MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [datamodels] updated

pull/54/head
Alexandre Dulaunoy 2021-12-23 16:23:17 +01:00
parent 42f4444ee8
commit 90049aba17
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 42 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
_pages/datamodels.md
View File

@ -812,7 +812,6 @@ Along with the core format, [MISP taxonomies](https://www.github.com/MISP/misp-t
The taxonomies can be [browsed via the web site](/taxonomies.html) or downloaded as [PDF](/taxonomies.pdf) or via the MISP software.
### CERT-XLM
[CERT-XLM](https://github.com/MISP/misp-taxonomies/tree/main/CERT-XLM) :
@ -983,6 +982,11 @@ Distributed Denial of Service - or short: DDoS - taxonomy supports the descripti
[de-vs](https://github.com/MISP/misp-taxonomies/tree/main/de-vs) :
German (DE) Government classification markings (VS). [Overview](https://www.misp-project.org/taxonomies.html#_de_vs)
### deception
[deception](https://github.com/MISP/misp-taxonomies/tree/main/deception) :
Deception is an important component of information operations, valuable for both offense and defense. [Overview](https://www.misp-project.org/taxonomies.html#_deception)
### dhs-ciip-sectors
[dhs-ciip-sectors](https://github.com/MISP/misp-taxonomies/tree/main/dhs-ciip-sectors) :
@ -1001,7 +1005,7 @@ A subset of Information Security Marking Metadata ISM as required by Executive O
### domain-abuse
[domain-abuse](https://github.com/MISP/misp-taxonomies/tree/main/domain-abuse) :
Domain Name Abuse - taxonomy to tag domain names used for cybercrime. Use europol-incident to tag abuse-activity [Overview](https://www.misp-project.org/taxonomies.html#_domain_abuse)
Domain Name Abuse - taxonomy to tag domain names used for cybercrime. [Overview](https://www.misp-project.org/taxonomies.html#_domain_abuse)
### drugs
@ -1188,6 +1192,26 @@ Taxonomy to classify the information security data sources. [Overview](https://w
[information-security-indicators](https://github.com/MISP/misp-taxonomies/tree/main/information-security-indicators) :
A full set of operational indicators for organizations to use to benchmark their security posture. [Overview](https://www.misp-project.org/taxonomies.html#_information_security_indicators)
### interactive-cyber-training-audience
[interactive-cyber-training-audience](https://github.com/MISP/misp-taxonomies/tree/main/interactive-cyber-training-audience) :
Describes the target of cyber training and education. [Overview](https://www.misp-project.org/taxonomies.html#_interactive_cyber_training_audience)
### interactive-cyber-training-technical-setup
[interactive-cyber-training-technical-setup](https://github.com/MISP/misp-taxonomies/tree/main/interactive-cyber-training-technical-setup) :
The technical setup consists of environment structure, deployment, and orchestration. [Overview](https://www.misp-project.org/taxonomies.html#_interactive_cyber_training_technical_setup)
### interactive-cyber-training-training-environment
[interactive-cyber-training-training-environment](https://github.com/MISP/misp-taxonomies/tree/main/interactive-cyber-training-training-environment) :
The training environment details the environment around the training, consisting of training type and scenario. [Overview](https://www.misp-project.org/taxonomies.html#_interactive_cyber_training_training_environment)
### interactive-cyber-training-training-setup
[interactive-cyber-training-training-setup](https://github.com/MISP/misp-taxonomies/tree/main/interactive-cyber-training-training-setup) :
The training setup further describes the training itself with the scoring, roles, the training mode as well as the customization level. [Overview](https://www.misp-project.org/taxonomies.html#_interactive_cyber_training_training_setup)
### interception-method
[interception-method](https://github.com/MISP/misp-taxonomies/tree/main/interception-method) :
@ -1303,6 +1327,11 @@ Penetration test (pentest) classification. [Overview](https://www.misp-project.o
[phishing](https://github.com/MISP/misp-taxonomies/tree/main/phishing) :
Taxonomy to classify phishing attacks including techniques, collection mechanisms and analysis status. [Overview](https://www.misp-project.org/taxonomies.html#_phishing)
### political-spectrum
[political-spectrum](https://github.com/MISP/misp-taxonomies/tree/main/political-spectrum) :
political spectrum is a system to characterize and classify different political positions [Overview](https://www.misp-project.org/taxonomies.html#_political_spectrum)
### priority-level
[priority-level](https://github.com/MISP/misp-taxonomies/tree/main/priority-level) :
@ -1368,25 +1397,15 @@ TTPs are representations of the behavior or modus operandi of cyber adversaries.
[targeted-threat-index](https://github.com/MISP/misp-taxonomies/tree/main/targeted-threat-index) :
The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victims computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman. [Overview](https://www.misp-project.org/taxonomies.html#_targeted_threat_index)
### threatmatch-alert-types
### thales_group
[threatmatch-alert-types](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch-alert-types) :
The ThreatMatch Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch_alert_types)
[thales_group](https://github.com/MISP/misp-taxonomies/tree/main/thales_group) :
Thales Group Taxonomy - was designed with the aim of enabling desired sharing and preventing unwanted sharing between Thales Group security communities. [Overview](https://www.misp-project.org/taxonomies.html#_thales_group)
### threatmatch-incident-types
### threatmatch
[threatmatch-incident-types](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch-incident-types) :
The ThreatMatch Incident types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch_incident_types)
### threatmatch-malware-types
[threatmatch-malware-types](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch-malware-types) :
The ThreatMatch Malware types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch_malware_types)
### threatmatch-sectors
[threatmatch-sectors](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch-sectors) :
The ThreatMatch Sector types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch_sectors)
[threatmatch](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch) :
The ThreatMatch Sectors, Incident types, Malware types and Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch)
### threats-to-dns
@ -1413,6 +1432,11 @@ The Indicator of Trust provides insight about data on what can be trusted and kn
[type](https://github.com/MISP/misp-taxonomies/tree/main/type) :
Taxonomy to describe different types of intelligence gathering discipline which can be described the origin of intelligence. [Overview](https://www.misp-project.org/taxonomies.html#_type)
### unified-kill-chain
[unified-kill-chain](https://github.com/MISP/misp-taxonomies/tree/main/unified-kill-chain) :
The Unified Kill Chain is a refinement to the Kill Chain. [Overview](https://www.misp-project.org/taxonomies.html#_unified_kill_chain)
### use-case-applicability
[use-case-applicability](https://github.com/MISP/misp-taxonomies/tree/main/use-case-applicability) :
@ -1438,7 +1462,6 @@ Ce vocabulaire attribue des valeurs en pourcentage à certains énoncés de prob
[workflow](https://github.com/MISP/misp-taxonomies/tree/main/workflow) :
Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information. [Overview](https://www.misp-project.org/taxonomies.html#_workflow)
## MISP Galaxy
MISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or attributes. A cluster can be composed of one or more elements. Elements are expressed as key-values. There are default vocabularies available in MISP galaxy but those can be overwritten, replaced or updated as you wish. Existing clusters and vocabularies can be used as-is or as a template. MISP distribution can be applied to each cluster to permit a limited or broader distribution scheme. Many MISP galaxy clusters are already available like Exploit-Kit, Microsoft Activity Group actor, Preventive Measure,