The taxonomy is meant for large scale cybersecurity incidents, as mentioned in the Commission Recommendation of 13 May 2022, also known as the provisional agreement.
This proposal is based on the original NIS (machinetag) JSON file with the reflection of NIS2 proposal including changes as:
- changes in sectors,
- adding subsectors with detailed description,
- adding taxonomies for important entities
- adding subsectors for important entities.
Work done as part of contribution to EnCaViBS project https://encavibs.uni.lu
* [tlp] updating the new version of the traffic light protocol published by FIRST.org. [Alexandre Dulaunoy]
Some notes concerning the version 2.0 of the tlp taxonomy:
- A new tag is introduced `TLP:AMBER+STRICT` to clarify the restriction to
share only with your organisation.
- A new tag is introduced called `TLP:CLEAR` which seems to replace
`TLP:WHITE` as it disappears from the version 2.0 of the official TLP
document.
- The old tag `TLP:WHITE` is preserved in the taxonomy. As we don't have
any official reference in the version 2.0 about the compatibility with
`TLP:CLEAR`, we *assume* it's a synomym from the original `TLP:WHITE`.
- The old tag `TLP:EX:CHR` is also preserved in the taxonomy for
backward compatibility.
We strongly recommend any users using the tlp taxonomy in their tools to review
workflows and ensure that the new version 2.0 is taken into consideration.
* [nis2] various fixes. [Alexandre Dulaunoy]
* [github action] YAML parsing is just a piece-of-crap(tm) [Alexandre Dulaunoy]
* [gh] Python 3.10 added. [Alexandre Dulaunoy]
* [pyoti] refs are array. [Alexandre Dulaunoy]
* [pyoti] clean-up JSON. [Alexandre Dulaunoy]
### Fix
* [tlp] description of the TLP taxonomy updated to clarify the aspect of four labels mentioned in the standard even if there are five labels and some more in this taxonomy for backward compatibility. [Alexandre Dulaunoy]
### Other
* Merge branch 'main' of github.com:MISP/misp-taxonomies into main. [Alexandre Dulaunoy]
* Merge pull request #248 from goodlandsecurity/pyoti-v3. [Alexandre Dulaunoy]
Pyoti v3
* Forgot jq_all_the_things.sh. [goodlandsecurity]
* Bump pyoti version. [goodlandsecurity]
* Remove predicate description so entry description shows on hover, added virustotal entry. [goodlandsecurity]
* Merge pull request #247 from goodlandsecurity/pyoti-v2. [Alexandre Dulaunoy]
Pyoti taxonomy v2
* Merge remote-tracking branch 'upstream/main' into pyoti-v2 fetch upstream and merge. [goodlandsecurity]
* Added entries for domain-based reputation block lists. [goodlandsecurity]
* Bump pyoti version. [goodlandsecurity]
* Merge branch 'goodlandsecurity-pyoti-enrichment-taxonomy' into main. [Alexandre Dulaunoy]
* [dga] First version of the DGA taxonomy based on https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_plohmann.pdf. [Alexandre Dulaunoy]
A Comprehensive Measurement Study
of Domain Generating Malware
Daniel Plohmann, Fraunhofer FKIE; Khaled Yakdan, University of Bonn;
Michael Klatt, DomainTools; Johannes Bader; Elmar Gerhards-Padilla, Fraunhofer FKIE
* [interactive-cyber-training-*] jq all the things. [Alexandre Dulaunoy]
* [dark-web] ransomware group. [Terrtia]
### Fix
* [typo] fixed. [Alexandre Dulaunoy]
* Reorganize order taxonomies. [Raphaël Vinot]
### Other
* Merge pull request #217 from lcpdn/patch-1. [Alexandre Dulaunoy]
Correction de "Non classifiée" vers "Non protégé"
* Correction de "Non classifiée" vers "Non protégé" [lcpdn]
L'IGI1300 décrit 2 niveaux de classification : Secret et Très Secret. Les informations ainsi protégées sont dites classifiées. L'IGI1300 (§1.3.2) précise également qu'il existe une mention de protection dite "Diffusion Restreinte" pour des informations non classifiées. Or, les informations non classifiées et non protégées par la mention Diffusion Restreinte sont dites "Non protégées".
* [thales] fix the unknown field "exportable" in the taxonomy. [Alexandre Dulaunoy]
* [thales] taxonomy updated. [Alexandre Dulaunoy]
### Other
* Merge pull request #211 from eli-cyb/patch-1. [Alexandre Dulaunoy]
Update machinetag.json
* Update machinetag.json. [eli-cyb]
Added the value "business email compromise" as part of the distribution predicate.
Previously not included in as an available tag.
* Merge pull request #207 from Felix83000/main. [Alexandre Dulaunoy]
Thales Group taxonomy to contribute for the official MISP taxonomy repository
* Update README.md. [Félix Herrenschmidt]
* Update README.md. [Félix Herrenschmidt]
Init description.
* Create machinetag.json. [Félix Herrenschmidt]
Init Thales Group taxonomy.
## v2.4.144 (2021-06-07)
### New
* [misp] event-type added to have a generic way to label an event. [Alexandre Dulaunoy]
* [cycat] Taxonomy used by cycat (Universal Cybersecurity Catalogue) to categorize namespace available in their cybersecurity catalogue. (DRAFT version) [Alexandre Dulaunoy]
* GH workflow. [Raphaël Vinot]
* [misinformation-website-labels] first proposal. [Cookie]
* [extended-event] first proposal. [Cookie]
* [taxonomy] Pandemic and covid-19 type tracking. [Christophe Vandeplas]
* [taxonomy] new current-events taxonomy covering covid-19. [Christophe Vandeplas]
* [taxonomy] add new "DFRLab Dichotomies of Disinformation" taxonomy courtesy the Atlantic Council DFRLab. [VVX7]
* [failure-mode-in-machine-learning] new taxonomy for Failure Modes in Machine Learning. [Alexandre Dulaunoy]
* [threats-to-dns] New taxonomy threats to DNS. [Alexandre Dulaunoy]
An overview of some of the known attacks related to DNS as described by Torabi, S., Boukhtouta, A., Assi, C., & Debbabi, M. (2018) in Detecting Internet Abuse by Analyzing
Passive DNS Traffic: A Survey of Implemented Systems. IEEE Communications Surveys & Tutorials, 1–1. doi:10.1109/comst.2018.2849614
As seen during FIRSTCON19
* [flesch-reading-ease] Flesch Reading Ease is a revised system for determining the comprehension difficulty of written material. The scoring of the flesh score can have a maximum of 121.22 and there is no limit on how low a score can be (negative score are valid). [Alexandre Dulaunoy]
* [information-security-data-source] add new taxonomy. [Alexandre Dulaunoy]
* [information-security-data-source] Taxonomy to classify the information security data sources (WiP) [Alexandre Dulaunoy]
* [cyber-exercise] Cyber exercise is a taxonomy to describe if the information is part of one or more cyber or crisis exercise. [Alexandre Dulaunoy]
* Added gsma-fraud taxonomy. [iglocska]
* [gsma-attack-category] first version of Taxonomy used by GSMA for their information sharing program with telco describing the attack categories. [Alexandre Dulaunoy]
* Add all other relevant taxonomies. [Raphaël Vinot]
* [phishing] add principles of persuasions - based on: - Cialdini's principal of influence, - Graggs's psychological triggers, - Stajano's principles of scams, - see associated paper: Ferreira & al. DOI: 10.1007/978-3-319-20376-8_4. [Jean-Louis Huynen]
* [phishing] various updates and clarification. [Alexandre Dulaunoy]
- psychological-acceptability predicate added to define the social acceptance of a phishing attack
- report-type and report-origin replaced ambiguous type/report
- distribution predicate added to move distribution out of techniques
Thanks to Bertrand Lathoud and Sascha Rommelfangen for the feedback :sparkles:
* Numerical values added. [Alexandre Dulaunoy]
* [analyst-assessment] numerical_value fixed to match new model. [Alexandre Dulaunoy]
* [dark-web] taxonomy version updated. [Alexandre Dulaunoy]
* [darkweb] version updated. [Alexandre Dulaunoy]
* [darkweb] updated to the latest version. [Alexandre Dulaunoy]
* [dark-web] json fixed. [Alexandre Dulaunoy]
* [retention] hide_tag removed to validate current schema. [Alexandre Dulaunoy]
Maybe we could improve the format to include it by default to
taxonomy format to trigger the MISP hide tag functionality directly.
{'value': 'expired', 'expanded': 'Set when the retention period has expired', 'numerical_value': 0, 'hide_tag': True}: Additional properties are not allowed ('hide_tag' was unexpected)
* [MANIFEST] updated with gsma-network-technology. [Alexandre Dulaunoy]
* [gsma-network-technology] first version (still a WiP) Taxonomy used by GSMA for their information sharing program with telco describing the types of infrastructure. WiP. [Alexandre Dulaunoy]
* [workflow] add a review for privacy. [Alexandre Dulaunoy]
* [workflow] draft state added and release-requested as todo added to fix #122. [Alexandre Dulaunoy]
* [ifx-vetting] add expanded values to IFX vetting. [Alexandre Dulaunoy]
* [admiralty-scale] description has been included based on below ref. [Alexandre Dulaunoy]
ref. Scientific Methods of Inquiry of Intelligence Analysis added
additional code and there is an inconsistency in the values. Other
docs to be checked for colliding values required.
* [admiralty-scale] when information or source cannot be judged - the numerical scale should be 50% as the information is considered as an average estimated trust. [Alexandre Dulaunoy]
source: Scientific Methods of Inquiry of Intelligence Analysis
* [manifest] updated to the latest revision. [Alexandre Dulaunoy]
* [honeypot-basic] medium interaction added (based on various papers definition from EURECOM to Georg Wicherski paper) [Alexandre Dulaunoy]
* [honeypot-basic] extended with adaptive interaction level. [Alexandre Dulaunoy]
* [threatmatch] typo fixed in predicate value. [Alexandre Dulaunoy]
* [threatmatch] various fixes. [Alexandre Dulaunoy]
* [tools] website and README list generator are now the same. [Alexandre Dulaunoy]
* [doc] README cleanup and lists updated with the new format. [Alexandre Dulaunoy]
* Update URL in MANIFEST. [Raphaël Vinot]
* Incorrect merge. [Raphaël Vinot]
* Reorder predicates. [Raphaël Vinot]
* Reorder predicates, make pytaxonomies happy. [Raphaël Vinot]
* [tool] newline. [Alexandre Dulaunoy]
* [tool] Write in utf8. [mokaddem]
* Broken json. [Raphaël Vinot]
* Missing patenthesis. [Raphaël Vinot]
* Typo in rsit, predicates order in misp. [Raphaël Vinot]
* Typo in last commit. [Raphaël Vinot]
* Bad filename for the drugs taxonomy. [Raphaël Vinot]
* Wrong namespace. [Raphaël Vinot]
* Reorder predicates. [Raphaël Vinot]
* Remove extra comma. [Raphaël Vinot]
* Reorder exercise taxonomy. [Raphaël Vinot]
* Typo, empty entries. [Raphaël Vinot]
* Force non-empty strings and arrays. [Raphaël Vinot]
* [gsma-attack-category] added in the manifest. [Alexandre Dulaunoy]
* Remove empty expanded field. [Raphaël Vinot]
Fix #117
* [infoleak] typo. [Terrtia]
* Duplicate fixed. [iglocska]
* Duplicate removed. [Alexandre Dulaunoy]
* Remove duplicate. [Alexandre Dulaunoy]
* MAEC namespace added. [Alexandre Dulaunoy]
* Make namespace consistent for MAEC. [Alexandre Dulaunoy]
* Ensure javascript is valid. [Alexandre Dulaunoy]
* Remove the incorrect namespace. [Alexandre Dulaunoy]
* Reorder infoleak predicates. [Raphaël Vinot]
* MANIFEST updated. [Alexandre Dulaunoy]
* A typo to include numerical_value in the asciidoctor output. [Alexandre Dulaunoy]
* Add cryptojacking as proposed in #90 - CIRCL will do the update on their side too. [Alexandre Dulaunoy]
* Description are top-level of the namespace is different than description at lower levels. [Alexandre Dulaunoy]
* Version missing added in cyber-threat-framework. [Alexandre Dulaunoy]
* Order of predicate (misp). [Raphaël Vinot]
* Typos in predicate names (CERT-XLM & pentest). [Raphaël Vinot]
* Misp tool added (misp2stix) to be used as label. [Alexandre Dulaunoy]
* Exclusive flag added in documentation generation. [Alexandre Dulaunoy]
* Clarification of the certainty entry based on feedback from an analyst. [Alexandre Dulaunoy]
The probability is now set in the expanded value. The percentage has been removed
to avoid confusion.
* Structure of the document + CEF dedication. [Alexandre Dulaunoy]
* Typo fixed in JSON. [Alexandre Dulaunoy]
* JSON schema fixed to have a colour at entry level. [Alexandre Dulaunoy]
* Table of content level reduced for asciidoctor output. [Alexandre Dulaunoy]
* Typo in readme. [Hannah Ward]
### Other
* Merge branch 'paulingega-sa-main' into main. [Alexandre Dulaunoy]
* Merge branch 'main' of https://github.com/paulingega-sa/misp-taxonomies into paulingega-sa-main. [Alexandre Dulaunoy]
* Update machinetag.json. [paulingega-sa]
* Update threatmatch taxonomies into a single taxonomy. [paulingega-sa]
* Merge branch 'vxsh4d0w-patch-3' into main. [Alexandre Dulaunoy]
* Merge branch 'patch-3' of https://github.com/vxsh4d0w/misp-taxonomies into vxsh4d0w-patch-3. [Alexandre Dulaunoy]
* Update machinetag.json. [V]
* Incident classification updates. [V]
This proposal involves new incident categories and adds a section related information classification.
* Merge branch 'ghost-main' into main. [Alexandre Dulaunoy]
* Creation of CTI taxonomy. [Carlos Borges]
The CTI taxonomy follows a standard process/cycle.
This classification helps teams to control the workflow of their activities
* Creation of IOC taxonomy. [Carlos Borges]
The IOC taxonomy was created to address automation needs.
As we share IoC's, some of them are not malicious in nature, but it's presence can point to something malicious happening.
For automation purposes, the use of data classification helps when you need to block something or not.
* Merge branch 'kuselfu-main' into main. [Alexandre Dulaunoy]
* Merge branch 'main' of https://github.com/kuselfu/misp-taxonomies into kuselfu-main. [Alexandre Dulaunoy]
* Add VMRay taxonomies. [Jens Thom]
* Merge branch 'master' of github.com:MISP/misp-taxonomies into main. [Alexandre Dulaunoy]
* Merge pull request #204 from Delta-Sierra/master. [Alexandre Dulaunoy]
update ransomware taxonomy
* Update ransomware taxonomy. [Delta-Sierra]
* Merge pull request #202 from JakubOnderka/patch-1. [Alexandre Dulaunoy]
rsit: Update to version 1002
* Rsit: Update to version 1002. [Jakub Onderka]
Latest version from https://github.com/enisaeu/Reference-Security-Incident-Taxonomy-Task-Force/blob/master/working_copy/machinev1
* Merge pull request #201 from CyCat-project/main. [Alexandre Dulaunoy]
Updates from Freddy
* Update machinetag.json. [Freddy Dezeure]
* Update machinetag.json. [Freddy Dezeure]
* Merge pull request #200 from CyCat-project/main. [Alexandre Dulaunoy]
Policy added
* Policy added. [Alexandre Dulaunoy]
* Merge pull request #198 from CyCat-project/main. [Alexandre Dulaunoy]
Better wording
* Better wording. [Saad Kadhi]
* Merge pull request #196 from CyCat-project/main. [Alexandre Dulaunoy]
Updates
* Update machinetag.json. [Freddy Dezeure]
* Update machinetag.json. [Freddy Dezeure]
* Merge branch 'master' of github.com:MISP/misp-taxonomies into main. [Alexandre Dulaunoy]
* Merge pull request #195 from Vasileios-Mavroeidis/patch-1. [Alexandre Dulaunoy]
Update machinetag.json
* Update machinetag.json. [Vasileios Mavroeidis]
Updated Taxonomy for Sectors and Digital Services based on the EU NIS Directive. https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016L1148&from=EN#ntr17-L_2016194EN.01000101-E0017
Removed entity types that have been misclassified as sub-sectors. If we wanted to include entity types we should have done the same for all subsectors and not selectively for the sectors that do not define subsectors. If this is something that we desire, instead of removing what I have suggested we need to include all the ones that haven't initially.
Second, the digital service providers in the NIS Directive should not be classified as sectors but as digital services. Normally this would require a new taxonomy of three entities only. I can go both ways.
* Merge branch 'paulingega-sa-main' into main. [Alexandre Dulaunoy]
Suggestion for another phishing attack related directors and executive employees, usually named also as Ceo Spoofing attack.
* Merge pull request #185 from stricaud/trust. [Alexandre Dulaunoy]
Trust
* After running the ./jq_all_the_things.sh. [Sebastien Tricaud]
* Wrap all values under the value array. [Sebastien Tricaud]
* Merge pull request #184 from stricaud/trust. [Alexandre Dulaunoy]
Adding the Trust Taxonomy
* Adding the expanded description. [Sebastien Tricaud]
* Adding trust to the MANIFEST file. [Sebastien Tricaud]
* Changes after running the tool ./jq_all_the_things.sh. [Sebastien Tricaud]
* Adding the Trust Taxonomy. It is using the reverse approach in order to describe what is known to be good, instead of the bad stuff. [Sebastien Tricaud]
* Merge pull request #182 from cvandeplas/master. [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/yannw/misp-taxonomies into yannw-master. [Alexandre Dulaunoy]
* Update MANIFEST.json. [yannw]
* Coa taxonomie to describe aktion taken. [yannw]
* Merge pull request #166 from yannw/patch-4. [Alexandre Dulaunoy]
add "report"
* Add report. [yannw]
* Merge pull request #164 from MISP/infoleak5. [Alexandre Dulaunoy]
chg: [infoleak] Added IP address tag value
* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy]
* Merge pull request #161 from eCrimeLabs/master. [Alexandre Dulaunoy]
Course of Action
* Added Course of Action A Course Of Action analysis considers six potential courses of action for the development of a cyber security capability. [Dennis Rand]
* Added Course of Action A Course Of Action analysis considers six potential courses of action for the development of a cyber security capability. [Dennis Rand]
* Typo. [Sami Mokaddem]
* Merge pull request #158 from gallypette/master. [Alexandre Dulaunoy]
chg: [phishing] add principles of persuasions
* Merge pull request #156 from Vincent-CIRCL/master. [Alexandre Dulaunoy]
add: [tags] crypto, contreband, etc.
* Add: [tags] crypto, contreband, etc. [Vincent-CIRCL]
* <GEA-Directory> [root]
* <GEA-Directory> [root]
* <test Activities> [root]
* <GEA-Activities> [root]
* <GEA-Activities> [root]
* <Gea-NZ 3folders> [root]
* <Modification GEA-NZ> [root]
* <Pretesting> [root]
* Progress on IoT taxonomy - add description. [Deborah Servili]
* Common Taxonomy for LE and CSIRTs (Cybercrime) [Alvaro]
The Common Taxonomy for Law Enforcement and The National Network of CSIRTs bridges the gap between the CSIRTs and international Law Enforcement communities by adding a legislative framework to facilitate the harmonisation of incident reporting to competent authorities, the development of useful statistics and sharing information within the entire cybercrime ecosystem.
* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot]
* Merge pull request #137 from DCSO/master. [Alexandre Dulaunoy]
* Merge pull request #131 from Delta-Sierra/master. [Alexandre Dulaunoy]
add cryptocurrency threat taxonomy, based on CipherTrace report
* Add cryptocurrency threat taxonomy, based on CipherTrace report. [Deborah Servili]
* Merge pull request #130 from Delta-Sierra/master. [Alexandre Dulaunoy]
fix jq_all_the_things script
* Fix jq_all_the_things script. [Deborah Servili]
* Add: [type] Taxonomy to describe different types of intelligence gathering discipline which can be described the origin of intelligence. [Alexandre Dulaunoy]
This taxonomy has been created for various reasons:
- For the past years, we have seen a recurring tag called "type:osint"
actively used by various sharing communities.
- The Intelligence Community is actively using the information
gathering classification.
So we basically merged in the type namespace which has the advantage
to keep the old free tag "type:osint" valid and get a more consistent approach
for the overall classification used in information gathering in IC.
* Merge pull request #128 from Delta-Sierra/master. [Alexandre Dulaunoy]
add new Taxonomy type -improvement still needed-
* Add new Taxonomy type -improvement still needed- [Deborah Servili]
* Add: [data-classification] Data classification for data potentially at risk of exfiltration based on table 2.1 of Solving Cyber Risk book. [Alexandre Dulaunoy]
* Merge branch 'd3sre-master' [Raphaël Vinot]
* Added use case applicability machinetag.json. [des]
* Add: [tools] a simple generator for the list of taxonomies to be included in the RFC. [Alexandre Dulaunoy]
* Merge pull request #125 from michael-hamm/master. [Alexandre Dulaunoy]
* Merge pull request #102 from Terrtia/master. [Alexandre Dulaunoy]
fix typo
* Fix typo. [Terrtia]
* Typo fixed. [Alexandre Dulaunoy]
* Add: The COPINE Scale is a rating system created in Ireland and used in the United Kingdom to categorise the severity of images of child sex abuse. [Alexandre Dulaunoy]
* Add: The COPINE Scale is a rating system created in Ireland and used in the United Kingdom to categorise the severity of images of child sex abuse. [Alexandre Dulaunoy]
* Merge pull request #101 from Terrtia/master. [Alexandre Dulaunoy]
infoleak taxonomy, add ail tags
* Infoleak taxonomy, add ail tags. [Terrtia]
* Merge pull request #100 from Delta-Sierra/master. [Alexandre Dulaunoy]
add new incident-classification tags in circl taxonomy
* Add new incident-classification tags in circl taxonomy. [Deborah Servili]
* Add: A taxonomy describing information leaks and especially information classified as being potentially leaked. [Alexandre Dulaunoy]
* List of taxonomies updated. [Alexandre Dulaunoy]
* MANIFEST file updated for fpf and gdpr taxonomy. [Alexandre Dulaunoy]
* Merge pull request #97 from circlsupportuser/master. [Alexandre Dulaunoy]
Add two taxonomies related to data protection, specifically in the scope of GDPR
* Add taxonomy to classify the degree of identifiability of personal data. [circlsupportuser]
* Add taxonomy to classify special categories of personal data as defined in the GDPR. [circlsupportuser]
* Add: Economical impact is a taxonomy to describe the financial impact as positive or negative gain to the tagged information. [Alexandre Dulaunoy]
* Version updated. [Alexandre Dulaunoy]
* Add: Expressing Confidence In Analytic Judgments. [Alexandre Dulaunoy]
* Add: Expressing Confidence In Analytic Judgments added in estimative language namespace. [Alexandre Dulaunoy]
source of the document (page 114): http://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/jp2_0.pdf
* Merge pull request #94 from Delta-Sierra/master. [Alexandre Dulaunoy]
rename workflow tag - disambiguation between create and add MISP galax…
* Rename workflow tag - disambiguation between creat and add MISP galaxy cluster. [Deborah Servili]
* Add: EU-NIS Sector and Subectors. [Alexandre Dulaunoy]
* Remove file instead of directory. [Alexandre Dulaunoy]
* Merge pull request #93 from F3N0B1/patch-1. [Alexandre Dulaunoy]
eu-nis-sector-and-subsectors
* Create eu-nis-sector-and-subsectors. [F3N0B1]
Taxonomy created that includes the sectors and sub sectors according to the NIS Directive.
Adding the sub sectors allows creation of using more detailed tags.
Content is strictly based on the directive requirements.
* Add: priority-level added in MANIFEST. [Alexandre Dulaunoy]
After an incident is scored, it is assigned a priority level. The six levels listed below are aligned with NCCIC, DHS, and the CISS to help provide a common lexicon when discussing incidents. This priority assignment drives NCCIC urgency, pre-approved incident response offerings, reporting requirements, and recommendations for leadership escalation. Generally, incident priority distribution should follow a similar pattern to the graph below. Based on https://www.us-cert.gov/NCCIC-Cyber-Incident-Scoring-System.
* Add: new priority-level taxonomy based on NCCIC Cyber Incident Scoring System. [Alexandre Dulaunoy]
* Add: add missing galaxy in the case we need a large group of classification. [Alexandre Dulaunoy]
* Cyber Threat Framework added in README. [Alexandre Dulaunoy]
* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy]
* Merge pull request #88 from yannw/patch-3. [Alexandre Dulaunoy]
Cyber Threat Framework was developed by the US Government to enable consistent characterization and categorization of cyber threat events, and to identify trends or changes in the activities of
cyber adversaries.
* Merge pull request #85 from gianninou/master. [Alexandre Dulaunoy]
add pentext taxonomy
* Add references for pentest taxonomy. [Valentin Giannini]
* Merge pull request #83 from gianninou/master. [Alexandre Dulaunoy]
Add CERT-XLM taxonomie
* Add CERT-XLM on MANIFEST.json. [Valentin Giannini]
* Update CERT-XLM json. [Valentin Giannini]
* Add missing. [Valentin Giannini]
* Add CERT-XLM taxonomie. [Valentin Giannini]
* Merge pull request #81 from droe/master. [Alexandre Dulaunoy]
Set exclusive flag on misp:automation-level predicate
* Set exclusive flag on automation-level predicate. [Daniel Roethlisberger]
* Merge pull request #80 from droe/master. [Alexandre Dulaunoy]
Add automation-level predicate to misp taxonomy
* Bumping version to 6. [Daniel Roethlisberger]
* Add automation-level to the list of predicate descriptions. [Daniel Roethlisberger]
* Rename "automatic" to "unsupervised" after review with @amuehlem. [Daniel Roethlisberger]
* Add: New predicate misp:automation-level indicating whether an event or attribute was imported into MISP in a fully automatic fashion, was reviewed by a human, or directly stems from manual analysis. [Daniel Roethlisberger]
/cc @h122015
* Add: new taxonomy added Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf. [Alexandre Dulaunoy]
* Merge pull request #79 from michael-hamm/master. [Alexandre Dulaunoy]
Honeypot basic taxonomy
* Replace underscore with dash. [Michael Hamm]
* Role in Multi-tier Architecture added. [Michael Hamm]
* Communication-interface added. [Michael Hamm]
* Distribution Appearance added. [Michael Hamm]
* Containment added. [Michael Hamm]
* Data Capture added. [Michael Hamm]
* Honeypot basic taxonomy. [Michael Hamm]
* Fixed. [Alexandre Dulaunoy]
* New taxonomy runtime-packer added. [Alexandre Dulaunoy]
Runtime or software packer used to combine compressed data with the decompression code. The decompression code can add additional obfuscations mechanisms including polymorphic-packer or other o
bfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.
* Add: Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information. [Alexandre Dulaunoy]
* Add: numerical value is now displayed in the documentation. [Alexandre Dulaunoy]
* Osint version updated. [Alexandre Dulaunoy]
* Add: exclusive property added to express exclusivity at predicate or value level. [Alexandre Dulaunoy]
Exclusive property allows to express if a predicate or a value is exclusive.
The exclusive property applies at namespace level (if the predicate is exclusive) or
at predicate level is the value is exclusive.
TLP and fr-classif updated with exclusive property.
The exclusive property can be used by the software (e.g. MISP) to warn users
if (s)he tries to add multiple tags on the same element (attribute, event...).
It's up to the configuration of the software to enforce it or not.
By default, tags are not exclusive.
* Cannot type Today. [Alexandre Dulaunoy]
* Numerical values added to admiralty scale based on feedback. [Alexandre Dulaunoy]
* Update: OSINT now includes a "presentation" type source. [Alexandre Dulaunoy]
* Ais-marking added to manifest. [Alexandre Dulaunoy]
* AIS marking based on The AIS Marking Schema implementation is maintained by the National Cybersecurity and Communication Integration Center (NCCIC) of the U.S. Department of Homeland Security (DHS). [Alexandre Dulaunoy]
* Merge pull request #76 from Delta-Sierra/master. [Alexandre Dulaunoy]
update mapping
* Update mapping. [Deborah Servili]
* Description added at predicate level too. [Alexandre Dulaunoy]
* Add: description is now added in the asciidoc output for the values. [Alexandre Dulaunoy]
* Merge pull request #75 from michael-hamm/master. [Alexandre Dulaunoy]
eCSIRT taxonomy updated to fully support version mkVI of 31 March 201…
* ECSIRT taxonomy updated to fully support version mkVI of 31 March 2015 and still support IntelMQ taxonomy-type mapping. [Michael Hamm]
* Add: mapping of taxonomy added in the asciidoc output. [Alexandre Dulaunoy]
* Added: numerical value (approximation) added to estimative language namespace. [Alexandre Dulaunoy]
* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy]
* Properly fix manifest. [Raphaël Vinot]
* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot]
* Remove duplicate. [Raphaël Vinot]
* Add schema for mapping. [Raphaël Vinot]
* Added: Collaborative intelligence support language is a common language to support analysts to perform their analysis to get crowdsourced support when using threat intelligence sharing platform like MISP. The objective of this language is to advance collaborative analysis and to share earlier than later. [Alexandre Dulaunoy]
* Change the path of the default asciidoctor-pdf. [Alexandre Dulaunoy]
* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy]
* Fix #67 - typo in the description of Culture-oriented organisation. [Alexandre Dulaunoy]
* Merge pull request #68 from Delta-Sierra/master. [Alexandre Dulaunoy]
add action-taken taxonomy
* Mapping tlp. [Deborah Servili]
* Jq. [Deborah Servili]
* Add action-taken taxonomy. [Deborah Servili]
* Documentation links added. [Alexandre Dulaunoy]
* MinItem for the array. [Alexandre Dulaunoy]
* Type added to only allow tagging on users or organisations. [Alexandre Dulaunoy]
* Schema updated to include the type - https://github.com/MISP/MISP/issues/2159. [Alexandre Dulaunoy]
By default all taxonomies are applicable to events and attributes. But
new features will be introduced to support specific tagging for
users or organisations.
For more information: https://github.com/MISP/MISP/issues/2159
* New type added - user and org only. [Alexandre Dulaunoy]
* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy]
* Merge pull request #63 from gallypette/master. [Alexandre Dulaunoy]
New items to analyst assessment, removal of analysis-related items
* Adds experience related to web application security. [gallypette]
* Adds experience related to crypto. [gallypette]
* Adds OS, and web-related items. [gallypette]
* Removes parts that belong to the analysis, adds predicates relating to reversing. [gallypette]
* New taxonomy event-assessment - series of assessment predicates describing the event assessment performed to make judgement(s) under a certain level of uncertainty. [Alexandre Dulaunoy]
* New taxonomy to describe Tor network infrastructure added. [Alexandre Dulaunoy]
* Fix the asciidoctor admonition reference to have a proper output. [Alexandre Dulaunoy]
* Machinetag list is now sorted by default. [Alexandre Dulaunoy]
* A first version of A series of assessment predicates describing the analyst capabilities to perform analysis or making judgments under a certain level of uncertainty. These assessment can be assigned by the analyst him/herself or by another party evaluating the analyst or the analysis. [Alexandre Dulaunoy]
This is based on various documents but especially those two documents:
- Psychology of Intelligence Analysis (Richards J. Heuer, Jr.)
- Judgment under Uncertainty: Heuristics and Biases (Amos Tversky; Daniel Kahneman)
The challenge when doing such taxonomy is to describes a human process
into a machine-readable taxonomy. So feedback (via PR or issues)
is more than welcome.
* Merge pull request #61 from FloatingGhost/master. [Alexandre Dulaunoy]
Basic binary taxonomy
* Vocabulaire des probabilités estimatives added to index. [Alexandre Dulaunoy]
* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy]
* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot]
* Make pep8 happy. [Raphaël Vinot]
* Vocabulaire des probabilités estimatives added based on the document from "Service canadien de renseignements criminels". [Alexandre Dulaunoy]
* Typo corrected. [Andras Iklody]
* A first taxonomy covering DDoS attack. [Alexandre Dulaunoy]
* Merge pull request #60 from MISP/access. [Raphaël Vinot]
[WIP] Add assessnow taxonomy
* Add assessnow taxonomy. [Raphaël Vinot]
* Clean-up. [Alexandre Dulaunoy]
* Proposal for blocking module expansion. [Alexandre Dulaunoy]
* TLP updated according to FIRST SIG about TLP. [Alexandre Dulaunoy]
For more info: https://www.first.org/tlp
* Merge pull request #31 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Botnet to malware_classification:malware-category
* Add Botnet to malware_classification:malware-category. [Raphaël Vinot]
* Galaxy mapping removed - moved to the galaxy repo. [Alexandre Dulaunoy]
* Galaxy moved to galaxy repo. [Alexandre Dulaunoy]
* URLs to galaxy, clusters and elements fixed. [Alexandre Dulaunoy]
* Simplify the mapping. [Alexandre Dulaunoy]
KISS KISS KISS principle
* Reserved taxonomy added. [Alexandre Dulaunoy]
* First idea of mapping the MISP galaxy with taxonomies. [Alexandre Dulaunoy]
* IEP added. [Alexandre Dulaunoy]
* Domain Name Abuse. [Michael Hausding]
Taxonomy to tag domain names used for cybercrime.
Use europol-incident to tag abuse-activity.
TF-CSIRT hackathon Zurich:
sykaeh
mausding
* PAP added. [Alexandre Dulaunoy]
* PAP added to the Manifest file. [Alexandre Dulaunoy]
* PAP to pap for the file directory. [Alexandre Dulaunoy]
* Colour values added to PAP. [Alexandre Dulaunoy]
* Merge pull request #28 from jenter8/master. [Alexandre Dulaunoy]
Permissible Actions Protocol ("PAP")
* Add files via upload. [jenter8]
* Add files via upload. [jenter8]
* Add test with PyTaxonomies. [Raphaël Vinot]
* Update version. [Raphaël Vinot]
* Fix manifest. [Raphaël Vinot]
* Directory names fixed. [Alexandre Dulaunoy]
* Left off the new MANIFEST.json. [Iglocska]
* Added versions to manifest and some directory name changes. [Iglocska]
- made some changes to the directory names to reflect the actual namespace
- added version numbers in MANIFEST.json
* First version of the root MANIFEST file for the MISP taxonomies. [Alexandre Dulaunoy]
The objective is to generate all the public indexes of MISP taxonomies
from that MANIFEST file including the ones from the MISP website,
taxonomies and documentation. The file can be also used for automatic
updates of taxonomies from MISP or any other application.
Note for taxonomy maintainer, don't forget to PR for the MANIFEST
update.
To be included in the MANIFEST are the external references too (as
a ref array in each taxonomy).
* Open Threat Taxonomy added. [Alexandre Dulaunoy]
* Merge pull request #27 from SDOIR/master. [Raphaël Vinot]
Add Open Threat Taxonomy
* Add Open Threat Taxonomy. [SDOIR]
* Merge pull request #26 from 2xyo/information-security-indicators. [Alexandre Dulaunoy]
Add the Information Security Indicators taxonomy
* Add the Information Security Indicators taxonomy. [Yohann Lepage]
* Merge pull request #25 from SDOIR/master. [Alexandre Dulaunoy]
Microsoft's Computer Antivirus Research Organization (CARO) implement…
* Microsoft's Computer Antivirus Research Organization (CARO) implementation including malware families. This taxonomy is large and and difficult to work with without a search feature. Instead, use ms-caro-malware. [SDOIR]
* Microsoft malware classification added. [Alexandre Dulaunoy]