MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [taxo/objects] updated to the latest version

pull/15/head
Alexandre Dulaunoy 2019-09-20 13:34:42 +02:00
parent ed0d3e83e9
commit 725e012bb4
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
4 changed files with 129100 additions and 118521 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

474
objects.html
View File

@ -472,6 +472,8 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_cap_info">cap-info</a></li>
<li><a href="#_cap_resource">cap-resource</a></li>
<li><a href="#_coin_address">coin-address</a></li>
<li><a href="#_command">command</a></li>
<li><a href="#_command_line">command-line</a></li>
<li><a href="#_cookie">cookie</a></li>
<li><a href="#_cortex">cortex</a></li>
<li><a href="#_cortex_taxonomy">cortex-taxonomy</a></li>
@ -499,6 +501,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_http_request">http-request</a></li>
<li><a href="#_ilr_impact">ilr-impact</a></li>
<li><a href="#_ilr_notification_incident">ilr-notification-incident</a></li>
<li><a href="#_impersonation">impersonation</a></li>
<li><a href="#_imsi_catcher">imsi-catcher</a></li>
<li><a href="#_internal_reference">internal-reference</a></li>
<li><a href="#_interpol_notice">interpol-notice</a></li>
@ -580,6 +583,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_tor_node">tor-node</a></li>
<li><a href="#_tracking_id">tracking-id</a></li>
<li><a href="#_transaction">transaction</a></li>
<li><a href="#_translation">translation</a></li>
<li><a href="#_url">url</a></li>
<li><a href="#_user_account">user-account</a></li>
<li><a href="#_vehicle">vehicle</a></li>
@ -4077,6 +4081,151 @@ coin-address is a MISP object available in JSON format at <a href="https://githu
</div>
</div>
<div class="sect1">
<h2 id="_command"><a class="anchor" href="#_command"></a><a class="link" href="#_command">command</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Command functionalities related to specific commands executed by a program, whether it is malicious or not. Command-line are attached to this object for the related commands.</p>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
command is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/command/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
</td>
</tr>
</table>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Object attribute</th>
<th class="tableblock halign-left valign-top">MISP attribute type</th>
<th class="tableblock halign-left valign-top">Description</th>
<th class="tableblock halign-left valign-top">Disable correlation</th>
<th class="tableblock halign-left valign-top">Multiple</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">location</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Location of the command functionality ['Bundled', 'Module', 'Libraries', 'Unknown']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">trigger</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>How the commands are triggered ['Local', 'Network', 'Unknown']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">description</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Description of the command functionalities</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="_command_line"><a class="anchor" href="#_command_line"></a><a class="link" href="#_command_line">command-line</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Command line and options related to a specific command executed by a program, whether it is malicious or not.</p>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
command-line is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/command-line/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
</td>
</tr>
</table>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Object attribute</th>
<th class="tableblock halign-left valign-top">MISP attribute type</th>
<th class="tableblock halign-left valign-top">Description</th>
<th class="tableblock halign-left valign-top">Disable correlation</th>
<th class="tableblock halign-left valign-top">Multiple</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">value</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>command code</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">description</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>description of the command</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="_cookie"><a class="anchor" href="#_cookie"></a><a class="link" href="#_cookie">cookie</a></h2>
<div class="sectionbody">
<div class="paragraph">
@ -4917,7 +5066,7 @@ credential is a MISP object available in JSON format at <a href="https://github.
<p>Type of password(s) ['password', 'api-key', 'encryption-key', 'unknown']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
@ -4930,7 +5079,7 @@ credential is a MISP object available in JSON format at <a href="https://github.
<p>Origin of the credential(s) ['bruteforce-scanning', 'malware-analysis', 'memory-analysis', 'network-analysis', 'leak', 'unknown']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
@ -4943,7 +5092,7 @@ credential is a MISP object available in JSON format at <a href="https://github.
<p>Format of the password(s) ['clear-text', 'hashed', 'encrypted', 'unknown']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
@ -4956,7 +5105,7 @@ credential is a MISP object available in JSON format at <a href="https://github.
<p>Mention of any notification(s) towards the potential owner(s) of the credential(s) ['victim-notified', 'service-notified', 'none']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
@ -8693,6 +8842,150 @@ ilr-notification-incident is a MISP object available in JSON format at <a href="
</div>
</div>
<div class="sect1">
<h2 id="_impersonation"><a class="anchor" href="#_impersonation"></a><a class="link" href="#_impersonation">impersonation</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Represent an impersonating account.</p>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
impersonation is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/impersonation/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
</td>
</tr>
</table>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Object attribute</th>
<th class="tableblock halign-left valign-top">MISP attribute type</th>
<th class="tableblock halign-left valign-top">Description</th>
<th class="tableblock halign-left valign-top">Disable correlation</th>
<th class="tableblock halign-left valign-top">Multiple</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">type-of-account</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Type of the impersonated account ['Twitter', 'Facebook', 'LinkedIn', 'Reddit', 'Google+', 'Instagram', 'Forum', 'Other']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">account-url</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>url of the impersonating account</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">account-name</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Name of the impersonating account</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">impersonated-account-url</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">link</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>url of the impersonated account</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">impersonated-account-name</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Name of the impersonated account</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">real-name</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Real name of the impersonated person or entity</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">type</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Type of the account ['Person', 'Association', 'Enterprise', 'Other']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">objective</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Objective of the impersonation ['Information stealing', 'Disinformation', 'Distrusting', 'Advertising', 'Parody', 'Other']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="_imsi_catcher"><a class="anchor" href="#_imsi_catcher"></a><a class="link" href="#_imsi_catcher">imsi-catcher</a></h2>
<div class="sectionbody">
<div class="paragraph">
@ -11254,7 +11547,20 @@ microblog is a MISP object available in JSON format at <a href="https://github.c
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Original URL location of the microblog post</p>
<p>Original URL location of the microblog post (potentially malicious)</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">link</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">link</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Original link into the microblog post (Supposed harmless)</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
@ -11329,7 +11635,7 @@ microblog is a MISP object available in JSON format at <a href="https://github.c
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">link</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">embedded-link</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">url</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Link into the microblog post</p>
@ -11367,6 +11673,19 @@ microblog is a MISP object available in JSON format at <a href="https://github.c
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">hashtag</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Hashtag into the microblog post</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
</tr>
</tbody>
</table>
</div>
@ -14440,7 +14759,7 @@ process is a MISP object available in JSON format at <a href="https://github.com
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">guid</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">uuid</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>The globally unique identifier of the assigned by the vendor product</p>
</div></div></td>
@ -14466,7 +14785,7 @@ process is a MISP object available in JSON format at <a href="https://github.com
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">parent-guid</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">uuid</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>The globally unique idenifier of the parent process assigned by the vendor product</p>
</div></div></td>
@ -14492,7 +14811,7 @@ process is a MISP object available in JSON format at <a href="https://github.com
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">src-port</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">port</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Port(s) owned by the process</p>
</div></div></td>
@ -21440,7 +21759,7 @@ timesketch-timeline is a MISP object available in JSON format at <a href="https:
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">timestamp</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">timestamp-microsec</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>When the log entry was seen in microseconds since Unix epoch</p>
</div></div></td>
@ -22281,6 +22600,124 @@ transaction is a MISP object available in JSON format at <a href="https://github
</div>
</div>
<div class="sect1">
<h2 id="_translation"><a class="anchor" href="#_translation"></a><a class="link" href="#_translation">translation</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Used to keep a text and its translation.</p>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
translation is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/master/objects/translation/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
</td>
</tr>
</table>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Object attribute</th>
<th class="tableblock halign-left valign-top">MISP attribute type</th>
<th class="tableblock halign-left valign-top">Description</th>
<th class="tableblock halign-left valign-top">Disable correlation</th>
<th class="tableblock halign-left valign-top">Multiple</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">original-text</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Original text</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">translated-text</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Text after translation</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">original-language</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Language of the original text ['Mandarin (language family)', 'Spanish', 'English', 'Hindi', 'Bengali', 'Portuguese', 'Russian', 'Japanese', 'Western Punjabi', 'Marathi', 'Telugu', 'Wu (language family)', 'Turkish', 'Korean', 'French', 'German', 'Vietnamese', 'Tamil', 'Yue (language family)', 'Urdu', 'Javanese', 'Italian', 'Egyptian Arabic', 'Gujarati', 'Iranian Persian', 'Bhojpuri', 'Min Nan (language family)', 'Hakka', 'Jinyu', 'Hausa', 'Kannada', 'Indonesian (Indonesian Malay)', 'Polish', 'Yoruba', 'Xiang Chinese (language family)', 'Malayalam', 'Odia', 'Maithili', 'Burmese', 'Eastern Punjabi', 'Sunda', 'Sudanese Arabic', 'Algerian Arabic', 'Moroccan Arabic', 'Ukrainian', 'Igbo', 'Northern Uzbek', 'Sindhi', 'North Levantine Arabic', 'Romanian', 'Tagalog', 'Dutch', 'Saʽidi Arabic', 'Gan', 'Amharic', 'Northern Pashto', 'Magahi', 'Thai', 'Saraiki', 'Khmer', 'Chhattisgarhi', 'Somali', 'Malay (Malaysian Malay)', 'Cebuano', 'Nepali', 'Mesopotamian Arabic', 'Assamese', 'Sinhala', 'Northern Kurdish', 'Hejazi Arabic', 'Nigerian Fulfulde', 'South Azerbaijani', 'Greek', 'Chittagonian', 'Kazakh', 'Deccan', 'Hungarian', 'Kinyarwanda', 'Zulu', 'South Levantine Arabic', 'Tunisian Arabic', 'Sanaani Spoken Arabic', 'Min Bei Chinese (language family)', 'Southern Pashto', 'Rundi', 'Czech', 'Taʽizzi-Adeni Arabic', 'Uyghur', 'Min Dong Chinese (language family)', 'Sylheti ']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">translation-language</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Language of translation ['Mandarin (language family)', 'Spanish', 'English', 'Hindi', 'Bengali', 'Portuguese', 'Russian', 'Japanese', 'Western Punjabi', 'Marathi', 'Telugu', 'Wu (language family)', 'Turkish', 'Korean', 'French', 'German', 'Vietnamese', 'Tamil', 'Yue (language family)', 'Urdu', 'Javanese', 'Italian', 'Egyptian Arabic', 'Gujarati', 'Iranian Persian', 'Bhojpuri', 'Min Nan (language family)', 'Hakka', 'Jinyu', 'Hausa', 'Kannada', 'Indonesian (Indonesian Malay)', 'Polish', 'Yoruba', 'Xiang Chinese (language family)', 'Malayalam', 'Odia', 'Maithili', 'Burmese', 'Eastern Punjabi', 'Sunda', 'Sudanese Arabic', 'Algerian Arabic', 'Moroccan Arabic', 'Ukrainian', 'Igbo', 'Northern Uzbek', 'Sindhi', 'North Levantine Arabic', 'Romanian', 'Tagalog', 'Dutch', 'Saʽidi Arabic', 'Gan', 'Amharic', 'Northern Pashto', 'Magahi', 'Thai', 'Saraiki', 'Khmer', 'Chhattisgarhi', 'Somali', 'Malay (Malaysian Malay)', 'Cebuano', 'Nepali', 'Mesopotamian Arabic', 'Assamese', 'Sinhala', 'Northern Kurdish', 'Hejazi Arabic', 'Nigerian Fulfulde', 'South Azerbaijani', 'Greek', 'Chittagonian', 'Kazakh', 'Deccan', 'Hungarian', 'Kinyarwanda', 'Zulu', 'South Levantine Arabic', 'Tunisian Arabic', 'Sanaani Spoken Arabic', 'Min Bei Chinese (language family)', 'Southern Pashto', 'Rundi', 'Czech', 'Taʽizzi-Adeni Arabic', 'Uyghur', 'Min Dong Chinese (language family)', 'Sylheti ']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">translation-service</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>translation service used for the translation ['Google Translate', 'Microsoft Translator', 'Babelfish', 'Reverso', 'Dict.cc', 'Linguee', 'unknown']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">translation-type</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>type of translation ['Automated translation', 'Manual translation']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="_url"><a class="anchor" href="#_url"></a><a class="link" href="#_url">url</a></h2>
<div class="sectionbody">
<div class="paragraph">
@ -24467,6 +24904,11 @@ yara is a MISP object available in JSON format at <a href="https://github.com/MI
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">is-author-of</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes an object being author by someone.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">located</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">This relationship describes the location (of any type) of a specific object.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
@ -24967,6 +25409,16 @@ yara is a MISP object available in JSON format at <a href="https://github.com/MI
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">injects-into</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Represents an object injecting something into something</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">injected-into</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Represents an object which is injected something into something</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp']</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">creates</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Represents an object that creates something.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">['misp', 'haxpak']</p></td>
@ -24983,7 +25435,7 @@ yara is a MISP object available in JSON format at <a href="https://github.com/MI
</div>
<div id="footer">
<div id="footer-text">
Last updated 2019-08-02 10:01:54 +0200
Last updated 2019-09-20 13:14:33 +0200
</div>
</div>
</body>

65928
objects.pdf
View File

File diff suppressed because it is too large Load Diff

766
taxonomies.html
View File

@ -14929,189 +14929,374 @@ ics namespace available in JSON format at <a href="https://github.com/MISP/misp-
<p>FIRST.ORG CTI SIG - MISP Proposal for ICS/OT Threat Attribution (IOC) Project</p>
</div>
<div class="sect2">
<h3 id="_ot_components_category">ot-components-category</h3>
<h3 id="_ot_security_issues">ot-security-issues</h3>
<div class="sect3">
<h4 id="_icsot_components_categoryprogrammable_logic_controller">ics:ot-components-category="programmable-logic-controller"</h4>
<h4 id="_icsot_security_issuesmessage_authentication">ics:ot-security-issues="Message Authentication"</h4>
<div class="paragraph">
<p>Programmable Logic Controller (PLC)</p>
<p>Message Authentication</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Computing device with user-programmable memory to storing instructions to operate a physical process.\n\n 2.Various PLC types for different processses</p>
</li>
</ol>
<div class="paragraph">
<p>Auth in used protocols is attacked and falsification command can be sent</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_components_categoryremote_terminal_unit">ics:ot-components-category="remote-terminal-unit"</h4>
<h4 id="_icsot_security_issuesmessage_integrity_checking">ics:ot-security-issues="Message Integrity Checking"</h4>
<div class="paragraph">
<p>Remote Terminal Unit (RTU)</p>
<p>Message Integrity Checking</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Data aquisitionand control unit designedto support field sites and remote stations.\n\n2. Wired and wireless communication capabilities.\n\n3. No stored program logic.</p>
</li>
</ol>
<div class="paragraph">
<p>Message poart of the sent protocol is maliciously tampered</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_components_categoryhuman_machine_interface">ics:ot-components-category="human-machine-interface"</h4>
<h4 id="_icsot_security_issuesmessage_encryption">ics:ot-security-issues="Message Encryption"</h4>
<div class="paragraph">
<p>Human-Machine Interface (HMI)</p>
<p>Message Encryption</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Hardware/software that operators used to interact with control system.\n\n2. From physical control panels to a complete computer systems</p>
</li>
</ol>
<div class="paragraph">
<p>Self explanatory, i.e. Weak encryption is attacked</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_components_categorysensors">ics:ot-components-category="sensors"</h4>
<h4 id="_icsot_security_issuescommand_injection">ics:ot-security-issues="Command Injection"</h4>
<div class="paragraph">
<p>Sensors</p>
<p>Command Injection</p>
</div>
<div class="paragraph">
<p>Pressure, Temperature, Flow, Voltage, Optical, Proximity</p>
<p>Either Remote Command Injection or Local. On local can be timer triggered under tampered firmware</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_components_categoryactuators">ics:ot-components-category="actuators"</h4>
<h4 id="_icsot_security_issuesreplay_attack">ics:ot-security-issues="Replay Attack"</h4>
<div class="paragraph">
<p>Actuators</p>
<p>Replay Attack</p>
</div>
<div class="paragraph">
<p>Variable Frequency Drive, Servo Drive, Valve, Circuit Breaker</p>
<p>Self explanatory</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_components_categorycommunications">ics:ot-components-category="communications"</h4>
<h4 id="_icsot_security_issuesman_in_the_middle_mitm_attack">ics:ot-security-issues="Man in the middle (MITM) Attack"</h4>
<div class="paragraph">
<p>Communications</p>
<p>Man in the middle (MITM) Attack</p>
</div>
<div class="paragraph">
<p>Modems, Routers, Serial - Ethernet Converters, Swtiches</p>
<p>Self explanatory</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_components_categorysupervisory_level_devices">ics:ot-components-category="supervisory-level-devices"</h4>
<h4 id="_icsot_security_issuesundocumented_instructions">ics:ot-security-issues="Undocumented instructions"</h4>
<div class="paragraph">
<p>Supervisory Level Devices</p>
<p>Undocumented instructions</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Control Server (Supervisory systems that hosts control software to manage lower level control devices like PLC).\n\n2. Data Historian (Centralized database for information about process, control activity and status record).\n\n3. Engineering workstations (Creating and revising control systems anbd programs, incl. project files).</p>
</li>
</ol>
<div class="paragraph">
<p>Vendor&#8217;s left several instruction used for development or trouble shooting that is finally leaked and used to performed malicious activities on the devices.</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_security_issuesvendor_proprietary_protocols">ics:ot-security-issues="Vendor proprietary protocols"</h4>
<div class="paragraph">
<p>Vendor proprietary protocols</p>
</div>
<div class="paragraph">
<p>Internal vendor protocols used for development or trouble shooting, that is being maliciously for an attack.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_operating_systems">ot-operating-systems</h3>
<h3 id="_ot_network_data_transmission_protocols_automatic_automobile_vehicle_aviation">ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation</h3>
<div class="sect3">
<h4 id="_icsot_operating_systemsrtos">ics:ot-operating-systems="rtos"</h4>
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationarinc_429">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="ARINC 429"</h4>
<div class="paragraph">
<p>RTOS</p>
</div>
<div class="paragraph">
<p>Please see the URL reference, there are a lot of it to be listed in here. These OS are also referred as Firmware. <a href="https://en.wikipedia.org/wiki/Comparison_of_real-time_operating_systems" class="bare">https://en.wikipedia.org/wiki/Comparison_of_real-time_operating_systems</a></p>
<p>ARINC 429</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_operating_systemslinux_embedded_base_os">ics:ot-operating-systems="linux-embedded-base-os"</h4>
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationcan_bus_arinc_825_sae_j1939_nmea_2000_fms">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="CAN bus (ARINC 825 SAE J1939 NMEA 2000 FMS)"</h4>
<div class="paragraph">
<p>Linux Embedded Base OS</p>
</div>
<div class="paragraph">
<p>Yocto\nBuildroot\nOpenWRT\nB &amp; R Linux\n Scientific Linux\nRaspbian\nAndroid</p>
<p>CAN bus (ARINC 825 SAE J1939 NMEA 2000 FMS)</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_operating_systemsbsd">ics:ot-operating-systems="bsd"</h4>
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationfactory_instrumentation_protocol">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="Factory Instrumentation Protocol"</h4>
<div class="paragraph">
<p>BSD</p>
</div>
<div class="paragraph">
<p>NetBSD (NetBSD Embedded Systems)\nFreeBSD (Modified. i.e.: Orbis OS)</p>
<p>Factory Instrumentation Protocol</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_operating_systemsmicrosoft">ics:ot-operating-systems="microsoft"</h4>
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationflexray">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="FlexRay"</h4>
<div class="paragraph">
<p>Microsoft</p>
<p>FlexRay</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationiebus">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="IEBus"</h4>
<div class="paragraph">
<p>Windows 10 IoT Enterprise\n Windows Embedded 8.1 Industry Professional\n Windows 7 Professional/Ultimate\n Windows Embedded Standard 7\n Windows Embedded Standard 2009\n Windows CE 6.0\n</p>
<p>IEBus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationj1587">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="J1587"</h4>
<div class="paragraph">
<p>J1587</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationj1708">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="J1708"</h4>
<div class="paragraph">
<p>J1708</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationkeyword_protocol_2000">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="Keyword Protocol 2000"</h4>
<div class="paragraph">
<p>Keyword Protocol 2000</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationunified_diagnostic_services">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="Unified Diagnostic Services"</h4>
<div class="paragraph">
<p>Unified Diagnostic Services</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationlin">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="LIN"</h4>
<div class="paragraph">
<p>LIN</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationmost">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="MOST"</h4>
<div class="paragraph">
<p>MOST</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationvan">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="VAN"</h4>
<div class="paragraph">
<p>VAN</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_communication_interface">ot-communication-interface</h3>
<h3 id="_ot_network_data_transmission_protocols_automatic_meter_reading">ot-network-data-transmission-protocols-automatic-meter-reading</h3>
<div class="sect3">
<h4 id="_icsot_communication_interfacers_232">ics:ot-communication-interface="rs-232"</h4>
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingansi_c12_18">ics:ot-network-data-transmission-protocols-automatic-meter-reading="ANSI C12.18"</h4>
<div class="paragraph">
<p>RS-232 (comm port)</p>
</div>
<div class="paragraph">
<p>Serial communication with an implementation comprises 2 data lines, 6 control lines and one ground.</p>
<p>ANSI C12.18</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_communication_interfacers_422_rs_423_or_rs_485">ics:ot-communication-interface="rs-422, rs-423 or rs-485"</h4>
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingiec_61107">ics:ot-network-data-transmission-protocols-automatic-meter-reading="IEC 61107"</h4>
<div class="paragraph">
<p>RS-422, RS-423 or RS-485</p>
</div>
<div class="paragraph">
<p>RS-422 is compatible to RS-232, used in situations where long distances are required, it can drive up to 1200m at 100kbit/s, and up to 1Mbit/s over short distances. RS-422 uses a differential driver, uses a four-conductor cable, and up to ten receivers can be on a multi-dropped network or bus. RS-485 is like RS-422 but RS-422 allows just one driver with multiple receivers whereas RS-485 supports multiple drivers and receivers RS-485 also allows up to thirty two (32) multi-dropped receivers or transmitters on a multi-dropped network or bus. At 90 kbit/s, the maximum cable length is 1250 m, and at 10 Mbit/s it is 15 m. The devices are half-duplex (i.e. send or receive, but not both at the same time). For more nodes or long distances, you can use repeaters that regenerate the signals and begin a new RS-485 line.</p>
<p>IEC 61107</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_communication_interfaceieee_488_gpib">ics:ot-communication-interface="ieee-488-gpib"</h4>
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingdlmsiec_62056">ics:ot-network-data-transmission-protocols-automatic-meter-reading="DLMS/IEC 62056"</h4>
<div class="paragraph">
<p>IEEE-488 (GPIB)</p>
</div>
<div class="paragraph">
<p>Known as Hewlett-Packard HP-IB but was renamed as GPIB (General Purpose Interface Bus) by the IEEE-488 (1975). IEEE-488 interface comprises 8 data lines, 8 control lines and 8 ground lines. Up to 15 devices can be interconnected on one bus. Each device is assigned a unique primary address, ranging from 4-30, by setting the address switches on the device. Devices are linked in either a daisy-chain or star (or some combination) configuration with up to 20 m of shielded 24-conductor cable. A maximum separation of 4 m is specified between any two devices, and an average of 2m over the entire bus. The data transfer rate can be up to 1 Mbyte/s. Three types of devices can be connected to an IEEE-488 bus (Listeners, Talkers, and Controllers)</p>
<p>DLMS/IEC 62056</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_communication_interfaceieee_1394_firewire">ics:ot-communication-interface="ieee-1394-firewire"</h4>
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingm_bus">ics:ot-network-data-transmission-protocols-automatic-meter-reading="M-Bus"</h4>
<div class="paragraph">
<p>IEEE-1394 (FireWire)</p>
</div>
<div class="paragraph">
<p>The IEEE-1394 defines a serial serial interface that can use the bus cable to power devices. Firewire transmits data in packets and incurs some overhead as a result. Firewire frames are 125 msec long which means that despite a 'headline' transfer speed of 400 Mbit/s Firewire can be substantially slower in responding to instruments' service requests. Firewire uses a peer-peer protocol, similar to IEEE-488. Using standard cable, the maximum length bus comprises 16 hops of 4.5m each. Each hop connects two devices, but each physical device can contain four logical nodes. A Firewire cable contains two twisted-pairs (signals and clock) and two untwisted conductors (power and ground).</p>
<p>M-Bus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_communication_interfaceusb_universal_serial_bus">ics:ot-communication-interface="usb-universal-serial-bus"</h4>
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingmodbus">ics:ot-network-data-transmission-protocols-automatic-meter-reading="Modbus"</h4>
<div class="paragraph">
<p>USB (Universal Serial Bus)</p>
</div>
<div class="paragraph">
<p>USB is the bus topology, and host-target protocol, mean that giving existing PC-based instruments a USB port not as trivial as it could be, but instruments with USB ports are coming onto the ICS market increasing numbers. USB 1.1 has many features as serial data transmission, device powering, data sent in 1 ms packets. USB offers 1.5- and 12-Mbit/s speeds. Individual devices can use the bus for a maximum of 50% of the time. In practice, the maximum rate is not more than 0.6 Mbyte/s. USB 2.0 specification was released in 2000. In addition to increasing the signaling rate from 12 MHz to 480 MHz, the specification describes a more advanced feature set and uses bandwidth more efficiently than 'Classic' USB. Version 2 of USB seems likely to prevent IEEE 1394 becoming widely adopted in instrument systems.</p>
<p>Modbus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_communication_interfaceethernet">ics:ot-communication-interface="ethernet"</h4>
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingzigbee">ics:ot-network-data-transmission-protocols-automatic-meter-reading="ZigBee"</h4>
<div class="paragraph">
<p>Ethernet</p>
<p>ZigBee</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_network_data_transmission_protocols_industrial_control_system">ot-network-data-transmission-protocols-industrial-control-system</h3>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_industrial_control_systemmtconnect">ics:ot-network-data-transmission-protocols-industrial-control-system="MTConnect"</h4>
<div class="paragraph">
<p>Instruments with ethernet interfaces have the great advantage that they can be accessed and controlled from a desktop anywhere in the world. A web-enabled ICS device behaves can be operated with standard browser. Systems with comm based on these interface can make use of existing Ethernet networks and connecting an instrument directly into the internet makes sharing of data easy. Fast data transfer is possible. However, when connected to the public internet it is difficult to secure or maintain its security and a full evaluation of the risks involved for this interface usage is very essential.</p>
<p>MTConnect</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_communication_interfaceothers">ics:ot-communication-interface="others"</h4>
<h4 id="_icsot_network_data_transmission_protocols_industrial_control_systemopc">ics:ot-network-data-transmission-protocols-industrial-control-system="OPC"</h4>
<div class="paragraph">
<p>Others</p>
<p>OPC</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_industrial_control_systemda">ics:ot-network-data-transmission-protocols-industrial-control-system="DA"</h4>
<div class="paragraph">
<p>Other communication interface not listed.</p>
<p>DA</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_industrial_control_systemhda">ics:ot-network-data-transmission-protocols-industrial-control-system="HDA"</h4>
<div class="paragraph">
<p>HDA</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_industrial_control_systemua">ics:ot-network-data-transmission-protocols-industrial-control-system="UA"</h4>
<div class="paragraph">
<p>UA</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_network_data_transmission_protocols_building_automation">ot-network-data-transmission-protocols-building-automation</h3>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automation1_wire">ics:ot-network-data-transmission-protocols-building-automation="1-Wire"</h4>
<div class="paragraph">
<p>1-Wire</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationbacnet">ics:ot-network-data-transmission-protocols-building-automation="BACnet"</h4>
<div class="paragraph">
<p>BACnet</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationc_bus">ics:ot-network-data-transmission-protocols-building-automation="C-Bus"</h4>
<div class="paragraph">
<p>C-Bus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationcebus">ics:ot-network-data-transmission-protocols-building-automation="CEBus"</h4>
<div class="paragraph">
<p>CEBus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationdali">ics:ot-network-data-transmission-protocols-building-automation="DALI"</h4>
<div class="paragraph">
<p>DALI</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationdsi">ics:ot-network-data-transmission-protocols-building-automation="DSI"</h4>
<div class="paragraph">
<p>DSI</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationdynet">ics:ot-network-data-transmission-protocols-building-automation="DyNet"</h4>
<div class="paragraph">
<p>DyNet</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationfactory_instrumentation_protocol">ics:ot-network-data-transmission-protocols-building-automation="Factory Instrumentation Protocol"</h4>
<div class="paragraph">
<p>Factory Instrumentation Protocol</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationknx">ics:ot-network-data-transmission-protocols-building-automation="KNX"</h4>
<div class="paragraph">
<p>KNX</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationlontalk">ics:ot-network-data-transmission-protocols-building-automation="LonTalk"</h4>
<div class="paragraph">
<p>LonTalk</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationmodbus">ics:ot-network-data-transmission-protocols-building-automation="Modbus"</h4>
<div class="paragraph">
<p>Modbus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationobix">ics:ot-network-data-transmission-protocols-building-automation="oBIX"</h4>
<div class="paragraph">
<p>oBIX</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationvscp">ics:ot-network-data-transmission-protocols-building-automation="VSCP"</h4>
<div class="paragraph">
<p>VSCP</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationx10">ics:ot-network-data-transmission-protocols-building-automation="X10"</h4>
<div class="paragraph">
<p>X10</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationxap">ics:ot-network-data-transmission-protocols-building-automation="xAP"</h4>
<div class="paragraph">
<p>xAP</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationxpl">ics:ot-network-data-transmission-protocols-building-automation="xPL"</h4>
<div class="paragraph">
<p>xPL</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationzigbee">ics:ot-network-data-transmission-protocols-building-automation="ZigBee"</h4>
<div class="paragraph">
<p>ZigBee</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_network_data_transmission_protocols_power_system_automation">ot-network-data-transmission-protocols-power-system-automation</h3>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationiec_60870">ics:ot-network-data-transmission-protocols-power-system-automation="IEC 60870"</h4>
<div class="paragraph">
<p>IEC 60870</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationdnp3">ics:ot-network-data-transmission-protocols-power-system-automation="DNP3"</h4>
<div class="paragraph">
<p>DNP3</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationfactory_instrumentation_protocol">ics:ot-network-data-transmission-protocols-power-system-automation="Factory Instrumentation Protocol"</h4>
<div class="paragraph">
<p>Factory Instrumentation Protocol</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationiec_61850">ics:ot-network-data-transmission-protocols-power-system-automation="IEC 61850"</h4>
<div class="paragraph">
<p>IEC 61850</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationiec_62351">ics:ot-network-data-transmission-protocols-power-system-automation="IEC 62351"</h4>
<div class="paragraph">
<p>IEC 62351</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationmodbus">ics:ot-network-data-transmission-protocols-power-system-automation="Modbus"</h4>
<div class="paragraph">
<p>Modbus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationprofibus">ics:ot-network-data-transmission-protocols-power-system-automation="Profibus"</h4>
<div class="paragraph">
<p>Profibus</p>
</div>
</div>
</div>
@ -15335,374 +15520,189 @@ ics namespace available in JSON format at <a href="https://github.com/MISP/misp-
</div>
</div>
<div class="sect2">
<h3 id="_ot_network_data_transmission_protocols_power_system_automation">ot-network-data-transmission-protocols-power-system-automation</h3>
<h3 id="_ot_communication_interface">ot-communication-interface</h3>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationiec_60870">ics:ot-network-data-transmission-protocols-power-system-automation="IEC 60870"</h4>
<h4 id="_icsot_communication_interfacers_232">ics:ot-communication-interface="rs-232"</h4>
<div class="paragraph">
<p>IEC 60870</p>
<p>RS-232 (comm port)</p>
</div>
<div class="paragraph">
<p>Serial communication with an implementation comprises 2 data lines, 6 control lines and one ground.</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationdnp3">ics:ot-network-data-transmission-protocols-power-system-automation="DNP3"</h4>
<h4 id="_icsot_communication_interfacers_422_rs_423_or_rs_485">ics:ot-communication-interface="rs-422, rs-423 or rs-485"</h4>
<div class="paragraph">
<p>DNP3</p>
<p>RS-422, RS-423 or RS-485</p>
</div>
<div class="paragraph">
<p>RS-422 is compatible to RS-232, used in situations where long distances are required, it can drive up to 1200m at 100kbit/s, and up to 1Mbit/s over short distances. RS-422 uses a differential driver, uses a four-conductor cable, and up to ten receivers can be on a multi-dropped network or bus. RS-485 is like RS-422 but RS-422 allows just one driver with multiple receivers whereas RS-485 supports multiple drivers and receivers RS-485 also allows up to thirty two (32) multi-dropped receivers or transmitters on a multi-dropped network or bus. At 90 kbit/s, the maximum cable length is 1250 m, and at 10 Mbit/s it is 15 m. The devices are half-duplex (i.e. send or receive, but not both at the same time). For more nodes or long distances, you can use repeaters that regenerate the signals and begin a new RS-485 line.</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationfactory_instrumentation_protocol">ics:ot-network-data-transmission-protocols-power-system-automation="Factory Instrumentation Protocol"</h4>
<h4 id="_icsot_communication_interfaceieee_488_gpib">ics:ot-communication-interface="ieee-488-gpib"</h4>
<div class="paragraph">
<p>Factory Instrumentation Protocol</p>
<p>IEEE-488 (GPIB)</p>
</div>
<div class="paragraph">
<p>Known as Hewlett-Packard HP-IB but was renamed as GPIB (General Purpose Interface Bus) by the IEEE-488 (1975). IEEE-488 interface comprises 8 data lines, 8 control lines and 8 ground lines. Up to 15 devices can be interconnected on one bus. Each device is assigned a unique primary address, ranging from 4-30, by setting the address switches on the device. Devices are linked in either a daisy-chain or star (or some combination) configuration with up to 20 m of shielded 24-conductor cable. A maximum separation of 4 m is specified between any two devices, and an average of 2m over the entire bus. The data transfer rate can be up to 1 Mbyte/s. Three types of devices can be connected to an IEEE-488 bus (Listeners, Talkers, and Controllers)</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationiec_61850">ics:ot-network-data-transmission-protocols-power-system-automation="IEC 61850"</h4>
<h4 id="_icsot_communication_interfaceieee_1394_firewire">ics:ot-communication-interface="ieee-1394-firewire"</h4>
<div class="paragraph">
<p>IEC 61850</p>
<p>IEEE-1394 (FireWire)</p>
</div>
<div class="paragraph">
<p>The IEEE-1394 defines a serial serial interface that can use the bus cable to power devices. Firewire transmits data in packets and incurs some overhead as a result. Firewire frames are 125 msec long which means that despite a 'headline' transfer speed of 400 Mbit/s Firewire can be substantially slower in responding to instruments' service requests. Firewire uses a peer-peer protocol, similar to IEEE-488. Using standard cable, the maximum length bus comprises 16 hops of 4.5m each. Each hop connects two devices, but each physical device can contain four logical nodes. A Firewire cable contains two twisted-pairs (signals and clock) and two untwisted conductors (power and ground).</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationiec_62351">ics:ot-network-data-transmission-protocols-power-system-automation="IEC 62351"</h4>
<h4 id="_icsot_communication_interfaceusb_universal_serial_bus">ics:ot-communication-interface="usb-universal-serial-bus"</h4>
<div class="paragraph">
<p>IEC 62351</p>
<p>USB (Universal Serial Bus)</p>
</div>
<div class="paragraph">
<p>USB is the bus topology, and host-target protocol, mean that giving existing PC-based instruments a USB port not as trivial as it could be, but instruments with USB ports are coming onto the ICS market increasing numbers. USB 1.1 has many features as serial data transmission, device powering, data sent in 1 ms packets. USB offers 1.5- and 12-Mbit/s speeds. Individual devices can use the bus for a maximum of 50% of the time. In practice, the maximum rate is not more than 0.6 Mbyte/s. USB 2.0 specification was released in 2000. In addition to increasing the signaling rate from 12 MHz to 480 MHz, the specification describes a more advanced feature set and uses bandwidth more efficiently than 'Classic' USB. Version 2 of USB seems likely to prevent IEEE 1394 becoming widely adopted in instrument systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationmodbus">ics:ot-network-data-transmission-protocols-power-system-automation="Modbus"</h4>
<h4 id="_icsot_communication_interfaceethernet">ics:ot-communication-interface="ethernet"</h4>
<div class="paragraph">
<p>Modbus</p>
<p>Ethernet</p>
</div>
<div class="paragraph">
<p>Instruments with ethernet interfaces have the great advantage that they can be accessed and controlled from a desktop anywhere in the world. A web-enabled ICS device behaves can be operated with standard browser. Systems with comm based on these interface can make use of existing Ethernet networks and connecting an instrument directly into the internet makes sharing of data easy. Fast data transfer is possible. However, when connected to the public internet it is difficult to secure or maintain its security and a full evaluation of the risks involved for this interface usage is very essential.</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationprofibus">ics:ot-network-data-transmission-protocols-power-system-automation="Profibus"</h4>
<h4 id="_icsot_communication_interfaceothers">ics:ot-communication-interface="others"</h4>
<div class="paragraph">
<p>Profibus</p>
<p>Others</p>
</div>
<div class="paragraph">
<p>Other communication interface not listed.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_network_data_transmission_protocols_building_automation">ot-network-data-transmission-protocols-building-automation</h3>
<h3 id="_ot_operating_systems">ot-operating-systems</h3>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automation1_wire">ics:ot-network-data-transmission-protocols-building-automation="1-Wire"</h4>
<h4 id="_icsot_operating_systemsrtos">ics:ot-operating-systems="rtos"</h4>
<div class="paragraph">
<p>1-Wire</p>
<p>RTOS</p>
</div>
<div class="paragraph">
<p>Please see the URL reference, there are a lot of it to be listed in here. These OS are also referred as Firmware. <a href="https://en.wikipedia.org/wiki/Comparison_of_real-time_operating_systems" class="bare">https://en.wikipedia.org/wiki/Comparison_of_real-time_operating_systems</a></p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationbacnet">ics:ot-network-data-transmission-protocols-building-automation="BACnet"</h4>
<h4 id="_icsot_operating_systemslinux_embedded_base_os">ics:ot-operating-systems="linux-embedded-base-os"</h4>
<div class="paragraph">
<p>BACnet</p>
<p>Linux Embedded Base OS</p>
</div>
<div class="paragraph">
<p>Yocto\nBuildroot\nOpenWRT\nB &amp; R Linux\n Scientific Linux\nRaspbian\nAndroid</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationc_bus">ics:ot-network-data-transmission-protocols-building-automation="C-Bus"</h4>
<h4 id="_icsot_operating_systemsbsd">ics:ot-operating-systems="bsd"</h4>
<div class="paragraph">
<p>C-Bus</p>
<p>BSD</p>
</div>
<div class="paragraph">
<p>NetBSD (NetBSD Embedded Systems)\nFreeBSD (Modified. i.e.: Orbis OS)</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationcebus">ics:ot-network-data-transmission-protocols-building-automation="CEBus"</h4>
<h4 id="_icsot_operating_systemsmicrosoft">ics:ot-operating-systems="microsoft"</h4>
<div class="paragraph">
<p>CEBus</p>
<p>Microsoft</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationdali">ics:ot-network-data-transmission-protocols-building-automation="DALI"</h4>
<div class="paragraph">
<p>DALI</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationdsi">ics:ot-network-data-transmission-protocols-building-automation="DSI"</h4>
<div class="paragraph">
<p>DSI</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationdynet">ics:ot-network-data-transmission-protocols-building-automation="DyNet"</h4>
<div class="paragraph">
<p>DyNet</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationfactory_instrumentation_protocol">ics:ot-network-data-transmission-protocols-building-automation="Factory Instrumentation Protocol"</h4>
<div class="paragraph">
<p>Factory Instrumentation Protocol</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationknx">ics:ot-network-data-transmission-protocols-building-automation="KNX"</h4>
<div class="paragraph">
<p>KNX</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationlontalk">ics:ot-network-data-transmission-protocols-building-automation="LonTalk"</h4>
<div class="paragraph">
<p>LonTalk</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationmodbus">ics:ot-network-data-transmission-protocols-building-automation="Modbus"</h4>
<div class="paragraph">
<p>Modbus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationobix">ics:ot-network-data-transmission-protocols-building-automation="oBIX"</h4>
<div class="paragraph">
<p>oBIX</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationvscp">ics:ot-network-data-transmission-protocols-building-automation="VSCP"</h4>
<div class="paragraph">
<p>VSCP</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationx10">ics:ot-network-data-transmission-protocols-building-automation="X10"</h4>
<div class="paragraph">
<p>X10</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationxap">ics:ot-network-data-transmission-protocols-building-automation="xAP"</h4>
<div class="paragraph">
<p>xAP</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationxpl">ics:ot-network-data-transmission-protocols-building-automation="xPL"</h4>
<div class="paragraph">
<p>xPL</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationzigbee">ics:ot-network-data-transmission-protocols-building-automation="ZigBee"</h4>
<div class="paragraph">
<p>ZigBee</p>
<p>Windows 10 IoT Enterprise\n Windows Embedded 8.1 Industry Professional\n Windows 7 Professional/Ultimate\n Windows Embedded Standard 7\n Windows Embedded Standard 2009\n Windows CE 6.0\n</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_network_data_transmission_protocols_industrial_control_system">ot-network-data-transmission-protocols-industrial-control-system</h3>
<h3 id="_ot_components_category">ot-components-category</h3>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_industrial_control_systemmtconnect">ics:ot-network-data-transmission-protocols-industrial-control-system="MTConnect"</h4>
<h4 id="_icsot_components_categoryprogrammable_logic_controller">ics:ot-components-category="programmable-logic-controller"</h4>
<div class="paragraph">
<p>MTConnect</p>
<p>Programmable Logic Controller (PLC)</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Computing device with user-programmable memory to storing instructions to operate a physical process.\n\n 2.Various PLC types for different processses</p>
</li>
</ol>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_industrial_control_systemopc">ics:ot-network-data-transmission-protocols-industrial-control-system="OPC"</h4>
<h4 id="_icsot_components_categoryremote_terminal_unit">ics:ot-components-category="remote-terminal-unit"</h4>
<div class="paragraph">
<p>OPC</p>
<p>Remote Terminal Unit (RTU)</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Data aquisitionand control unit designedto support field sites and remote stations.\n\n2. Wired and wireless communication capabilities.\n\n3. No stored program logic.</p>
</li>
</ol>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_industrial_control_systemda">ics:ot-network-data-transmission-protocols-industrial-control-system="DA"</h4>
<h4 id="_icsot_components_categoryhuman_machine_interface">ics:ot-components-category="human-machine-interface"</h4>
<div class="paragraph">
<p>DA</p>
<p>Human-Machine Interface (HMI)</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Hardware/software that operators used to interact with control system.\n\n2. From physical control panels to a complete computer systems</p>
</li>
</ol>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_industrial_control_systemhda">ics:ot-network-data-transmission-protocols-industrial-control-system="HDA"</h4>
<h4 id="_icsot_components_categorysensors">ics:ot-components-category="sensors"</h4>
<div class="paragraph">
<p>HDA</p>
<p>Sensors</p>
</div>
<div class="paragraph">
<p>Pressure, Temperature, Flow, Voltage, Optical, Proximity</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_industrial_control_systemua">ics:ot-network-data-transmission-protocols-industrial-control-system="UA"</h4>
<h4 id="_icsot_components_categoryactuators">ics:ot-components-category="actuators"</h4>
<div class="paragraph">
<p>UA</p>
<p>Actuators</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_network_data_transmission_protocols_automatic_meter_reading">ot-network-data-transmission-protocols-automatic-meter-reading</h3>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingansi_c12_18">ics:ot-network-data-transmission-protocols-automatic-meter-reading="ANSI C12.18"</h4>
<div class="paragraph">
<p>ANSI C12.18</p>
<p>Variable Frequency Drive, Servo Drive, Valve, Circuit Breaker</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingiec_61107">ics:ot-network-data-transmission-protocols-automatic-meter-reading="IEC 61107"</h4>
<h4 id="_icsot_components_categorycommunications">ics:ot-components-category="communications"</h4>
<div class="paragraph">
<p>IEC 61107</p>
<p>Communications</p>
</div>
<div class="paragraph">
<p>Modems, Routers, Serial - Ethernet Converters, Swtiches</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingdlmsiec_62056">ics:ot-network-data-transmission-protocols-automatic-meter-reading="DLMS/IEC 62056"</h4>
<h4 id="_icsot_components_categorysupervisory_level_devices">ics:ot-components-category="supervisory-level-devices"</h4>
<div class="paragraph">
<p>DLMS/IEC 62056</p>
<p>Supervisory Level Devices</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingm_bus">ics:ot-network-data-transmission-protocols-automatic-meter-reading="M-Bus"</h4>
<div class="paragraph">
<p>M-Bus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingmodbus">ics:ot-network-data-transmission-protocols-automatic-meter-reading="Modbus"</h4>
<div class="paragraph">
<p>Modbus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingzigbee">ics:ot-network-data-transmission-protocols-automatic-meter-reading="ZigBee"</h4>
<div class="paragraph">
<p>ZigBee</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_network_data_transmission_protocols_automatic_automobile_vehicle_aviation">ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation</h3>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationarinc_429">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="ARINC 429"</h4>
<div class="paragraph">
<p>ARINC 429</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationcan_bus_arinc_825_sae_j1939_nmea_2000_fms">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="CAN bus (ARINC 825 SAE J1939 NMEA 2000 FMS)"</h4>
<div class="paragraph">
<p>CAN bus (ARINC 825 SAE J1939 NMEA 2000 FMS)</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationfactory_instrumentation_protocol">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="Factory Instrumentation Protocol"</h4>
<div class="paragraph">
<p>Factory Instrumentation Protocol</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationflexray">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="FlexRay"</h4>
<div class="paragraph">
<p>FlexRay</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationiebus">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="IEBus"</h4>
<div class="paragraph">
<p>IEBus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationj1587">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="J1587"</h4>
<div class="paragraph">
<p>J1587</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationj1708">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="J1708"</h4>
<div class="paragraph">
<p>J1708</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationkeyword_protocol_2000">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="Keyword Protocol 2000"</h4>
<div class="paragraph">
<p>Keyword Protocol 2000</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationunified_diagnostic_services">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="Unified Diagnostic Services"</h4>
<div class="paragraph">
<p>Unified Diagnostic Services</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationlin">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="LIN"</h4>
<div class="paragraph">
<p>LIN</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationmost">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="MOST"</h4>
<div class="paragraph">
<p>MOST</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationvan">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="VAN"</h4>
<div class="paragraph">
<p>VAN</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_security_issues">ot-security-issues</h3>
<div class="sect3">
<h4 id="_icsot_security_issuesmessage_authentication">ics:ot-security-issues="Message Authentication"</h4>
<div class="paragraph">
<p>Message Authentication</p>
</div>
<div class="paragraph">
<p>Auth in used protocols is attacked and falsification command can be sent</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_security_issuesmessage_integrity_checking">ics:ot-security-issues="Message Integrity Checking"</h4>
<div class="paragraph">
<p>Message Integrity Checking</p>
</div>
<div class="paragraph">
<p>Message poart of the sent protocol is maliciously tampered</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_security_issuesmessage_encryption">ics:ot-security-issues="Message Encryption"</h4>
<div class="paragraph">
<p>Message Encryption</p>
</div>
<div class="paragraph">
<p>Self explanatory, i.e. Weak encryption is attacked</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_security_issuescommand_injection">ics:ot-security-issues="Command Injection"</h4>
<div class="paragraph">
<p>Command Injection</p>
</div>
<div class="paragraph">
<p>Either Remote Command Injection or Local. On local can be timer triggered under tampered firmware</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_security_issuesreplay_attack">ics:ot-security-issues="Replay Attack"</h4>
<div class="paragraph">
<p>Replay Attack</p>
</div>
<div class="paragraph">
<p>Self explanatory</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_security_issuesman_in_the_middle_mitm_attack">ics:ot-security-issues="Man in the middle (MITM) Attack"</h4>
<div class="paragraph">
<p>Man in the middle (MITM) Attack</p>
</div>
<div class="paragraph">
<p>Self explanatory</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_security_issuesundocumented_instructions">ics:ot-security-issues="Undocumented instructions"</h4>
<div class="paragraph">
<p>Undocumented instructions</p>
</div>
<div class="paragraph">
<p>Vendor&#8217;s left several instruction used for development or trouble shooting that is finally leaked and used to performed malicious activities on the devices.</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_security_issuesvendor_proprietary_protocols">ics:ot-security-issues="Vendor proprietary protocols"</h4>
<div class="paragraph">
<p>Vendor proprietary protocols</p>
</div>
<div class="paragraph">
<p>Internal vendor protocols used for development or trouble shooting, that is being maliciously for an attack.</p>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Control Server (Supervisory systems that hosts control software to manage lower level control devices like PLC).\n\n2. Data Historian (Centralized database for information about process, control activity and status record).\n\n3. Engineering workstations (Creating and revising control systems anbd programs, incl. project files).</p>
</li>
</ol>
</div>
</div>
</div>
@ -43501,7 +43501,7 @@ workflow namespace available in JSON format at <a href="https://github.com/MISP/
</div>
<div id="footer">
<div id="footer-text">
Last updated 2019-09-09 15:11:44 +0200
Last updated 2019-09-20 13:16:11 +0200
</div>
</div>
</body>

180453
taxonomies.pdf
View File

File diff suppressed because one or more lines are too long