MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: taxonomies descriptions are now fixed

pull/3/head
Alexandre Dulaunoy 2018-02-18 12:39:56 +01:00
parent 68dcc4b383
commit acd4bf7294
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 70850 additions and 69493 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
taxonomies.html
View File

@ -1136,10 +1136,8 @@ PAP namespace available in JSON format at <a href="https://github.com/MISP/misp-
</tr>
</table>
</div>
<div class="literalblock">
<div class="content">
<pre>PAP - was designed to indicate how the received information can be used.</pre>
</div>
<div class="paragraph">
<p>The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.</p>
</div>
<div class="sect2">
<h3 id="_red">RED</h3>
@ -2802,6 +2800,9 @@ cyber-threat-framework namespace available in JSON format at <a href="https://gi
</tr>
</table>
</div>
<div class="paragraph">
<p>Cyber Threat Framework was developed by the US Government to enable consistent characterization and categorization of cyber threat events, and to identify trends or changes in the activities of cyber adversaries. <a href="https://www.dni.gov/index.php/cyber-threat-framework" class="bare">https://www.dni.gov/index.php/cyber-threat-framework</a></p>
</div>
<div class="sect2">
<h3 id="_preparation">Preparation</h3>
<div class="sect3">
@ -3004,7 +3005,7 @@ ddos namespace available in JSON format at <a href="https://github.com/MISP/misp
</div>
<div class="literalblock">
<div class="content">
<pre>DDoS - taxonomy supports the description of Denial of Service attacks and especially the types they belong too.</pre>
<pre>Distributed Denial of Service - or short: DDoS - taxonomy supports the description of Denial of Service attacks and especially the types they belong too.</pre>
</div>
</div>
<div class="sect2">
@ -3131,6 +3132,9 @@ dhs-ciip-sectors namespace available in JSON format at <a href="https://github.c
</tr>
</table>
</div>
<div class="paragraph">
<p>DHS critical sectors as in <a href="https://www.dhs.gov/critical-infrastructure-sectors" class="bare">https://www.dhs.gov/critical-infrastructure-sectors</a></p>
</div>
<div class="sect2">
<h3 id="_dhs_critical_sectors">DHS-critical-sectors</h3>
<div class="sect3">
@ -7318,6 +7322,9 @@ honeypot-basic namespace available in JSON format at <a href="https://github.com
</tr>
</table>
</div>
<div class="paragraph">
<p>Christian Seifert, Ian Welch, Peter Komisarczuk, Taxonomy of Honeypots, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, <a href="http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf" class="bare">http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf</a></p>
</div>
<div class="sect2">
<h3 id="_interaction_level">interaction-level</h3>
<div class="paragraph">
@ -7832,6 +7839,9 @@ incident-disposition namespace available in JSON format at <a href="https://gith
</tr>
</table>
</div>
<div class="paragraph">
<p>How an incident is classified in its process to be resolved. The taxonomy is inspired from NASA Incident Response and Management Handbook. <a href="https://www.nasa.gov/pdf/589502main_ITS-HBK-2810.09-02%20%5bNASA%20Information%20Security%20Incident%20Management%5d.pdf#page=9" class="bare">https://www.nasa.gov/pdf/589502main_ITS-HBK-2810.09-02%20%5bNASA%20Information%20Security%20Incident%20Management%5d.pdf#page=9</a></p>
</div>
<div class="sect2">
<h3 id="_incident">incident</h3>
<div class="sect3">
@ -9017,6 +9027,9 @@ malware_classification namespace available in JSON format at <a href="https://gi
</tr>
</table>
</div>
<div class="paragraph">
<p>Classification based on different categories. Based on <a href="https://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848" class="bare">https://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848</a></p>
</div>
<div class="sect2">
<h3 id="_malware_category">malware-category</h3>
<div class="sect3">
@ -9435,6 +9448,9 @@ ms-caro-malware namespace available in JSON format at <a href="https://github.co
</tr>
</table>
</div>
<div class="paragraph">
<p>Malware Type and Platform classification based on Microsoft&#8217;s implementation of the Computer Antivirus Research Organization (CARO) Naming Scheme and Malware Terminology. Based on <a href="https://www.microsoft.com/en-us/security/portal/mmpc/shared/malwarenaming.aspx" class="bare">https://www.microsoft.com/en-us/security/portal/mmpc/shared/malwarenaming.aspx</a>, <a href="https://www.microsoft.com/security/portal/mmpc/shared/glossary.aspx" class="bare">https://www.microsoft.com/security/portal/mmpc/shared/glossary.aspx</a>, <a href="https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx" class="bare">https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx</a>, and <a href="http://www.caro.org/definitions/index.html" class="bare">http://www.caro.org/definitions/index.html</a>. Malware families are extracted from Microsoft SIRs since 2008 based on <a href="https://www.microsoft.com/security/sir/archive/default.aspx" class="bare">https://www.microsoft.com/security/sir/archive/default.aspx</a> and <a href="https://www.microsoft.com/en-us/security/portal/threat/threats.aspx" class="bare">https://www.microsoft.com/en-us/security/portal/threat/threats.aspx</a>. Note that SIRs do NOT include all Microsoft malware families.</p>
</div>
<div class="sect2">
<h3 id="_malware_type">malware-type</h3>
<div class="sect3">
@ -10105,6 +10121,9 @@ ms-caro-malware-full namespace available in JSON format at <a href="https://gith
</tr>
</table>
</div>
<div class="paragraph">
<p>Malware Type and Platform classification based on Microsoft&#8217;s implementation of the Computer Antivirus Research Organization (CARO) Naming Scheme and Malware Terminology. Based on <a href="https://www.microsoft.com/en-us/security/portal/mmpc/shared/malwarenaming.aspx" class="bare">https://www.microsoft.com/en-us/security/portal/mmpc/shared/malwarenaming.aspx</a>, <a href="https://www.microsoft.com/security/portal/mmpc/shared/glossary.aspx" class="bare">https://www.microsoft.com/security/portal/mmpc/shared/glossary.aspx</a>, <a href="https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx" class="bare">https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx</a>, and <a href="http://www.caro.org/definitions/index.html" class="bare">http://www.caro.org/definitions/index.html</a>. Malware families are extracted from Microsoft SIRs since 2008 based on <a href="https://www.microsoft.com/security/sir/archive/default.aspx" class="bare">https://www.microsoft.com/security/sir/archive/default.aspx</a> and <a href="https://www.microsoft.com/en-us/security/portal/threat/threats.aspx" class="bare">https://www.microsoft.com/en-us/security/portal/threat/threats.aspx</a>. Note that SIRs do NOT include all Microsoft malware families.</p>
</div>
<div class="sect2">
<h3 id="_malware_type_2">malware-type</h3>
<div class="sect3">
@ -13599,6 +13618,9 @@ open_threat namespace available in JSON format at <a href="https://github.com/MI
</tr>
</table>
</div>
<div class="paragraph">
<p>Open Threat Taxonomy v1.1 base on James Tarala of SANS <a href="http://www.auditscripts.com/resources/open_threat_taxonomy_v1.1a.pdf" class="bare">http://www.auditscripts.com/resources/open_threat_taxonomy_v1.1a.pdf</a>, <a href="https://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Using-Open-Tools-to-Convert-Threat-Intelligence-into-Practical-Defenses-James-Tarala-SANS-Institute.pdf" class="bare">https://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Using-Open-Tools-to-Convert-Threat-Intelligence-into-Practical-Defenses-James-Tarala-SANS-Institute.pdf</a>, <a href="https://www.youtube.com/watch?v=5rdGOOFC_yE" class="bare">https://www.youtube.com/watch?v=5rdGOOFC_yE</a>, and <a href="https://www.rsaconference.com/writable/presentations/file_upload/str-r04_using-an-open-source-threat-model-for-prioritized-defense-final.pdf" class="bare">https://www.rsaconference.com/writable/presentations/file_upload/str-r04_using-an-open-source-threat-model-for-prioritized-defense-final.pdf</a></p>
</div>
<div class="sect2">
<h3 id="_threat_category">threat-category</h3>
<div class="sect3">
@ -14965,6 +14987,9 @@ stealth_malware namespace available in JSON format at <a href="https://github.co
</tr>
</table>
</div>
<div class="paragraph">
<p>Classification based on malware stealth techniques. Described in <a href="https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf" class="bare">https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf</a></p>
</div>
<div class="sect2">
<h3 id="_type_3">type</h3>
<div class="sect3">
@ -15170,10 +15195,8 @@ targeted-threat-index namespace available in JSON format at <a href="https://git
</tr>
</table>
</div>
<div class="literalblock">
<div class="content">
<pre>Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman.</pre>
</div>
<div class="paragraph">
<p>The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victims computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman.</p>
</div>
<div class="sect2">
<h3 id="_targeting_sophistication_base_value">targeting-sophistication-base-value</h3>
@ -15300,10 +15323,8 @@ tlp namespace available in JSON format at <a href="https://github.com/MISP/misp-
</tr>
</table>
</div>
<div class="literalblock">
<div class="content">
<pre>TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time.</pre>
</div>
<div class="paragraph">
<p>The Traffic Light Protocol - or short: TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time.</p>
</div>
<div class="admonitionblock important">
<table>
@ -22093,7 +22114,7 @@ workflow namespace available in JSON format at <a href="https://github.com/MISP/
</div>
<div id="footer">
<div id="footer-text">
Last updated 2018-02-18 12:18:11 CET
Last updated 2018-02-18 12:38:45 CET
</div>
</div>
</body>

140294
taxonomies.pdf
View File

File diff suppressed because it is too large Load Diff