taxonomies updated

pull/3/head
Alexandre Dulaunoy 2018-01-03 14:08:41 +01:00
parent b95cdef253
commit 671a0d7283
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 41927 additions and 40567 deletions

View File

@ -467,6 +467,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_europol_incident">europol-incident</a></li>
<li><a href="#_event_assessment">event-assessment</a></li>
<li><a href="#_fr_classif">fr-classif</a></li>
<li><a href="#_honeypot_basic">honeypot-basic</a></li>
<li><a href="#_iep">iep</a></li>
<li><a href="#_information_security_indicators">information-security-indicators</a></li>
<li><a href="#_kill_chain">kill-chain</a></li>
@ -6679,6 +6680,212 @@ Exclusive flag set which means the values or predicate below must be set exclusi
</div>
</div>
<div class="sect1">
<h2 id="_honeypot_basic">honeypot-basic</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
honeypot-basic namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/honeypot-basic/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="sect2">
<h3 id="_interaction_level">interaction-level</h3>
<div class="paragraph">
<p>Describes whether the exposed functionality of a honeypot is limited in some way, which is usually the case for honeypots that simulate services.</p>
</div>
<div class="sect3">
<h4 id="_honeypot_basic_interaction_level_high">honeypot-basic:interaction-level="high"</h4>
<div class="paragraph">
<p>High Interaction Level</p>
</div>
<div class="paragraph">
<p>Exposed functionality of the honeypot is not limited.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basic_interaction_level_low">honeypot-basic:interaction-level="low"</h4>
<div class="paragraph">
<p>low Interaction Level</p>
</div>
<div class="paragraph">
<p>Exposed functionality being limited. For example, a simulated SSH server of a honeypot is not able to authenticate against a valid login/password combination</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_data_capture">data-capture</h3>
<div class="paragraph">
<p>Describes the type of data a honeypot is able to capture</p>
</div>
<div class="sect3">
<h4 id="_honeypot_basic_data_capture_events">honeypot-basic:data-capture="events"</h4>
<div class="paragraph">
<p>Events</p>
</div>
<div class="paragraph">
<p>The honeypot collects data about something that has happened or took place, a change in state.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basic_data_capture_attacks">honeypot-basic:data-capture="attacks"</h4>
<div class="paragraph">
<p>Attacks</p>
</div>
<div class="paragraph">
<p>The honeypot collects malicious activity.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basic_data_capture_intrusions">honeypot-basic:data-capture="intrusions"</h4>
<div class="paragraph">
<p>Intrusions</p>
</div>
<div class="paragraph">
<p>The honeypot collects malicious activity that leads to a security failure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basic_data_capture_none">honeypot-basic:data-capture="none"</h4>
<div class="paragraph">
<p>None</p>
</div>
<div class="paragraph">
<p>The honeypot does not collect events, attacks, or intrusions.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_containment">containment</h3>
<div class="paragraph">
<p>Classifies the measures a honeypot takes to defend against malicious activity spreading from itself.</p>
</div>
<div class="sect3">
<h4 id="_honeypot_basic_containment_block">honeypot-basic:containment="block"</h4>
<div class="paragraph">
<p>Block</p>
</div>
<div class="paragraph">
<p>Attackers actions are identified and blocked. The attack never reaches the target.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basic_containment_defuse">honeypot-basic:containment="defuse"</h4>
<div class="paragraph">
<p>Defuse</p>
</div>
<div class="paragraph">
<p>The attack reaches the target, but is manipulated in a way that it fails against the target.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basic_containment_slow_down">honeypot-basic:containment="slow-down"</h4>
<div class="paragraph">
<p>Slow Down</p>
</div>
<div class="paragraph">
<p>Attacker is slowed down in his actions of spreading malicious activity.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basic_containment_none">honeypot-basic:containment="none"</h4>
<div class="paragraph">
<p>None</p>
</div>
<div class="paragraph">
<p>No action is taken to limit the intruders spread of malicious activity against other systems.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_distribution_appearance">distribution-appearance</h3>
<div class="paragraph">
<p>Describes whether the honeypot system appears to be confined to one system or multiple systems.</p>
</div>
<div class="sect3">
<h4 id="_honeypot_basic_distribution_appearance_distributed">honeypot-basic:distribution-appearance="distributed"</h4>
<div class="paragraph">
<p>Distributed</p>
</div>
<div class="paragraph">
<p>The honeypot is or appears to be composed of multiple systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basic_distribution_appearance_stand_alone">honeypot-basic:distribution-appearance="stand-alone"</h4>
<div class="paragraph">
<p>Stand-Alone</p>
</div>
<div class="paragraph">
<p>The honeypot is or appears to be one system.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_communication_interface">communication-interface</h3>
<div class="paragraph">
<p>Describes the interfaces one can use to interact directly with the honeypot.</p>
</div>
<div class="sect3">
<h4 id="_honeypot_basic_communication_interface_network_interface">honeypot-basic:communication-interface="network-interface"</h4>
<div class="paragraph">
<p>Network Interface</p>
</div>
<div class="paragraph">
<p>The honeypot can be directly communicated with via a network interface.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basic_communication_interface_hardware_interface">honeypot-basic:communication-interface="hardware-interface"</h4>
<div class="paragraph">
<p>Non-Network Hardware Interface</p>
</div>
<div class="paragraph">
<p>Examples: Printer port, CDROM drives, USB connections.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basic_communication_interface_software_api">honeypot-basic:communication-interface="software-api"</h4>
<div class="paragraph">
<p>Software API</p>
</div>
<div class="paragraph">
<p>The honeypot can be interacted with via a software API.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_role">role</h3>
<div class="paragraph">
<p>Describes in what role the honeypot acts within a multi-tier architecture.</p>
</div>
<div class="sect3">
<h4 id="_honeypot_basic_role_server">honeypot-basic:role="server"</h4>
<div class="paragraph">
<p>Server</p>
</div>
<div class="paragraph">
<p>The honeypot is passively awaiting requests from clients.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basic_role_client">honeypot-basic:role="client"</h4>
<div class="paragraph">
<p>Client</p>
</div>
<div class="paragraph">
<p>The honeypot is actively initiating requests to servers.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_iep">iep</h2>
<div class="sectionbody">
<div class="admonitionblock note">
@ -20766,7 +20973,7 @@ workflow namespace available in JSON format at <a href="https://github.com/MISP/
</div>
<div id="footer">
<div id="footer-text">
Last updated 2017-12-28 19:46:43 CET
Last updated 2018-01-03 14:06:46 CET
</div>
</div>
</body>

File diff suppressed because it is too large Load Diff