taxonomies updated

2018-07-18 22:05:34 +02:00 · 2018-07-18 22:05:34 +02:00 · cdd5e8bef6
parent b47755c059
commit cdd5e8bef6
2 changed files with 46522 additions and 43871 deletions
--- a/taxonomies.html
+++ b/taxonomies.html
@ -496,6 +496,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
 <li><a href="#_ms_caro_malware">ms-caro-malware</a></li>
 <li><a href="#_ms_caro_malware_full">ms-caro-malware-full</a></li>
 <li><a href="#_nato">nato</a></li>
+<li><a href="#_nis">nis</a></li>
 <li><a href="#_open_threat">open_threat</a></li>
 <li><a href="#_osint">osint</a></li>
 <li><a href="#_passivetotal">passivetotal</a></li>
@ -16568,6 +16569,353 @@ nato namespace available in JSON format at <a href="https://github.com/MISP/misp
 </div>
 </div>
 <div class="sect1">
+<h2 id="_nis">nis</h2>
+<div class="sectionbody">
+<div class="admonitionblock note">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-note" title="Note"></i>
+</td>
+<td class="content">
+nis namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/nis/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
+</td>
+</tr>
+</table>
+</div>
+<div class="paragraph">
+<p>The taxonomy is meant for large scale cybersecurity incidents, as mentioned in the Commission Recommendation of 13 September 2017, also known as the blueprint. It has two core parts: The nature of the incident, i.e. the underlying cause, that triggered the incident, and the impact of the incident, i.e. the impact on services, in which sector(s) of economy and society.</p>
+</div>
+<div class="sect2">
+<h3 id="_impact_sectors_impacted">impact-sectors-impacted</h3>
+<div class="paragraph">
+<p>The impact on services, in the real world, indicating the sectors of the society and economy, where there is an impact on the services.</p>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_sectors_impactedenergy">nis:impact-sectors-impacted="energy"</h4>
+<div class="paragraph">
+<p>Energy</p>
+</div>
+<div class="paragraph">
+<p>The impact is in the Energy sector and its subsectors such as electricity, oil, or gas, for example, impacting electricity suppliers, power plants, distribution system operators, transmission system operators, oil transmission, natural gas distribution, etc.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_sectors_impactedtransport">nis:impact-sectors-impacted="transport"</h4>
+<div class="paragraph">
+<p>Transport</p>
+</div>
+<div class="paragraph">
+<p>The impact is in the transport sector and subsectors such as air, rail, water, road, for example, impacting air traffic control systems, railway companies, maritime port authorities, road traffic management systems, etc.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_sectors_impactedbanking">nis:impact-sectors-impacted="banking"</h4>
+<div class="paragraph">
+<p>Banking</p>
+</div>
+<div class="paragraph">
+<p>The impact is in the Banking sector, for example impacting banks, online banking, credit services, payment services, etc.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_sectors_impactedfinancial">nis:impact-sectors-impacted="financial"</h4>
+<div class="paragraph">
+<p>Financial</p>
+</div>
+<div class="paragraph">
+<p>The impact is in the Financial market infrastructure sector, for example, impacting traders, trading platforms, clearing services, etc.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_sectors_impactedhealth">nis:impact-sectors-impacted="health"</h4>
+<div class="paragraph">
+<p>Health</p>
+</div>
+<div class="paragraph">
+<p>The impact is in the Health sector, for example, impacting hospitals, medical devices, medicine supply, pharmacies, etc.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_sectors_impacteddrinking_water">nis:impact-sectors-impacted="drinking-water"</h4>
+<div class="paragraph">
+<p>Drinking water</p>
+</div>
+<div class="paragraph">
+<p>The impact is in the Drinking water supply and distribution sector, for example impacting drinking water supply, drinking water distribution systems, etc.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_sectors_impacteddigital_infrastructure">nis:impact-sectors-impacted="digital-infrastructure"</h4>
+<div class="paragraph">
+<p>Digital infrastructure</p>
+</div>
+<div class="paragraph">
+<p>The impact is in the Digital infrastructure sector, for example impacting internet exchange points, domain name systems, top level domain registries, etc.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_sectors_impactedcommunications">nis:impact-sectors-impacted="communications"</h4>
+<div class="paragraph">
+<p>Communications</p>
+</div>
+<div class="paragraph">
+<p>The impact is in the Electronic communications sector, for example,impacting mobile network services, fixed telephone lines, satellite communications, etc.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_sectors_impacteddigital_services">nis:impact-sectors-impacted="digital-services"</h4>
+<div class="paragraph">
+<p>Digital services</p>
+</div>
+<div class="paragraph">
+<p>The impact is in the digital services sector, for example, impacting cloud services, online market places, online search engines, etc.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_sectors_impactedtrust_and_identification_services">nis:impact-sectors-impacted="trust-and-identification-services"</h4>
+<div class="paragraph">
+<p>Trust and identification services</p>
+</div>
+<div class="paragraph">
+<p>The impact is in the electronic trust and identification services, for example, impacting certificate authorities, electronic identity systems, smartcards, etc.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_sectors_impactedgovernment">nis:impact-sectors-impacted="government"</h4>
+<div class="paragraph">
+<p>Government</p>
+</div>
+<div class="paragraph">
+<p>The impact is in the government sector, for example, impacting the functioning of public administrations, elections, or emergency services</p>
+</div>
+</div>
+</div>
+<div class="sect2">
+<h3 id="_impact_severity">impact-severity</h3>
+<div class="paragraph">
+<p>The severity of the impact, nationally, in the real world, for society and/or the economy, i.e. the level of disruption for the country or a large region of the country, the level of risks for health and/or safety, the level of physical damages and/or financial costs.</p>
+</div>
+<div class="admonitionblock important">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-important" title="Important"></i>
+</td>
+<td class="content">
+Exclusive flag set which means the values or predicate below must be set exclusively.
+</td>
+</tr>
+</table>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_severityred">nis:impact-severity="red"</h4>
+<div class="paragraph">
+<p>Red</p>
+</div>
+<div class="paragraph">
+<p>Very large impact</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_severityyellow">nis:impact-severity="yellow"</h4>
+<div class="paragraph">
+<p>Yellow</p>
+</div>
+<div class="paragraph">
+<p>Large impact.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_severitygreen">nis:impact-severity="green"</h4>
+<div class="paragraph">
+<p>Green</p>
+</div>
+<div class="paragraph">
+<p>Minor impact.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_severitywhite">nis:impact-severity="white"</h4>
+<div class="paragraph">
+<p>White</p>
+</div>
+<div class="paragraph">
+<p>No impact.</p>
+</div>
+</div>
+</div>
+<div class="sect2">
+<h3 id="_impact_outlook">impact-outlook</h3>
+<div class="paragraph">
+<p>The outlook for the incident, the prognosis, for the coming hours, considering the impact in the real world, the impact on services, for the society and/or the economy</p>
+</div>
+<div class="admonitionblock important">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-important" title="Important"></i>
+</td>
+<td class="content">
+Exclusive flag set which means the values or predicate below must be set exclusively.
+</td>
+</tr>
+</table>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_outlookimproving">nis:impact-outlook="improving"</h4>
+<div class="paragraph">
+<p>Improving</p>
+</div>
+<div class="paragraph">
+<p>Severity of impact is expected to decrease in the next 6 hours.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_outlookstable">nis:impact-outlook="stable"</h4>
+<div class="paragraph">
+<p>Stable</p>
+</div>
+<div class="paragraph">
+<p>Severity of impact is expected to remain the same in the 6 hours.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisimpact_outlookworsening">nis:impact-outlook="worsening"</h4>
+<div class="paragraph">
+<p>Worsening</p>
+</div>
+<div class="paragraph">
+<p>Severity of impact is expected to increase in the next 6 hours.</p>
+</div>
+</div>
+</div>
+<div class="sect2">
+<h3 id="_nature_root_cause">nature-root-cause</h3>
+<div class="paragraph">
+<p>The Root cause category is used to indicate what type event or threat triggered the incident.</p>
+</div>
+<div class="admonitionblock important">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-important" title="Important"></i>
+</td>
+<td class="content">
+Exclusive flag set which means the values or predicate below must be set exclusively.
+</td>
+</tr>
+</table>
+</div>
+<div class="sect3">
+<h4 id="_nisnature_root_causesystem_failures">nis:nature-root-cause="system-failures"</h4>
+<div class="paragraph">
+<p>System failures</p>
+</div>
+<div class="paragraph">
+<p>The incident is due to a failure of a system, i.e. without external causes. For example a hardware failure, software bug, a flaw in a procedure, etc. triggered the incident.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisnature_root_causenatural_phenomena">nis:nature-root-cause="natural-phenomena"</h4>
+<div class="paragraph">
+<p>Natural phenomena</p>
+</div>
+<div class="paragraph">
+<p>The incident is due to a natural phenomenon. For example a storm, lightning, solar flare, flood, earthquake, wildfire, etc. triggered the incident.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisnature_root_causehuman_errors">nis:nature-root-cause="human-errors"</h4>
+<div class="paragraph">
+<p>Human errors</p>
+</div>
+<div class="paragraph">
+<p>The incident is due to a human error, i.e. system worked correctly, but was used wrong. For example, a mistake, or carelessness triggered the incident.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisnature_root_causemalicious_actions">nis:nature-root-cause="malicious-actions"</h4>
+<div class="paragraph">
+<p>Malicious actions</p>
+</div>
+<div class="paragraph">
+<p>The incident is due to a malicious action. For example, a cyber-attack or physical attack, vandalism, sabotage, insider attack, theft, etc., triggered the incident.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisnature_root_causethird_party_failures">nis:nature-root-cause="third-party-failures"</h4>
+<div class="paragraph">
+<p>Third party failures</p>
+</div>
+<div class="paragraph">
+<p>The incident is due to a disruption of a third party service, like a utility. For example a power cut, or an internet outage, etc. triggered the incident.</p>
+</div>
+</div>
+</div>
+<div class="sect2">
+<h3 id="_nature_severity">nature-severity</h3>
+<div class="paragraph">
+<p>The severity of the threat is used to indicate, from a technical perspective, the potential impact, the risk associated with the threat. For example, the severity is high if an upcoming storm is exceptionally strong, if an observed DDoS attack is exceptionally powerful, or if a software vulnerability is easily exploited and present in many different systems. For example, in certain situations a critical software vulnerability would require concerted and urgent work by different organizations.</p>
+</div>
+<div class="admonitionblock important">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-important" title="Important"></i>
+</td>
+<td class="content">
+Exclusive flag set which means the values or predicate below must be set exclusively.
+</td>
+</tr>
+</table>
+</div>
+<div class="sect3">
+<h4 id="_nisnature_severityhigh">nis:nature-severity="high"</h4>
+<div class="paragraph">
+<p>High</p>
+</div>
+<div class="paragraph">
+<p>High severity, potential impact is high.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisnature_severitymedium">nis:nature-severity="medium"</h4>
+<div class="paragraph">
+<p>Medium</p>
+</div>
+<div class="paragraph">
+<p>Medium severity, potential impact is medium.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_nisnature_severitylow">nis:nature-severity="low"</h4>
+<div class="paragraph">
+<p>Low</p>
+</div>
+<div class="paragraph">
+<p>Low severity, potential impact is low.</p>
+</div>
+</div>
+</div>
+<div class="sect2">
+<h3 id="_test_4">test</h3>
+<div class="paragraph">
+<p>A test predicate meant to test interoperability between tools. Tags contained within this predicate are to be ignored.</p>
+</div>
+<div class="sect3">
+<h4 id="_nistesttest">nis:test="test"</h4>
+<div class="paragraph">
+<p>Test</p>
+</div>
+<div class="paragraph">
+<p>Test value meant for testing interoperability. Tags with this value are to be ignored.</p>
+</div>
+</div>
+</div>
+</div>
+</div>
+<div class="sect1">
 <h2 id="_open_threat">open_threat</h2>
 <div class="sectionbody">
 <div class="admonitionblock note">
@ -18210,7 +18558,7 @@ rsit namespace available in JSON format at <a href="https://github.com/MISP/misp
 </div>
 </div>
 <div class="sect2">
-<h3 id="_test_4">test</h3>
+<h3 id="_test_5">test</h3>
 <div class="paragraph">
 <p>Meant for testing.</p>
 </div>
@ -32278,7 +32626,7 @@ workflow namespace available in JSON format at <a href="https://github.com/MISP/
 </div>
 <div id="footer">
 <div id="footer-text">
-Last updated 2018-07-12 15:06:13 CEST
+Last updated 2018-07-18 22:03:30 CEST
 </div>
 </div>
 </body>
--- a/taxonomies.pdf
+++ b/taxonomies.pdf