MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-taxonomies/ifx-vetting/machinetag.json

468 lines
9.5 KiB
JSON
Raw Blame History

{
"namespace": "ifx-vetting",
"description": "The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process",
"version": 2,
"predicates": [
{
"value": "vetted",
"expanded": "state of the vetted intelligence"
},
{
"value": "score",
"expanded": "A numerical score added by a scoring algorithm of choice. The score can either be considered by an analyst or in combination with other tags be used for automatic processing of the data."
}
],
"values": [
{
"predicate": "vetted",
"entry": [
{
"value": "legit-but-compromised",
"expanded": "The attribute/event describes something that is legitly used, but seems to be compromised by 3rd parties to be used for malicious activities. Consider this if blocking is your course of action."
},
{
"value": "legit",
"expanded": "The attribute/event describes something legitly used, that does not show signes of compromise or misuse."
},
{
"value": "legit-uncertain",
"expanded": "The attribute/event describes something where it is not 100% clear if it is used only legitly."
},
{
"value": "malicious",
"expanded": "The attribute/event describes something that is definitly used maliciously."
},
{
"value": "malicious-uncertain",
"expanded": "The attribute/event describes something that seems to be used maliciously, but there is no 100% proof."
},
{
"value": "invalid",
"expanded": "The attribute/event is invalid or wrong in respect to the situation described by the event."
},
{
"value": "irrelevant",
"expanded": "The attribute/event is irrelevant to your organization or CTI process."
},
{
"value": "undetermined",
"expanded": "The nature of the attribute/event cannot be further determined. Use this only as a last resort."
},
{
"value": "fast-track",
"expanded": "The attribute/event was not vetted but passed through for operational reasons. A result might be higher false-positive rates."
}
]
},
{
"predicate": "score",
"entry": [
{
"value": "0",
"expanded": "0"
},
{
"value": "1",
"expanded": "1"
},
{
"value": "2",
"expanded": "2"
},
{
"value": "3",
"expanded": "3"
},
{
"value": "4",
"expanded": "4"
},
{
"value": "5",
"expanded": "5"
},
{
"value": "6",
"expanded": "6"
},
{
"value": "7",
"expanded": "7"
},
{
"value": "8",
"expanded": "8"
},
{
"value": "9",
"expanded": "9"
},
{
"value": "10",
"expanded": "10"
},
{
"value": "11",
"expanded": "11"
},
{
"value": "12",
"expanded": "12"
},
{
"value": "13",
"expanded": "13"
},
{
"value": "14",
"expanded": "14"
},
{
"value": "15",
"expanded": "15"
},
{
"value": "16",
"expanded": "16"
},
{
"value": "17",
"expanded": "17"
},
{
"value": "18",
"expanded": "18"
},
{
"value": "19",
"expanded": "19"
},
{
"value": "20",
"expanded": "20"
},
{
"value": "21",
"expanded": "21"
},
{
"value": "22",
"expanded": "22"
},
{
"value": "23",
"expanded": "23"
},
{
"value": "24",
"expanded": "24"
},
{
"value": "25",
"expanded": "25"
},
{
"value": "26",
"expanded": "26"
},
{
"value": "27",
"expanded": "27"
},
{
"value": "28",
"expanded": "28"
},
{
"value": "29",
"expanded": "29"
},
{
"value": "30",
"expanded": "30"
},
{
"value": "31",
"expanded": "31"
},
{
"value": "32",
"expanded": "32"
},
{
"value": "33",
"expanded": "33"
},
{
"value": "34",
"expanded": "34"
},
{
"value": "35",
"expanded": "35"
},
{
"value": "36",
"expanded": "36"
},
{
"value": "37",
"expanded": "37"
},
{
"value": "38",
"expanded": "38"
},
{
"value": "39",
"expanded": "39"
},
{
"value": "40",
"expanded": "40"
},
{
"value": "41",
"expanded": "41"
},
{
"value": "42",
"expanded": "42"
},
{
"value": "43",
"expanded": "43"
},
{
"value": "44",
"expanded": "44"
},
{
"value": "45",
"expanded": "45"
},
{
"value": "46",
"expanded": "46"
},
{
"value": "47",
"expanded": "47"
},
{
"value": "48",
"expanded": "48"
},
{
"value": "49",
"expanded": "49"
},
{
"value": "50",
"expanded": "50"
},
{
"value": "51",
"expanded": "51"
},
{
"value": "52",
"expanded": "52"
},
{
"value": "53",
"expanded": "53"
},
{
"value": "54",
"expanded": "54"
},
{
"value": "55",
"expanded": "55"
},
{
"value": "56",
"expanded": "56"
},
{
"value": "57",
"expanded": "57"
},
{
"value": "58",
"expanded": "58"
},
{
"value": "59",
"expanded": "59"
},
{
"value": "60",
"expanded": "60"
},
{
"value": "61",
"expanded": "61"
},
{
"value": "62",
"expanded": "62"
},
{
"value": "63",
"expanded": "63"
},
{
"value": "64",
"expanded": "64"
},
{
"value": "65",
"expanded": "65"
},
{
"value": "66",
"expanded": "66"
},
{
"value": "67",
"expanded": "67"
},
{
"value": "68",
"expanded": "68"
},
{
"value": "69",
"expanded": "69"
},
{
"value": "70",
"expanded": "70"
},
{
"value": "71",
"expanded": "71"
},
{
"value": "72",
"expanded": "72"
},
{
"value": "73",
"expanded": "73"
},
{
"value": "74",
"expanded": "74"
},
{
"value": "75",
"expanded": "75"
},
{
"value": "76",
"expanded": "76"
},
{
"value": "77",
"expanded": "77"
},
{
"value": "78",
"expanded": "78"
},
{
"value": "79",
"expanded": "79"
},
{
"value": "80",
"expanded": "80"
},
{
"value": "81",
"expanded": "81"
},
{
"value": "82",
"expanded": "82"
},
{
"value": "83",
"expanded": "83"
},
{
"value": "84",
"expanded": "84"
},
{
"value": "85",
"expanded": "85"
},
{
"value": "86",
"expanded": "86"
},
{
"value": "87",
"expanded": "87"
},
{
"value": "88",
"expanded": "88"
},
{
"value": "89",
"expanded": "89"
},
{
"value": "90",
"expanded": "90"
},
{
"value": "91",
"expanded": "91"
},
{
"value": "92",
"expanded": "92"
},
{
"value": "93",
"expanded": "93"
},
{
"value": "94",
"expanded": "94"
},
{
"value": "95",
"expanded": "95"
},
{
"value": "96",
"expanded": "96"
},
{
"value": "97",
"expanded": "97"
},
{
"value": "98",
"expanded": "98"
},
{
"value": "99",
"expanded": "99"
},
{
"value": "100",
"expanded": "100"
}
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink