MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [misp-taxonomies] updated to the latest version

new
Alexandre Dulaunoy 2024-12-03 15:01:39 +01:00
parent 1b6b8dc233
commit 7415af31d0
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 432755 additions and 426800 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

770
static/taxonomies.html
View File

@ -455,6 +455,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_pap">PAP</a></li>
<li><a href="#_access_method">access-method</a></li>
<li><a href="#_accessnow">accessnow</a></li>
<li><a href="#_acs_marking">acs-marking</a></li>
<li><a href="#_action_taken">action-taken</a></li>
<li><a href="#_admiralty_scale">admiralty-scale</a></li>
<li><a href="#_adversary">adversary</a></li>
@ -488,6 +489,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_ddos_2">ddos</a></li>
<li><a href="#_de_vs">de-vs</a></li>
<li><a href="#_deception_2">deception</a></li>
<li><a href="#_detection_engineering">detection-engineering</a></li>
<li><a href="#_dga">dga</a></li>
<li><a href="#_dhs_ciip_sectors">dhs-ciip-sectors</a></li>
<li><a href="#_diamond_model">diamond-model</a></li>
@ -561,6 +563,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_pandemic_2">pandemic</a></li>
<li><a href="#_passivetotal">passivetotal</a></li>
<li><a href="#_pentest">pentest</a></li>
<li><a href="#_pfc">pfc</a></li>
<li><a href="#_phishing_2">phishing</a></li>
<li><a href="#_political_spectrum">political-spectrum</a></li>
<li><a href="#_priority_level">priority-level</a></li>
@ -5431,15 +5434,6 @@ GrayZone namespace available in JSON format at <a href="https://github.com/MISP/
<p>Answer to deception from adversary is counter-deception, for example: answer to phish with shadow user account to uncover next adversary actions</p>
</div>
</div>
<div class="sect3">
<h4 id="_grayzonedeceptioncounter_deception">GrayZone:Deception="Counter-Deception"</h4>
<div class="paragraph">
<p>Active counterdeception</p>
</div>
<div class="paragraph">
<p>Answer to adversary deception and his tactical goals, example: if You know the adversary goal(extraction) You can plant documents with fake content to enable damage on adversary sources (fake blueprints of engine, which explode on purpose)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_tarpits_sandboxes_and_honeypots">Tarpits, Sandboxes and Honeypots</h3>
@ -5472,53 +5466,86 @@ GrayZone namespace available in JSON format at <a href="https://github.com/MISP/
</div>
</div>
<div class="sect2">
<h3 id="_threat_intelligence">Threat Intelligence</h3>
<h3 id="_intelligence_and_counterintelligence">Intelligence and Counterintelligence</h3>
<div class="sect3">
<h4 id="_grayzonethreat_intelligencepassive_osint">GrayZone:Threat Intelligence="Passive - OSINT"</h4>
<h4 id="_grayzoneintelligence_and_counterintelligenceintel_passive">GrayZone:Intelligence and Counterintelligence="Intel Passive"</h4>
<div class="paragraph">
<p>OpenSourceINTelligence</p>
<p>Passive gathering, managing etc. of threat intelligence. Ie. getting data from public, available resources</p>
</div>
<div class="paragraph">
<p>Use of OSINT for creating of Threat Intelligence</p>
<p>Getting threat intel from open and publicly available resources</p>
</div>
</div>
<div class="sect3">
<h4 id="_grayzonethreat_intelligencepassive_platforms">GrayZone:Threat Intelligence="Passive - platforms"</h4>
<h4 id="_grayzoneintelligence_and_counterintelligenceintel_active">GrayZone:Intelligence and Counterintelligence="Intel Active"</h4>
<div class="paragraph">
<p>Platforms for TI</p>
<p>Active or proactive intel gathering, collecting etc. Ie. closed resources as private forums, gossip &#8230;&#8203;</p>
</div>
<div class="paragraph">
<p>Save, share and collaborate on threat intelligence platforms</p>
<p>Getting threat intel from closed resources or trusted parties as private chats or exploitation of groups etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_grayzonethreat_intelligencecounter_intelligence_public">GrayZone:Threat Intelligence="Counter-Intelligence public"</h4>
<h4 id="_grayzoneintelligence_and_counterintelligencecounterintel_defensive">GrayZone:Intelligence and Counterintelligence="Counterintel Defensive"</h4>
<div class="paragraph">
<p>Counter Intelligence</p>
<p>Includes subcategories as Deterrence and Detection</p>
</div>
<div class="paragraph">
<p>Active retrieval of Threat Intelligence for purpose of defense collected with available public resources - example: active monitoring of web services to uncover action before happen (forum hacktivist group)</p>
<p>Focuses on detecting and neutralizing adversary efforts to compromise or exploit digital systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_grayzonethreat_intelligencecounter_intelligence_government">GrayZone:Threat Intelligence="Counter-Intelligence government"</h4>
<h4 id="_grayzoneintelligence_and_counterintelligencecounterintel_defensive_deterrence">GrayZone:Intelligence and Counterintelligence="Counterintel Defensive - Deterrence"</h4>
<div class="paragraph">
<p>Counter Intelligence</p>
<p>Deterrende in cyber space as part of strategy</p>
</div>
<div class="paragraph">
<p>Active retrieval of Threat Intelligence for purpose of defense collected with non-public resources - example: cooperation between secret services in EU</p>
<p>Aims to discourage adversary actions by demonstrating strong protective measures and potential consequences.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_threat_hunting">Threat Hunting</h3>
<div class="sect3">
<h4 id="_grayzonethreat_huntingthreat_hunting">GrayZone:Threat Hunting="Threat Hunting"</h4>
<h4 id="_grayzoneintelligence_and_counterintelligencecounterintel_defensive_detection">GrayZone:Intelligence and Counterintelligence="Counterintel Defensive - Detection"</h4>
<div class="paragraph">
<p>Threat Hunting</p>
<p>Detection Engineering</p>
</div>
<div class="paragraph">
<p>Threat Hunting is the activity of active search for possible signs of adversary in environment</p>
<p>Ideally focuses on identifying and exposing adversary activities before they can cause harm.</p>
</div>
</div>
<div class="sect3">
<h4 id="_grayzoneintelligence_and_counterintelligencecounterintel_offensive">GrayZone:Intelligence and Counterintelligence="Counterintel Offensive"</h4>
<div class="paragraph">
<p>Includes subcategories as Detection, Deception and Neutralization</p>
</div>
<div class="paragraph">
<p>Involves actively disrupting or deceiving adversary intelligence operations to gain strategic advantage</p>
</div>
</div>
<div class="sect3">
<h4 id="_grayzoneintelligence_and_counterintelligencecounterintel_offensive_detection">GrayZone:Intelligence and Counterintelligence="Counterintel Offensive - Detection"</h4>
<div class="paragraph">
<p>Detect operations of adversary before they reach friendly environment</p>
</div>
<div class="paragraph">
<p>Detection involves actively identifying and exposing adversary cyber operations to disrupt their efforts.</p>
</div>
</div>
<div class="sect3">
<h4 id="_grayzoneintelligence_and_counterintelligencecounterintel_offensive_deception">GrayZone:Intelligence and Counterintelligence="Counterintel Offensive - Deception"</h4>
<div class="paragraph">
<p>Creating deception campaigns, fake accounts, penetrating adversary communication with use of deception&#8230;&#8203;</p>
</div>
<div class="paragraph">
<p>Uses false information and tactics to mislead and confuse adversaries in their cyber operations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_grayzoneintelligence_and_counterintelligencecounterintel_offensive_neutralization">GrayZone:Intelligence and Counterintelligence="Counterintel Offensive - Neutralization"</h4>
<div class="paragraph">
<p>Adversary disruption as influence operation, environment disturbance to prevent adversary operations&#8230;&#8203;</p>
</div>
<div class="paragraph">
<p>Neutralization aims to disrupt and eliminate adversary cyber threats before they can inflict damage.</p>
</div>
</div>
</div>
@ -6162,6 +6189,407 @@ accessnow namespace available in JSON format at <a href="https://github.com/MISP
</div>
</div>
<div class="sect1">
<h2 id="_acs_marking">acs-marking</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
acs-marking namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/acs-marking/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Access Control Specification (ACS) marking type defines the object types required to implement automated access control systems based on the relevant policies governing sharing between participants.</p>
</div>
<div class="sect2">
<h3 id="_privilege_action">privilege_action</h3>
<div class="paragraph">
<p>Indicates the action that may be taken.</p>
</div>
<div class="sect3">
<h4 id="_acs_markingprivilege_actiondsply">acs-marking:privilege_action="DSPLY"</h4>
<div class="paragraph">
<p>Display</p>
</div>
<div class="paragraph">
<p>The action of displaying, either in a hard copy document or a visual presentation of the resource. DSPLY should be used to permit display when there is generally a global deny for all actions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingprivilege_actionidsrc">acs-marking:privilege_action="IDSRC"</h4>
<div class="paragraph">
<p>Identify the Source</p>
</div>
<div class="paragraph">
<p>The action of identifying the source of the resource further than the entity receiving the resource. The use of IDSRC does not authorize any changes to markings on the resource. For example, the removal of the source information will not change the classification of the resource.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingprivilege_actiontenot">acs-marking:privilege_action="TENOT"</h4>
<div class="paragraph">
<p>Notify a Target Entity</p>
</div>
<div class="paragraph">
<p>The action of notifying a targeted entity of a cybersecurity incident based on the resource.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingprivilege_actionnetdef">acs-marking:privilege_action="NETDEF"</h4>
<div class="paragraph">
<p>Network Defense</p>
</div>
<div class="paragraph">
<p>The action of taking network defense actions including detection and mitigation, remediation, and local analysis and signature development, based on the resource.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingprivilege_actionlegal">acs-marking:privilege_action="LEGAL"</h4>
<div class="paragraph">
<p>Legal</p>
</div>
<div class="paragraph">
<p>The action of using the resource in legal proceedings.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingprivilege_actionintel">acs-marking:privilege_action="INTEL"</h4>
<div class="paragraph">
<p>Intelligence Analysis</p>
</div>
<div class="paragraph">
<p>The action of conducting additional intelligence analysis based on the resource.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingprivilege_actiontearline">acs-marking:privilege_action="TEARLINE"</h4>
<div class="paragraph">
<p>Tear Line</p>
</div>
<div class="paragraph">
<p>The action of removing and taking further action on components of a resource based on their component markings. To be tear- lineable indicates that marked components of a document may be removed and treated as individually marked components.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingprivilege_actionopaction">acs-marking:privilege_action="OPACTION"</h4>
<div class="paragraph">
<p>Operation Action</p>
</div>
<div class="paragraph">
<p>The action of conducting cyber-based operations applied to adversary capabilities based on the resource.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingprivilege_actionrequest">acs-marking:privilege_action="REQUEST"</h4>
<div class="paragraph">
<p>Request</p>
</div>
<div class="paragraph">
<p>The action of requesting a waiver to an access privilege restriction.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingprivilege_actionanonymousaccess">acs-marking:privilege_action="ANONYMOUSACCESS"</h4>
<div class="paragraph">
<p>Anonymous Access</p>
</div>
<div class="paragraph">
<p>The action of allowing anonymous access to the resource. This action is included to support the restrictions placed on the indicators shared with the US government from the DHS Automated Indicator Sharing (AIS) program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingprivilege_actioncisauses">acs-marking:privilege_action="CISAUSES"</h4>
<div class="paragraph">
<p>Allowed in the Cybersecurity Information Sharing Act</p>
</div>
<div class="paragraph">
<p>The cybersecurity purposes allowed in the Cybersecurity Information Sharing Act of 2015.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_classification">classification</h3>
<div class="paragraph">
<p>The Classification value contains the classification of the data based on the Executive Order 13526, Classified National Security Information and the Information Security Manual (ISM) marking system.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_acs_markingclassificationu">acs-marking:classification="U"</h4>
<div class="paragraph">
<p>Unclassified</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingclassificationc">acs-marking:classification="C"</h4>
<div class="paragraph">
<p>Classified</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingclassifications">acs-marking:classification="S"</h4>
<div class="paragraph">
<p>Secret</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingclassificationts">acs-marking:classification="TS"</h4>
<div class="paragraph">
<p>Top Secret</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_formal_determination">formal_determination</h3>
<div class="paragraph">
<p>Indicates other formal determinations beyond classification that have been applied to a resource.</p>
</div>
<div class="sect3">
<h4 id="_acs_markingformal_determinationais">acs-marking:formal_determination="AIS"</h4>
<div class="paragraph">
<p>Automated Indicator Sharing</p>
</div>
<div class="paragraph">
<p>The resource is appropriate for AIS (Automated Indicator Sharing)</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingformal_determinationfouo">acs-marking:formal_determination="FOUO"</h4>
<div class="paragraph">
<p>For Official Use Only</p>
</div>
<div class="paragraph">
<p>The resource is appropriate For Official Use Only.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingformal_determinationnf">acs-marking:formal_determination="NF"</h4>
<div class="paragraph">
<p>Not releasable to Foreign Nationals</p>
</div>
<div class="paragraph">
<p>Indicates that the resource is releasable to U.S. citizens and not releasable to foreign nationals without the permission of the originator.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingformal_determinationpii_necessary_to_understand_threat">acs-marking:formal_determination="PII-NECESSARY-TO-UNDERSTAND-THREAT"</h4>
<div class="paragraph">
<p>Personally Identifiable Information Necessary to Understand Threat</p>
</div>
<div class="paragraph">
<p>Personally identifiable information (PII) necessary to understand the context of the resource is present.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingformal_determinationno_pii_present">acs-marking:formal_determination="NO-PII-PRESENT"</h4>
<div class="paragraph">
<p>No Personally Identifiable Information Present</p>
</div>
<div class="paragraph">
<p>Personally identifiable Information (PII) is not present.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingformal_determinationpubrel">acs-marking:formal_determination="PUBREL"</h4>
<div class="paragraph">
<p>Public Release</p>
</div>
<div class="paragraph">
<p>Approved for Public Release.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingformal_determinationinformation_directly_related_to_cybersecurity_threat">acs-marking:formal_determination="INFORMATION-DIRECTLY-RELATED-TO-CYBERSECURITY-THREAT"</h4>
<div class="paragraph">
<p>Information Directly Related to a Cybersecurity Threat</p>
</div>
<div class="paragraph">
<p>Indicates that any personal information of a specific individual or information that identifies a specific individual has been determined to be directly related to a cybersecurity threat.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_caveat">caveat</h3>
<div class="paragraph">
<p>Indicates a specific protocol.</p>
</div>
<div class="sect3">
<h4 id="_acs_markingcaveatfisa">acs-marking:caveat="FISA"</h4>
<div class="paragraph">
<p>Foreign Intelligence Surveillance Act</p>
</div>
<div class="paragraph">
<p>The FISA caveat marking denotes the presence of Foreign Intelligence Surveillance Act (FISA) (Reference 18) or FISA-derived information in the document. This is an informational marking only to highlight such information. Recipients of resources with the FISA control marking are responsible for ensuring that the resource is protected in conformance with the legal requirements of the FISA for limitations on use and warning displays.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingcaveatpossiblepii">acs-marking:caveat="POSSIBLEPII"</h4>
<div class="paragraph">
<p>Possible Personally Identifiable Information</p>
</div>
<div class="paragraph">
<p>The POSSIBLEPII caveat marking indicates to the recipient that the resource may contain Personally Identifiable Information (PII). Recipients are responsible for ensuring that the resource is protected according to their agencies policies related to PII.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingcaveatcisaproprietary">acs-marking:caveat="CISAPROPRIETARY"</h4>
<div class="paragraph">
<p>Cybersecurity Information Sharing Act Proprietary</p>
</div>
<div class="paragraph">
<p>The CISAPROPRIETARY caveat marking indicates that the resource must observe appropriate restrictions as requested by the originator in accordance with the Cybersecurity Information Sharing Act of 2015.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_sensitivity">sensitivity</h3>
<div class="paragraph">
<p>The sensitivity property is used to specify an inherent sensitivity about the data that requires specific restrictions in access or handling.</p>
</div>
<div class="sect3">
<h4 id="_acs_markingsensitivityntoc_dhs_ecyber_svc_share_nsa_nsa">acs-marking:sensitivity="NTOC_DHS_ECYBER_SVC_SHARE.NSA.NSA"</h4>
<div class="paragraph">
<p>Enhanced Cybersecurity Services</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingsensitivitypcii">acs-marking:sensitivity="PCII"</h4>
<div class="paragraph">
<p>Protected Critical Infrastructure Information</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingsensitivityles">acs-marking:sensitivity="LES"</h4>
<div class="paragraph">
<p>Law Enforcement Sensitive Information</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingsensitivityint">acs-marking:sensitivity="INT"</h4>
<div class="paragraph">
<p>Intelligence Information</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingsensitivitypii">acs-marking:sensitivity="PII"</h4>
<div class="paragraph">
<p>Personally Identifiable Information</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingsensitivitypr">acs-marking:sensitivity="PR"</h4>
<div class="paragraph">
<p>Cybersecurity Targeted Entity Information</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingsensitivitytei">acs-marking:sensitivity="TEI"</h4>
<div class="paragraph">
<p>Commercial Proprietary Information</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_shareability">shareability</h3>
<div class="paragraph">
<p>property is used to identify the shareability of a resource that may be released based on the determination of an originator in accordance with established disclosure procedures.</p>
</div>
<div class="sect3">
<h4 id="_acs_markingshareabilityncc">acs-marking:shareability="NCC"</h4>
<div class="paragraph">
<p>National Cyber Centers</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingshareabilityem">acs-marking:shareability="EM"</h4>
<div class="paragraph">
<p>Emergency Management</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingshareabilityle">acs-marking:shareability="LE"</h4>
<div class="paragraph">
<p>Law Enforcement</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingshareabilityic">acs-marking:shareability="IC"</h4>
<div class="paragraph">
<p>Intelligence Community</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_entity">entity</h3>
<div class="paragraph">
<p>property is used to identify the entities to which information may be released based on the determination of an originator.</p>
</div>
<div class="sect3">
<h4 id="_acs_markingentitymil">acs-marking:entity="MIL"</h4>
<div class="paragraph">
<p>Military Service Member</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingentitygov">acs-marking:entity="GOV"</h4>
<div class="paragraph">
<p>US Government</p>
</div>
<div class="paragraph">
<p>U.S. federal government civilian employee.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingentityctr">acs-marking:entity="CTR"</h4>
<div class="paragraph">
<p>Contractor</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingentitysvr">acs-marking:entity="SVR"</h4>
<div class="paragraph">
<p>Server</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingentitysvc">acs-marking:entity="SVC"</h4>
<div class="paragraph">
<p>Service</p>
</div>
<div class="paragraph">
<p>Service, Widget, Application, Software, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingentitydev">acs-marking:entity="DEV"</h4>
<div class="paragraph">
<p>End-point Device.</p>
</div>
</div>
<div class="sect3">
<h4 id="_acs_markingentitynet">acs-marking:entity="NET"</h4>
<div class="paragraph">
<p>Network Device</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_action_taken">action-taken</h2>
<div class="sectionbody">
<div class="admonitionblock note">
@ -35501,7 +35929,7 @@ crowdsec namespace available in JSON format at <a href="https://github.com/MISP/
</div>
</div>
<div class="sect2">
<h3 id="_classification">classification</h3>
<h3 id="_classification_2">classification</h3>
<div class="paragraph">
<p>Category associated to an IP address.</p>
</div>
@ -37233,6 +37661,15 @@ dark-web namespace available in JSON format at <a href="https://github.com/MISP/
<p>Ransomware group PR or leak website</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopichitman">dark-web:topic="hitman"</h4>
<div class="paragraph">
<p>Hit Man Services</p>
</div>
<div class="paragraph">
<p>Hit man or similar services</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_motivation">motivation</h3>
@ -38372,6 +38809,68 @@ deception namespace available in JSON format at <a href="https://github.com/MISP
</div>
</div>
<div class="sect1">
<h2 id="_detection_engineering">detection-engineering</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
detection-engineering namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/detection-engineering/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Taxonomy related to detection engineering techniques</p>
</div>
<div class="sect2">
<h3 id="_pattern_matching">pattern-matching</h3>
<div class="paragraph">
<p>Describe the cardinality of patterns matching.</p>
</div>
<div class="sect3">
<h4 id="_detection_engineeringpattern_matchinghigh">detection-engineering:pattern-matching="high"</h4>
<div class="paragraph">
<p>high</p>
</div>
<div class="paragraph">
<p>A high number of patterns detected in the tagged item.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
<div class="sect3">
<h4 id="_detection_engineeringpattern_matchingmedium">detection-engineering:pattern-matching="medium"</h4>
<div class="paragraph">
<p>medium</p>
</div>
<div class="paragraph">
<p>A medium number of patterns detected in the tagged item.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_detection_engineeringpattern_matchinglow">detection-engineering:pattern-matching="low"</h4>
<div class="paragraph">
<p>low</p>
</div>
<div class="paragraph">
<p>A low number of patterns detected in the tagged item.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="25"</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_dga">dga</h2>
<div class="sectionbody">
<div class="admonitionblock note">
@ -45240,6 +45739,15 @@ exercise namespace available in JSON format at <a href="https://github.com/MISP/
<p>A communication check exercise which can include digital or non-digital communication.</p>
</div>
</div>
<div class="sect3">
<h4 id="_exercisegenericred_teaming">exercise:generic="red-teaming"</h4>
<div class="paragraph">
<p>Red teaming</p>
</div>
<div class="paragraph">
<p>An exercise which can be classified as red teaming.</p>
</div>
</div>
</div>
</div>
</div>
@ -54443,6 +54951,18 @@ infoleak namespace available in JSON format at <a href="https://github.com/MISP/
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionbarcode">infoleak:automatic-detection="barcode"</h4>
<div class="paragraph">
<p>Barcode</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionqrcode">infoleak:automatic-detection="qrcode"</h4>
<div class="paragraph">
<p>QR Code</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionsql_injection">infoleak:automatic-detection="sql-injection"</h4>
<div class="paragraph">
<p>SQL injection</p>
@ -54632,6 +55152,18 @@ infoleak namespace available in JSON format at <a href="https://github.com/MISP/
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionbarcode">infoleak:analyst-detection="barcode"</h4>
<div class="paragraph">
<p>Barcode</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionqrcode">infoleak:analyst-detection="qrcode"</h4>
<div class="paragraph">
<p>QR Code</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionsql_injection">infoleak:analyst-detection="sql-injection"</h4>
<div class="paragraph">
<p>SQL injection</p>
@ -65253,7 +65785,7 @@ Exclusive flag set which means the values or predicate below must be set exclusi
</table>
</div>
<div class="sect2">
<h3 id="_classification_2">classification</h3>
<h3 id="_classification_3">classification</h3>
<div class="sect3">
<h4 id="_natoclassificationcts">nato:classification="CTS"</h4>
<div class="paragraph">
@ -67468,6 +68000,113 @@ pentest namespace available in JSON format at <a href="https://github.com/MISP/m
</div>
</div>
<div class="sect1">
<h2 id="_pfc">pfc</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
pfc namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/pfc/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Le Protocole des feux de circulation (PFC) est basé sur le standard « Traffic Light Protocol (TLP) » conçu par le FIRST. Il a pour objectif dinformer sur les limites autorisées pour la diffusion des informations. Il est classé selon des codes de couleurs.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect2">
<h3 id="_rouge">rouge</h3>
<div class="paragraph">
<p>Divulgation limitée explicitement aux destinataires Linformation transmise est diffusée à des individus spécifiques, par exemple lors déchanges entre participants à une réunion ou à une conversation. Aucun partage nest autorisé. Linformation doit préférablement être communiquée verbalement. En plus du code de couleurs précisant la diffusion autorisée, le divulgateur de linformation peut préciser sous létiquette dautres contraintes de diffusion.</p>
</div>
<div class="sect3">
<h4 id="_pfcrouge">pfc:rouge</h4>
<div class="paragraph">
<p>(PFC:ROUGE) Divulgation limitée explicitement aux destinataires.</p>
</div>
<div class="paragraph">
<p>Divulgation limitée explicitement aux destinataires Linformation transmise est diffusée à des individus spécifiques, par exemple lors déchanges entre participants à une réunion ou à une conversation. Aucun partage nest autorisé. Linformation doit préférablement être communiquée verbalement. En plus du code de couleurs précisant la diffusion autorisée, le divulgateur de linformation peut préciser sous létiquette dautres contraintes de diffusion.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ambre">ambre</h3>
<div class="paragraph">
<p>Divulgation limitée au destinataire et aux organismes du portefeuille du destinataire, sur la base du «besoin de connaître» Linformation transmise peut être communiquée sur la base du « besoin de connaître » à lorganisation du destinataire et à tout autre organisme du portefeuille budgétaire du destinataire. Le MCN se réserve le droit danonymiser un message reçu avec le code PFC:AMBRE afin de permettre sa diffusion auprès de destinataires non prévus par le divulgateur lorsquil existe un besoin de partager linformation pour se protéger ou prévenir dautres dommages.</p>
</div>
<div class="sect3">
<h4 id="_pfcambre">pfc:ambre</h4>
<div class="paragraph">
<p>(PFC:AMBRE) Divulgation limitée au destinataire et aux organismes du portefeuille du destinataire, sur la base du «besoin de connaître».</p>
</div>
<div class="paragraph">
<p>Divulgation limitée au destinataire et aux organismes du portefeuille du destinataire, sur la base du «besoin de connaître» Linformation transmise peut être communiquée sur la base du « besoin de connaître » à lorganisation du destinataire et à tout autre organisme du portefeuille budgétaire du destinataire. Le MCN se réserve le droit danonymiser un message reçu avec le code PFC:AMBRE afin de permettre sa diffusion auprès de destinataires non prévus par le divulgateur lorsquil existe un besoin de partager linformation pour se protéger ou prévenir dautres dommages.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ambrestrict">ambre+strict</h3>
<div class="paragraph">
<p>Divulgation limitée au destinataire et à son organisation, sur la base du «besoin de connaître» Linformation transmise peut être communiquée sur la base du « besoin de connaître » à lorganisation du destinataire seulement. Le MCN se réserve le droit « danonymiser » un message reçu avec le code PFC:AMBRE+STRICT afin de permettre sa diffusion auprès de destinataires non prévus par le divulgateur lorsquil existe un besoin de partager linformation pour se protéger ou prévenir dautres dommages.</p>
</div>
<div class="sect3">
<h4 id="_pfcambrestrict">pfc:ambre+strict</h4>
<div class="paragraph">
<p>(PFC:AMBRE+STRICT) Divulgation limitée au destinataire et à son organisation, sur la base du «besoin de connaître».</p>
</div>
<div class="paragraph">
<p>Divulgation limitée au destinataire et à son organisation, sur la base du «besoin de connaître» Linformation transmise peut être communiquée sur la base du « besoin de connaître » à lorganisation du destinataire seulement. Le MCN se réserve le droit « danonymiser » un message reçu avec le code PFC:AMBRE+STRICT afin de permettre sa diffusion auprès de destinataires non prévus par le divulgateur lorsquil existe un besoin de partager linformation pour se protéger ou prévenir dautres dommages.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vert">vert</h3>
<div class="paragraph">
<p>Linformation transmise peut être communiquée à tout organisme de lécosystème québécois de cyberdéfense, qui inclut les organismes assujettis aux articles 12.2 à 12.4 de la Loi sur la gouvernance et la gestion des ressources informationnelles des organismes publics et des entreprises du gouvernement, ainsi que les organisations ayant une mission en lien avec la cyberdéfense et avec lesquelles le ministère de la Cybersécurité et du Numérique (MCN) a conclu une entente de confidentialité. La diffusion doit se faire par des canaux qui ne sont pas accessibles au public.</p>
</div>
<div class="sect3">
<h4 id="_pfcvert">pfc:vert</h4>
<div class="paragraph">
<p>(PFC:VERT) Divulgation limitée à lécosystème québécois de cyberdéfense</p>
</div>
<div class="paragraph">
<p>Linformation transmise peut être communiquée à tout organisme de lécosystème québécois de cyberdéfense, qui inclut les organismes assujettis aux articles 12.2 à 12.4 de la Loi sur la gouvernance et la gestion des ressources informationnelles des organismes publics et des entreprises du gouvernement, ainsi que les organisations ayant une mission en lien avec la cyberdéfense et avec lesquelles le ministère de la Cybersécurité et du Numérique (MCN) a conclu une entente de confidentialité. La diffusion doit se faire par des canaux qui ne sont pas accessibles au public.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_libre">libre</h3>
<div class="paragraph">
<p>Linformation transmise peut être communiquée à tout public.</p>
</div>
<div class="sect3">
<h4 id="_pfclibre">pfc:libre</h4>
<div class="paragraph">
<p>(PFC:LIBRE) Divulgation libre (non restreinte).</p>
</div>
<div class="paragraph">
<p>Linformation transmise peut être communiquée à tout public.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_phishing_2">phishing</h2>
<div class="sectionbody">
<div class="admonitionblock note">
@ -86710,6 +87349,75 @@ Exclusive flag set which means the values or predicate below must be set exclusi
</div>
</div>
</div>
<div class="sect2">
<h3 id="_sighting">sighting</h3>
<div class="paragraph">
<p>Sighting information related to the vulnerability.</p>
</div>
<div class="sect3">
<h4 id="_vulnerabilitysightingseen">vulnerability:sighting="seen"</h4>
<div class="paragraph">
<p>Seen</p>
</div>
<div class="paragraph">
<p>The vulnerability was mentioned, discussed, or seen somewhere by the user.</p>
</div>
</div>
<div class="sect3">
<h4 id="_vulnerabilitysightingconfirmed">vulnerability:sighting="confirmed"</h4>
<div class="paragraph">
<p>Confirmed</p>
</div>
<div class="paragraph">
<p>The vulnerability is confirmed from an analyst perspective.</p>
</div>
</div>
<div class="sect3">
<h4 id="_vulnerabilitysightingexploited">vulnerability:sighting="exploited"</h4>
<div class="paragraph">
<p>Exploited</p>
</div>
<div class="paragraph">
<p>This vulnerability was exploited and seen by the user reporting the sighting.</p>
</div>
</div>
<div class="sect3">
<h4 id="_vulnerabilitysightingpatched">vulnerability:sighting="patched"</h4>
<div class="paragraph">
<p>Patched</p>
</div>
<div class="paragraph">
<p>This vulnerability was successfully patched by the user reporting the sighting.</p>
</div>
</div>
<div class="sect3">
<h4 id="_vulnerabilitysightingnot_exploited">vulnerability:sighting="not-exploited"</h4>
<div class="paragraph">
<p>Not exploited</p>
</div>
<div class="paragraph">
<p>This vulnerability was not exploited or seen by the user reporting the sighting.</p>
</div>
</div>
<div class="sect3">
<h4 id="_vulnerabilitysightingnot_confirmed">vulnerability:sighting="not-confirmed"</h4>
<div class="paragraph">
<p>Not confirmed</p>
</div>
<div class="paragraph">
<p>The user expresses doubt about the veracity of the vulnerability.</p>
</div>
</div>
<div class="sect3">
<h4 id="_vulnerabilitysightingnot_patched">vulnerability:sighting="not-patched"</h4>
<div class="paragraph">
<p>Not patched</p>
</div>
<div class="paragraph">
<p>This vulnerability was not successfully patched by the user reporting the sighting.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
@ -87589,7 +88297,7 @@ Exclusive flag set which means the values or predicate below must be set exclusi
</div>
<div id="footer">
<div id="footer-text">
Last updated 2024-08-30 09:45:18 +0200
Last updated 2024-12-03 14:55:53 +0100
</div>
</div>
</body>

858785
static/taxonomies.pdf
View File

File diff suppressed because one or more lines are too long