diff --git a/taxonomies.html b/taxonomies.html index aca6ab2..108d3fd 100755 --- a/taxonomies.html +++ b/taxonomies.html @@ -467,6 +467,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
+ + | ++honeypot-basic namespace available in JSON format at this location. The JSON format can be freely reused in your application or automatically enabled in MISP taxonomy. + | +
Describes whether the exposed functionality of a honeypot is limited in some way, which is usually the case for honeypots that simulate services.
+High Interaction Level
+Exposed functionality of the honeypot is not limited.
+low Interaction Level
+Exposed functionality being limited. For example, a simulated SSH server of a honeypot is not able to authenticate against a valid login/password combination
+Describes the type of data a honeypot is able to capture
+Events
+The honeypot collects data about something that has happened or took place, a change in state.
+Attacks
+The honeypot collects malicious activity.
+Intrusions
+The honeypot collects malicious activity that leads to a security failure.
+None
+The honeypot does not collect events, attacks, or intrusions.
+Classifies the measures a honeypot takes to defend against malicious activity spreading from itself.
+Block
+Attacker’s actions are identified and blocked. The attack never reaches the target.
+Defuse
+The attack reaches the target, but is manipulated in a way that it fails against the target.
+Slow Down
+Attacker is slowed down in his actions of spreading malicious activity.
+None
+No action is taken to limit the intruder’s spread of malicious activity against other systems.
+Describes whether the honeypot system appears to be confined to one system or multiple systems.
+Distributed
+The honeypot is or appears to be composed of multiple systems.
+Stand-Alone
+The honeypot is or appears to be one system.
+Describes the interfaces one can use to interact directly with the honeypot.
+Network Interface
+The honeypot can be directly communicated with via a network interface.
+Non-Network Hardware Interface
+Examples: Printer port, CDROM drives, USB connections.
+Software API
+The honeypot can be interacted with via a software API.
+Describes in what role the honeypot acts within a multi-tier architecture.
+Server
+The honeypot is passively awaiting requests from clients.
+Client
+The honeypot is actively initiating requests to servers.
+