diff --git a/_pages/datamodels.md b/_pages/datamodels.md index 1e5490e..93b0b97 100755 --- a/_pages/datamodels.md +++ b/_pages/datamodels.md @@ -812,7 +812,6 @@ Along with the core format, [MISP taxonomies](https://www.github.com/MISP/misp-t The taxonomies can be [browsed via the web site](/taxonomies.html) or downloaded as [PDF](/taxonomies.pdf) or via the MISP software. - ### CERT-XLM [CERT-XLM](https://github.com/MISP/misp-taxonomies/tree/main/CERT-XLM) : @@ -983,6 +982,11 @@ Distributed Denial of Service - or short: DDoS - taxonomy supports the descripti [de-vs](https://github.com/MISP/misp-taxonomies/tree/main/de-vs) : German (DE) Government classification markings (VS). [Overview](https://www.misp-project.org/taxonomies.html#_de_vs) +### deception + +[deception](https://github.com/MISP/misp-taxonomies/tree/main/deception) : +Deception is an important component of information operations, valuable for both offense and defense. [Overview](https://www.misp-project.org/taxonomies.html#_deception) + ### dhs-ciip-sectors [dhs-ciip-sectors](https://github.com/MISP/misp-taxonomies/tree/main/dhs-ciip-sectors) : @@ -1001,7 +1005,7 @@ A subset of Information Security Marking Metadata ISM as required by Executive O ### domain-abuse [domain-abuse](https://github.com/MISP/misp-taxonomies/tree/main/domain-abuse) : -Domain Name Abuse - taxonomy to tag domain names used for cybercrime. Use europol-incident to tag abuse-activity [Overview](https://www.misp-project.org/taxonomies.html#_domain_abuse) +Domain Name Abuse - taxonomy to tag domain names used for cybercrime. [Overview](https://www.misp-project.org/taxonomies.html#_domain_abuse) ### drugs @@ -1188,6 +1192,26 @@ Taxonomy to classify the information security data sources. [Overview](https://w [information-security-indicators](https://github.com/MISP/misp-taxonomies/tree/main/information-security-indicators) : A full set of operational indicators for organizations to use to benchmark their security posture. [Overview](https://www.misp-project.org/taxonomies.html#_information_security_indicators) +### interactive-cyber-training-audience + +[interactive-cyber-training-audience](https://github.com/MISP/misp-taxonomies/tree/main/interactive-cyber-training-audience) : +Describes the target of cyber training and education. [Overview](https://www.misp-project.org/taxonomies.html#_interactive_cyber_training_audience) + +### interactive-cyber-training-technical-setup + +[interactive-cyber-training-technical-setup](https://github.com/MISP/misp-taxonomies/tree/main/interactive-cyber-training-technical-setup) : +The technical setup consists of environment structure, deployment, and orchestration. [Overview](https://www.misp-project.org/taxonomies.html#_interactive_cyber_training_technical_setup) + +### interactive-cyber-training-training-environment + +[interactive-cyber-training-training-environment](https://github.com/MISP/misp-taxonomies/tree/main/interactive-cyber-training-training-environment) : +The training environment details the environment around the training, consisting of training type and scenario. [Overview](https://www.misp-project.org/taxonomies.html#_interactive_cyber_training_training_environment) + +### interactive-cyber-training-training-setup + +[interactive-cyber-training-training-setup](https://github.com/MISP/misp-taxonomies/tree/main/interactive-cyber-training-training-setup) : +The training setup further describes the training itself with the scoring, roles, the training mode as well as the customization level. [Overview](https://www.misp-project.org/taxonomies.html#_interactive_cyber_training_training_setup) + ### interception-method [interception-method](https://github.com/MISP/misp-taxonomies/tree/main/interception-method) : @@ -1303,6 +1327,11 @@ Penetration test (pentest) classification. [Overview](https://www.misp-project.o [phishing](https://github.com/MISP/misp-taxonomies/tree/main/phishing) : Taxonomy to classify phishing attacks including techniques, collection mechanisms and analysis status. [Overview](https://www.misp-project.org/taxonomies.html#_phishing) +### political-spectrum + +[political-spectrum](https://github.com/MISP/misp-taxonomies/tree/main/political-spectrum) : +political spectrum is a system to characterize and classify different political positions [Overview](https://www.misp-project.org/taxonomies.html#_political_spectrum) + ### priority-level [priority-level](https://github.com/MISP/misp-taxonomies/tree/main/priority-level) : @@ -1368,25 +1397,15 @@ TTPs are representations of the behavior or modus operandi of cyber adversaries. [targeted-threat-index](https://github.com/MISP/misp-taxonomies/tree/main/targeted-threat-index) : The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman. [Overview](https://www.misp-project.org/taxonomies.html#_targeted_threat_index) -### threatmatch-alert-types +### thales_group -[threatmatch-alert-types](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch-alert-types) : -The ThreatMatch Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch_alert_types) +[thales_group](https://github.com/MISP/misp-taxonomies/tree/main/thales_group) : +Thales Group Taxonomy - was designed with the aim of enabling desired sharing and preventing unwanted sharing between Thales Group security communities. [Overview](https://www.misp-project.org/taxonomies.html#_thales_group) -### threatmatch-incident-types +### threatmatch -[threatmatch-incident-types](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch-incident-types) : -The ThreatMatch Incident types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch_incident_types) - -### threatmatch-malware-types - -[threatmatch-malware-types](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch-malware-types) : -The ThreatMatch Malware types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch_malware_types) - -### threatmatch-sectors - -[threatmatch-sectors](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch-sectors) : -The ThreatMatch Sector types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch_sectors) +[threatmatch](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch) : +The ThreatMatch Sectors, Incident types, Malware types and Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch) ### threats-to-dns @@ -1413,6 +1432,11 @@ The Indicator of Trust provides insight about data on what can be trusted and kn [type](https://github.com/MISP/misp-taxonomies/tree/main/type) : Taxonomy to describe different types of intelligence gathering discipline which can be described the origin of intelligence. [Overview](https://www.misp-project.org/taxonomies.html#_type) +### unified-kill-chain + +[unified-kill-chain](https://github.com/MISP/misp-taxonomies/tree/main/unified-kill-chain) : +The Unified Kill Chain is a refinement to the Kill Chain. [Overview](https://www.misp-project.org/taxonomies.html#_unified_kill_chain) + ### use-case-applicability [use-case-applicability](https://github.com/MISP/misp-taxonomies/tree/main/use-case-applicability) : @@ -1438,7 +1462,6 @@ Ce vocabulaire attribue des valeurs en pourcentage à certains énoncés de prob [workflow](https://github.com/MISP/misp-taxonomies/tree/main/workflow) : Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information. [Overview](https://www.misp-project.org/taxonomies.html#_workflow) - ## MISP Galaxy MISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or attributes. A cluster can be composed of one or more elements. Elements are expressed as key-values. There are default vocabularies available in MISP galaxy but those can be overwritten, replaced or updated as you wish. Existing clusters and vocabularies can be used as-is or as a template. MISP distribution can be applied to each cluster to permit a limited or broader distribution scheme. Many MISP galaxy clusters are already available like Exploit-Kit, Microsoft Activity Group actor, Preventive Measure,