3.8 KiB
layout | title | permalink | toc |
---|---|---|---|
page | MISP data models - MISP core format - MISP taxonomies | /datamodels/ | true |
MISP is not only a software but also a series of data models created by the MISP community. MISP includes a simple and practical information sharing format expressed in JSON that can be used with MISP software or by any other software.
MISP Core Format
MISP default attributes and categories
MISP Taxonomies
Along with the core format, MISP taxonomies provide a set of already defined classifications modeling estimative language, CSIRTs/CERTs classifications, national classifications or threat model classification. The fixed taxonomies provide a practical method to tag efficiently events and attributes within a set of MISP instances where taxonomies can be easily cherry-picked or extended to meet the local requirements of an organization or a specific sharing community. When using MISP, the MISP taxonomies are available and can be freely used based on the community practises.
- Admiralty Scale
- adversary - description of an adversary infrastructure
- CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection
- Cyber Kill Chain from Lockheed Martin
- DE German (DE) Government classification markings (VS)
- DHS CIIP Sectors
- eCSIRT and IntelMQ incident classification
- ENISA ENISA Threat Taxonomy
- Estimative Language Estimative Language (ICD 203)
- EU critical sectors - EU critical sectors
- EUCI - EU classified information marking
- Europol Incident - Europol class of incident taxonomy
- Europol Events - Europol type of events taxonomy
- FIRST CSIRT Case classification
- FIRST Information Exchange Policy (IEP) framework
- Information Security Indicators - ETSI GS ISI 001-1 (V1.1.2): ISI Indicators
- Information Security Marking Metadata from DNI (Director of National Intelligence - US)
- Malware classification based on a SANS document
- ms-caro-malware Malware Type and Platform classification based on Microsoft's implementation of the Computer Antivirus Research Organiza tion (CARO) Naming Scheme and Malware Terminology.
- NATO Classification Marking
- Open Threat Taxonomy v1.1 (SANS)
- OSINT Open Source Intelligence - Classification
- The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.
- TLP - Traffic Light Protocol
- Vocabulary for Event Recording and Incident Sharing VERIS