chg: [datamodels] updated

_pages/datamodels.md

@@ -812,7 +812,6 @@ Along with the core format, [MISP taxonomies](https://www.github.com/MISP/misp-t
 
 The taxonomies can be [browsed via the web site](/taxonomies.html) or downloaded as [PDF](/taxonomies.pdf) or via the MISP software.
 
-
 ### CERT-XLM
 
 [CERT-XLM](https://github.com/MISP/misp-taxonomies/tree/main/CERT-XLM) :
@@ -983,6 +982,11 @@ Distributed Denial of Service - or short: DDoS - taxonomy supports the descripti
 [de-vs](https://github.com/MISP/misp-taxonomies/tree/main/de-vs) :
 German (DE) Government classification markings (VS). [Overview](https://www.misp-project.org/taxonomies.html#_de_vs)
 
+### deception
+
+[deception](https://github.com/MISP/misp-taxonomies/tree/main/deception) :
+Deception is an important component of information operations, valuable for both offense and defense.  [Overview](https://www.misp-project.org/taxonomies.html#_deception)
+
 ### dhs-ciip-sectors
 
 [dhs-ciip-sectors](https://github.com/MISP/misp-taxonomies/tree/main/dhs-ciip-sectors) :
@@ -1001,7 +1005,7 @@ A subset of Information Security Marking Metadata ISM as required by Executive O
 ### domain-abuse
 
 [domain-abuse](https://github.com/MISP/misp-taxonomies/tree/main/domain-abuse) :
-Domain Name Abuse - taxonomy to tag domain names used for cybercrime. Use europol-incident to tag abuse-activity [Overview](https://www.misp-project.org/taxonomies.html#_domain_abuse)
+Domain Name Abuse - taxonomy to tag domain names used for cybercrime. [Overview](https://www.misp-project.org/taxonomies.html#_domain_abuse)
 
 ### drugs
 
@@ -1188,6 +1192,26 @@ Taxonomy to classify the information security data sources. [Overview](https://w
 [information-security-indicators](https://github.com/MISP/misp-taxonomies/tree/main/information-security-indicators) :
 A full set of operational indicators for organizations to use to benchmark their security posture. [Overview](https://www.misp-project.org/taxonomies.html#_information_security_indicators)
 
+### interactive-cyber-training-audience
+
+[interactive-cyber-training-audience](https://github.com/MISP/misp-taxonomies/tree/main/interactive-cyber-training-audience) :
+Describes the target of cyber training and education. [Overview](https://www.misp-project.org/taxonomies.html#_interactive_cyber_training_audience)
+
+### interactive-cyber-training-technical-setup
+
+[interactive-cyber-training-technical-setup](https://github.com/MISP/misp-taxonomies/tree/main/interactive-cyber-training-technical-setup) :
+The technical setup consists of environment structure, deployment, and orchestration. [Overview](https://www.misp-project.org/taxonomies.html#_interactive_cyber_training_technical_setup)
+
+### interactive-cyber-training-training-environment
+
+[interactive-cyber-training-training-environment](https://github.com/MISP/misp-taxonomies/tree/main/interactive-cyber-training-training-environment) :
+The training environment details the environment around the training, consisting of training type and scenario. [Overview](https://www.misp-project.org/taxonomies.html#_interactive_cyber_training_training_environment)
+
+### interactive-cyber-training-training-setup
+
+[interactive-cyber-training-training-setup](https://github.com/MISP/misp-taxonomies/tree/main/interactive-cyber-training-training-setup) :
+The training setup further describes the training itself with the scoring, roles, the training mode as well as the customization level. [Overview](https://www.misp-project.org/taxonomies.html#_interactive_cyber_training_training_setup)
+
 ### interception-method
 
 [interception-method](https://github.com/MISP/misp-taxonomies/tree/main/interception-method) :
@@ -1303,6 +1327,11 @@ Penetration test (pentest) classification. [Overview](https://www.misp-project.o
 [phishing](https://github.com/MISP/misp-taxonomies/tree/main/phishing) :
 Taxonomy to classify phishing attacks including techniques, collection mechanisms and analysis status. [Overview](https://www.misp-project.org/taxonomies.html#_phishing)
 
+### political-spectrum
+
+[political-spectrum](https://github.com/MISP/misp-taxonomies/tree/main/political-spectrum) :
+political spectrum is a system to characterize and classify different political positions [Overview](https://www.misp-project.org/taxonomies.html#_political_spectrum)
+
 ### priority-level
 
 [priority-level](https://github.com/MISP/misp-taxonomies/tree/main/priority-level) :
@@ -1368,25 +1397,15 @@ TTPs are representations of the behavior or modus operandi of cyber adversaries.
 [targeted-threat-index](https://github.com/MISP/misp-taxonomies/tree/main/targeted-threat-index) :
 The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman. [Overview](https://www.misp-project.org/taxonomies.html#_targeted_threat_index)
 
-### threatmatch-alert-types
+### thales_group
 
-[threatmatch-alert-types](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch-alert-types) :
+[thales_group](https://github.com/MISP/misp-taxonomies/tree/main/thales_group) :
-The ThreatMatch Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch_alert_types)
+Thales Group Taxonomy - was designed with the aim of enabling desired sharing and preventing unwanted sharing between Thales Group security communities. [Overview](https://www.misp-project.org/taxonomies.html#_thales_group)
 
-### threatmatch-incident-types
+### threatmatch
 
-[threatmatch-incident-types](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch-incident-types) :
+[threatmatch](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch) :
-The ThreatMatch Incident types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch_incident_types)
+The ThreatMatch Sectors, Incident types, Malware types and Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch)
-
-### threatmatch-malware-types
-
-[threatmatch-malware-types](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch-malware-types) :
-The ThreatMatch Malware types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch_malware_types)
-
-### threatmatch-sectors
-
-[threatmatch-sectors](https://github.com/MISP/misp-taxonomies/tree/main/threatmatch-sectors) :
-The ThreatMatch Sector types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects. [Overview](https://www.misp-project.org/taxonomies.html#_threatmatch_sectors)
 
 ### threats-to-dns
 
@@ -1413,6 +1432,11 @@ The Indicator of Trust provides insight about data on what can be trusted and kn
 [type](https://github.com/MISP/misp-taxonomies/tree/main/type) :
 Taxonomy to describe different types of intelligence gathering discipline which can be described the origin of intelligence. [Overview](https://www.misp-project.org/taxonomies.html#_type)
 
+### unified-kill-chain
+
+[unified-kill-chain](https://github.com/MISP/misp-taxonomies/tree/main/unified-kill-chain) :
+The Unified Kill Chain is a refinement to the Kill Chain. [Overview](https://www.misp-project.org/taxonomies.html#_unified_kill_chain)
+
 ### use-case-applicability
 
 [use-case-applicability](https://github.com/MISP/misp-taxonomies/tree/main/use-case-applicability) :
@@ -1438,7 +1462,6 @@ Ce vocabulaire attribue des valeurs en pourcentage à certains énoncés de prob
 [workflow](https://github.com/MISP/misp-taxonomies/tree/main/workflow) :
 Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information. [Overview](https://www.misp-project.org/taxonomies.html#_workflow)
 
-
 ## MISP Galaxy
 
 MISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or attributes. A cluster can be composed of one or more elements. Elements are expressed as key-values. There are default vocabularies available in MISP galaxy but those can be overwritten, replaced or updated as you wish. Existing clusters and vocabularies can be used as-is or as a template. MISP distribution can be applied to each cluster to permit a limited or broader distribution scheme. Many MISP galaxy clusters are already available like Exploit-Kit, Microsoft Activity Group actor, Preventive Measure,