the provided information"
},
{
"value": "type-of-source",
"expanded": "Type of source",
"description": "Types of information security data source"
},
{
"value": "trustworthiness-creditabilily",
"expanded": "Trustworthiness creditability",
"description": "Source of the creditability"
},
{
"value": "trustworthiness-traceability",
"expanded": "Trustworthiness traceability",
"description": "Traceability of the provided information"
},
{
"value": "trustworthiness-feedback-mechanism",
"expanded": "Trustworthiness feedback mechanism",
"description": "Feedback such as user ratings or comments regarding the usefulness of the provided information"
}
],
"values": [
{
"predicate": "type-of-information",
"entry": [
{
"value": "vulnerability",
"expanded": "Vulnerability",
"description": "Information regarding a weakness of an asset which might be exploited by a threat"
},
{
"value": "threat",
"expanded": "Threat",
"description": "Information regarding the potential cause on an unwanted incident"
},
{
"value": "countermeasure",
"expanded": "Countermeasure",
"description": "Information regarding any administrative, managerial, technical or legal control that is used to counteract an information security risk"
},
{
"value": "attack",
"expanded": "Attack",
"description": "Information regarding any unauthorized attempt to access, alter or destroy an asset"
},
{
"value": "risk",
"expanded": "Risk",
"description": "Information describing the consequences of a potential event, such as an attack"
},
{
"value": "asset",
"expanded": "Asset",
"description": "Information regarding any object or characteristic that has value to an organization"
}
]
},
{
"predicate": "originality",
"entry": [
{
"value": "original-source",
"expanded": "Original source",
"description": "Information originates from the data sources which publish their own information"
},
{
"value": "secondary-source",
"expanded": "Secondary source",
"description": "Information is integrated or copied from another information security data source"
}
]
},
{
"predicate": "timeliness-sharing-behavior",
"entry": [
{
"value": "routine-sharing",
"expanded": "Routine sharing",
"description": "Information is published at a specific point in time on a regular basis, such as daily, weakly or monthly reports"
},
{
"value": "incident-specific",
"expanded": "Incident specific",
"description": "Information is published whenever news are available or a new incident occurs"
}
]
},
{
"predicate": "integrability-format",
"entry": [
{
"value": "structured",
"expanded": "Structured",
"description": "The provided security information is available in an standardized and structured data format such as MISP core format"
},
{
"value": "unstructured",
"expanded": "Unstructured",
"description": "The provided security information is available in unstructured form without following a common data representation format"
}
]
},
{
"predicate": "integrability-interface",
"entry": [
{
"value": "no-interface",
"expanded": "No interface",
"description": "The information security data source doesnt provide any interface to access the information"
},
{
"value": "api",
"expanded": "API",
"description": "The information security data source provides an application programming interface (APIs) to obtain the provided information"
},
{
"value": "rss-feeds",
"expanded": "RSS Feeds",
"description": "The information security data source provides an RSS Feed to keep track of the provided information"
},
{
"value": "export",
"expanded": "Export",
"description": "The information security data source provides an interface to export contents as XML, JSON or plain text"
}
]
},
{
"predicate": "trustworthiness-creditabilily",
"entry": [
{
"value": "vendor",
"expanded": "Vendor",
"description": "The publisher of the information is a vendor"
},
{
"value": "government",
"expanded": "Government",
"description": "The publisher of the information is a government"
},
{
"value": "security-expert",
"expanded": "Security expert",
"description": "The publisher of the information is a security expert"
},
{
"value": "normal-user",
"expanded": "Normal user",
"description": "The publisher of the information is a normal user"
}
]
},
{
"predicate": "trustworthiness-traceability",
"entry": [
{
"value": "yes",
"expanded": "Yes",
"description": "The provided information is classified as traceable if it can be traced back, based on meta-data, to a specific publisher and a publishing date"
},
{
"value": "no",
"expanded": "No",
"description": "The provided information cannot be traced back (meta-data are not provided)"
}
]
},
{
"predicate": "trustworthiness-feedback-mechanism",
"entry": [
{
"value": "yes",
"expanded": "Yes",
"description": "The provided information is validated by including user rating, comments or additional analysis"
},
{
"value": "no",
"expanded": "No",
"description": "The provided information is not validated (a user rating, comments is not available)"
}
]
},
{
"predicate": "type-of-source",
"entry": [
{
"value": "news-website",
"expanded": "News website"
},
{
"value": "expert-blog",
"expanded": "Expert blog"
},
{
"value": "security-product-vendor-website",
"expanded": "(Security product) vendor website"
},
{
"value": "vulnerability-database",
"expanded": "Vulnerability database"
},
{
"value": "mailing-list-archive",
"expanded": "Mailing list archive"
},
{
"value": "social-network",
"expanded": "Social network"
},
{
"value": "streaming-portal",
"expanded": "Streaming portal"
},
{
"value": "forum",
"expanded": "Forum"
},
{
"value": "other",
"expanded": "Other"
}
]
}
]
}