MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

taxonomies added

pull/6/head
Alexandre Dulaunoy 2018-07-12 14:53:33 +02:00
parent 372317a637
commit dcb9f075c7
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 34741 additions and 31868 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

513
taxonomies.html
View File

@ -501,6 +501,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_passivetotal">passivetotal</a></li>
<li><a href="#_pentest">pentest</a></li>
<li><a href="#_priority_level">priority-level</a></li>
<li><a href="#_rsit">RSIT</a></li>
<li><a href="#_rt_event_status">rt_event_status</a></li>
<li><a href="#_runtime_packer">runtime-packer</a></li>
<li><a href="#_smart_airports_threats">smart-airports-threats</a></li>
@ -17852,6 +17853,380 @@ Exclusive flag set which means the values or predicate below must be set exclusi
</div>
</div>
<div class="sect1">
<h2 id="_rsit">RSIT</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
RSIT namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/RSIT/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Reference Security Incident Classification Taxonomy</p>
</div>
<div class="sect2">
<h3 id="_abusive_content_4">abusive-content</h3>
<div class="paragraph">
<p>Abusive Content.</p>
</div>
<div class="sect3">
<h4 id="_rsitabusive_contentspam">RSIT:abusive-content="spam"</h4>
<div class="paragraph">
<p>spam</p>
</div>
<div class="paragraph">
<p>Or 'Unsolicited Bulk Email', this means that the recipient has not granted verifiable permission for the message to be sent and that the message is sent as part of a larger collection of messages, all having a functionally comparable content.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitabusive_contentharmful_speech">RSIT:abusive-content="harmful-speech"</h4>
<div class="paragraph">
<p>Harmful Speech</p>
</div>
<div class="paragraph">
<p>Discreditation or discrimination of somebody e.g. cyber stalking, racism and threats against one or more individuals).</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitabusive_contentviolence">RSIT:abusive-content="violence"</h4>
<div class="paragraph">
<p>Child/Sexual/Violence/&#8230;&#8203;</p>
</div>
<div class="paragraph">
<p>Child Pornography, glorification of violence, &#8230;&#8203;</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_malicious_code_3">malicious-code</h3>
<div class="paragraph">
<p>Software that is intentionally included or inserted in a system for a harmful purpose. A user interaction is normally necessary to activate the code.</p>
</div>
<div class="sect3">
<h4 id="_rsitmalicious_codevirus">RSIT:malicious-code="virus"</h4>
<div class="paragraph">
<p>Virus</p>
</div>
<div class="paragraph">
<p>Software that is intentionally included or inserted in a system for a harmful purpose. A user interaction is normally necessary to activate the code.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitmalicious_codeworm">RSIT:malicious-code="worm"</h4>
<div class="paragraph">
<p>Worm</p>
</div>
<div class="paragraph">
<p>see 'virus'</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitmalicious_codetrojan">RSIT:malicious-code="trojan"</h4>
<div class="paragraph">
<p>Trojan</p>
</div>
<div class="paragraph">
<p>see 'virus'</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitmalicious_codespyware">RSIT:malicious-code="spyware"</h4>
<div class="paragraph">
<p>Spyware</p>
</div>
<div class="paragraph">
<p>see 'virus'</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitmalicious_codedialer">RSIT:malicious-code="dialer"</h4>
<div class="paragraph">
<p>Dialer</p>
</div>
<div class="paragraph">
<p>see 'virus'</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitmalicious_coderootkit">RSIT:malicious-code="rootkit"</h4>
<div class="paragraph">
<p>Rootkit</p>
</div>
<div class="paragraph">
<p>see 'virus'</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_gathering_4">information-gathering</h3>
<div class="paragraph">
<p>Information Gathering.</p>
</div>
<div class="sect3">
<h4 id="_rsitinformation_gatheringscanner">RSIT:information-gathering="scanner"</h4>
<div class="paragraph">
<p>Scanning</p>
</div>
<div class="paragraph">
<p>Attacks that send requests to a system to discover weak points. This includes also some kind of testing processes to gather information about hosts, services and accounts. Examples: fingerd, DNS querying, ICMP, SMTP (EXPN, RCPT, &#8230;&#8203;), port scanning.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitinformation_gatheringsniffing">RSIT:information-gathering="sniffing"</h4>
<div class="paragraph">
<p>Sniffing</p>
</div>
<div class="paragraph">
<p>Observing and recording of network traffic (wiretapping).</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitinformation_gatheringsocial_engineering">RSIT:information-gathering="social-engineering"</h4>
<div class="paragraph">
<p>Social Engineering</p>
</div>
<div class="paragraph">
<p>Gathering information from a human being in a non-technical way (e.g. lies, tricks, bribes, or threats).</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_intrusion_attempts_3">intrusion-attempts</h3>
<div class="paragraph">
<p>Intrusion Attempts.</p>
</div>
<div class="sect3">
<h4 id="_rsitintrusion_attemptsids_alert">RSIT:intrusion-attempts="ids-alert"</h4>
<div class="paragraph">
<p>Exploiting of known Vulnerabilities</p>
</div>
<div class="paragraph">
<p>An attempt to compromise a system or to disrupt any service by exploiting vunerabilities with a standardised identifier such as CVE name (e.g. buffer overflow, backdoor, cross site scripting, etc.)</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitintrusion_attemptsbrute_force">RSIT:intrusion-attempts="brute-force"</h4>
<div class="paragraph">
<p>Login attempts</p>
</div>
<div class="paragraph">
<p>Multiple login attempts (Guessing / cracking of passwords, brute force).</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitintrusion_attemptsexploit">RSIT:intrusion-attempts="exploit"</h4>
<div class="paragraph">
<p>New attack signature</p>
</div>
<div class="paragraph">
<p>An attempt using an unknown exploit.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_intrusions_2">intrusions</h3>
<div class="paragraph">
<p>A successful compromise of a system or application (service). This can have been caused remotely by a known or new vulnerability, but also by an unauthorized local access. Also includes being part of a botnet.</p>
</div>
<div class="sect3">
<h4 id="_rsitintrusionsprivileged_account_compromise">RSIT:intrusions="privileged-account-compromise"</h4>
<div class="paragraph">
<p>Privileged Account Compromise</p>
</div>
<div class="paragraph">
<p>A successful compromise of a system or application (service). This can have been caused remotely by a known or new vulnerability, but also by an unauthorized local access. Also includes being part of a botnet.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitintrusionsunprivileged_account_compromise">RSIT:intrusions="unprivileged-account-compromise"</h4>
<div class="paragraph">
<p>Unprivileged Account Compromise</p>
</div>
<div class="paragraph">
<p>see 'Privileged Account Compromise'</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitintrusionsapplication_compromise">RSIT:intrusions="application-compromise"</h4>
<div class="paragraph">
<p>Application Compromise</p>
</div>
<div class="paragraph">
<p>see 'Privileged Account Compromise'</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitintrusionsbot">RSIT:intrusions="bot"</h4>
<div class="paragraph">
<p>Bot</p>
</div>
<div class="paragraph">
<p>see 'Privileged Account Compromise'</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_availability_4">availability</h3>
<div class="paragraph">
<p>By this kind of an attack a system is bombarded with so many packets that the operations are delayed or the system crashes. DoS examples are ICMP and SYN floods, Teardrop attacks and mail-bombing. DDoS often is based on DoS attacks originating from botnets, but also other scenarios exist like DNS Amplification attacks. However, the availability also can be affected by local actions (destruction, disruption of power supply, etc.) or by Act of God, spontaneous failures or human error, without malice or gross neglect being involved.</p>
</div>
<div class="sect3">
<h4 id="_rsitavailabilitydos">RSIT:availability="dos"</h4>
<div class="paragraph">
<p>DoS</p>
</div>
<div class="paragraph">
<p>Denial of Service.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitavailabilityddos">RSIT:availability="ddos"</h4>
<div class="paragraph">
<p>DDoS</p>
</div>
<div class="paragraph">
<p>Distributed Denial of Service.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitavailabilitysabotage">RSIT:availability="sabotage"</h4>
<div class="paragraph">
<p>Sabotage</p>
</div>
<div class="paragraph">
<p>Sabotage.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitavailabilityoutage">RSIT:availability="outage"</h4>
<div class="paragraph">
<p>Outage (no malice)</p>
</div>
<div class="paragraph">
<p>Outage (no malice).</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_content_security_3">information-content-security</h3>
<div class="paragraph">
<p>Besides a local abuse of data and systems the information security can be endangered by a successful account or application compromise. Furthermore attacks are possible that intercept and access information during transmission (wiretapping, spoofing or hijacking). Human/configuration/software error can also be the cause.</p>
</div>
<div class="sect3">
<h4 id="_rsitinformation_content_securityunauthorised_information_access">RSIT:information-content-security="Unauthorised-information-access"</h4>
<div class="paragraph">
<p>Unauthorised access to information</p>
</div>
<div class="paragraph">
<p>Besides local abuse of data and systems, the security of information can be endangered by successful compromise of an account or application. In addition, attacks that intercept and access information during transmission (wiretapping, spoofing or hijacking) are possible. Human/configuration/software error can also be the cause.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitinformation_content_securityunauthorised_information_modification">RSIT:information-content-security="Unauthorised-information-modification"</h4>
<div class="paragraph">
<p>Unauthorised modification of information</p>
</div>
<div class="paragraph">
<p>see 'Unauthorised access to information'</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_fraud_4">fraud</h3>
<div class="paragraph">
<p>Fraud.</p>
</div>
<div class="sect3">
<h4 id="_rsitfraudunauthorized_use_of_resources">RSIT:fraud="unauthorized-use-of-resources"</h4>
<div class="paragraph">
<p>Unauthorized use of resources</p>
</div>
<div class="paragraph">
<p>Using resources for unauthorized purposes including profit-making ventures (E.g. the use of e-mail to participate in illegal profit chain letters or pyramid schemes).</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitfraudcopyright">RSIT:fraud="copyright"</h4>
<div class="paragraph">
<p>Copyright</p>
</div>
<div class="paragraph">
<p>Offering or Installing copies of unlicensed commercial software or other copyright protected materials (Warez).</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitfraudmasquerade">RSIT:fraud="masquerade"</h4>
<div class="paragraph">
<p>Masquerade</p>
</div>
<div class="paragraph">
<p>Type of attacks in which one entity illegitimately assumes the identity of another in order to benefit from it.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitfraudphishing">RSIT:fraud="phishing"</h4>
<div class="paragraph">
<p>Phishing</p>
</div>
<div class="paragraph">
<p>Masquerading as another entity in order to persuade the user to reveal a private credential.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vulnerable_3">vulnerable</h3>
<div class="paragraph">
<p>Open resolvers, world readable printers, vulnerability apparent from Nessus etc scans, virus signatures not up-to-date, etc</p>
</div>
<div class="sect3">
<h4 id="_rsitvulnerablevulnerable_service">RSIT:vulnerable="vulnerable-service"</h4>
<div class="paragraph">
<p>Open for abuse</p>
</div>
<div class="paragraph">
<p>Open resolvers, world readable printers, vulnerability apparent from Nessus etc scans, virus, signatures not up to date, etc.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_other_4">other</h3>
<div class="paragraph">
<p>All incidents which don&#8217;t fit in one of the given categories should be put into this class. If the number of incidents in this category increases, it is an indicator that the classification scheme must be revised</p>
</div>
<div class="sect3">
<h4 id="_rsitotherother">RSIT:other="other"</h4>
<div class="paragraph">
<p>other</p>
</div>
<div class="paragraph">
<p>All incidents which don&#8217;t fit in one of the given categories should be put into this class.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_test_4">test</h3>
<div class="paragraph">
<p>Meant for testing.</p>
</div>
<div class="sect3">
<h4 id="_rsittesttest">RSIT:test="test"</h4>
<div class="paragraph">
<p>Test</p>
</div>
<div class="paragraph">
<p>Meant for testing.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_rt_event_status">rt_event_status</h2>
<div class="sectionbody">
<div class="admonitionblock note">
@ -18136,6 +18511,63 @@ smart-airports-threats namespace available in JSON format at <a href="https://gi
</div>
</div>
<div class="sect2">
<h3 id="_system_failures">system-failures</h3>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_of_devices_or_systems">smart-airports-threats:system-failures="failures-of-devices-or-systems"</h4>
<div class="paragraph">
<p>Failures of devices or systems</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_or_disruptions_of_communication_links">smart-airports-threats:system-failures="failures-or-disruptions-of-communication-links"</h4>
<div class="paragraph">
<p>Failures or disruptions of communication links (communication networks</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_of_parts_of_devices">smart-airports-threats:system-failures="failures-of-parts-of-devices"</h4>
<div class="paragraph">
<p>Failures of parts of devices</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_or_disruptions_of_main_supply">smart-airports-threats:system-failures="failures-or-disruptions-of-main-supply"</h4>
<div class="paragraph">
<p>Failures or disruptions of main supply</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_or_disruptions_of_the_power_supply">smart-airports-threats:system-failures="failures-or-disruptions-of-the-power-supply"</h4>
<div class="paragraph">
<p>Failures or disruptions of the power supply</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresmalfunctions_of_parts_of_devices">smart-airports-threats:system-failures="malfunctions-of-parts-of-devices"</h4>
<div class="paragraph">
<p>Malfunctions of parts of devices</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresmalfunctions_of_devices_or_systems">smart-airports-threats:system-failures="malfunctions-of-devices-or-systems"</h4>
<div class="paragraph">
<p>Malfunctions of devices or systems</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_of_hardware">smart-airports-threats:system-failures="failures-of-hardware"</h4>
<div class="paragraph">
<p>Failures of hardware</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuressoftware_bugs">smart-airports-threats:system-failures="software-bugs"</h4>
<div class="paragraph">
<p>Software bugs</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_natural_and_social_phenomena">natural-and-social-phenomena</h3>
<div class="sect3">
<h4 id="_smart_airports_threatsnatural_and_social_phenomenaearthquakes">smart-airports-threats:natural-and-social-phenomena="earthquakes"</h4>
@ -18205,59 +18637,35 @@ smart-airports-threats namespace available in JSON format at <a href="https://gi
</div>
</div>
<div class="sect2">
<h3 id="_system_failures">system-failures</h3>
<h3 id="_third_party_failures">third-party-failures</h3>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_of_devices_or_systems">smart-airports-threats:system-failures="failures-of-devices-or-systems"</h4>
<h4 id="_smart_airports_threatsthird_party_failuresinternet_service_provider">smart-airports-threats:third-party-failures="internet-service-provider"</h4>
<div class="paragraph">
<p>Failures of devices or systems</p>
<p>Internet service provider</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_or_disruptions_of_communication_links">smart-airports-threats:system-failures="failures-or-disruptions-of-communication-links"</h4>
<h4 id="_smart_airports_threatsthird_party_failurescloud_service_provider">smart-airports-threats:third-party-failures="cloud-service-provider"</h4>
<div class="paragraph">
<p>Failures or disruptions of communication links (communication networks</p>
<p>Cloud service provider (SaaS / PaaS / IaaS / SecaaS)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_of_parts_of_devices">smart-airports-threats:system-failures="failures-of-parts-of-devices"</h4>
<h4 id="_smart_airports_threatsthird_party_failuresutilities_power_or_gas_or_water">smart-airports-threats:third-party-failures="utilities-power-or-gas-or-water"</h4>
<div class="paragraph">
<p>Failures of parts of devices</p>
<p>Utilities (power / gas /water)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_or_disruptions_of_main_supply">smart-airports-threats:system-failures="failures-or-disruptions-of-main-supply"</h4>
<h4 id="_smart_airports_threatsthird_party_failuresremote_maintenance_provider">smart-airports-threats:third-party-failures="remote-maintenance-provider"</h4>
<div class="paragraph">
<p>Failures or disruptions of main supply</p>
<p>Remote maintenance provider</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_or_disruptions_of_the_power_supply">smart-airports-threats:system-failures="failures-or-disruptions-of-the-power-supply"</h4>
<h4 id="_smart_airports_threatsthird_party_failuressecurity_testing_companies">smart-airports-threats:third-party-failures="security-testing-companies"</h4>
<div class="paragraph">
<p>Failures or disruptions of the power supply</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresmalfunctions_of_parts_of_devices">smart-airports-threats:system-failures="malfunctions-of-parts-of-devices"</h4>
<div class="paragraph">
<p>Malfunctions of parts of devices</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresmalfunctions_of_devices_or_systems">smart-airports-threats:system-failures="malfunctions-of-devices-or-systems"</h4>
<div class="paragraph">
<p>Malfunctions of devices or systems</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_of_hardware">smart-airports-threats:system-failures="failures-of-hardware"</h4>
<div class="paragraph">
<p>Failures of hardware</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuressoftware_bugs">smart-airports-threats:system-failures="software-bugs"</h4>
<div class="paragraph">
<p>Software bugs</p>
<p>Security testing companies (i.e. penetration testing/vulnerability assessment)</p>
</div>
</div>
</div>
@ -18498,39 +18906,6 @@ smart-airports-threats namespace available in JSON format at <a href="https://gi
</div>
</div>
</div>
<div class="sect2">
<h3 id="_third_party_failures">third-party-failures</h3>
<div class="sect3">
<h4 id="_smart_airports_threatsthird_party_failuresinternet_service_provider">smart-airports-threats:third-party-failures="internet-service-provider"</h4>
<div class="paragraph">
<p>Internet service provider</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsthird_party_failurescloud_service_provider">smart-airports-threats:third-party-failures="cloud-service-provider"</h4>
<div class="paragraph">
<p>Cloud service provider (SaaS / PaaS / IaaS / SecaaS)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsthird_party_failuresutilities_power_or_gas_or_water">smart-airports-threats:third-party-failures="utilities-power-or-gas-or-water"</h4>
<div class="paragraph">
<p>Utilities (power / gas /water)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsthird_party_failuresremote_maintenance_provider">smart-airports-threats:third-party-failures="remote-maintenance-provider"</h4>
<div class="paragraph">
<p>Remote maintenance provider</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsthird_party_failuressecurity_testing_companies">smart-airports-threats:third-party-failures="security-testing-companies"</h4>
<div class="paragraph">
<p>Security testing companies (i.e. penetration testing/vulnerability assessment)</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
@ -31903,7 +32278,7 @@ workflow namespace available in JSON format at <a href="https://github.com/MISP/
</div>
<div id="footer">
<div id="footer-text">
Last updated 2018-07-06 21:27:36 CEST
Last updated 2018-07-12 14:52:11 CEST
</div>
</div>
</body>

66096
taxonomies.pdf
View File

File diff suppressed because it is too large Load Diff