# Changelog ## %%version%% (unreleased) ### Changes * [malware_classification] add `Stalkerware` from #275. [Alexandre Dulaunoy] ### Other * Merge pull request #277 from cudeso/main. [Alexandre Dulaunoy] Add review-relevance and review-completeness to workflow taxonomy * Add review-relevance and review-completeness to workflow taxonomy. [Koen Van Impe] * Merge branch 'main' [Alexandre Dulaunoy] * Merge pull request #275 from vxsh4d0w/patch-5. [Alexandre Dulaunoy] Update machinetag.json * Update machinetag.json. [V] Added Stalkerware, ad defined by Kaspersky "commercially available software that can be discreetly installed on smartphone devices, enabling a perpetrator to monitor an individual’s private life without their knowledge" * Merge pull request #266 from vxsh4d0w/master. [Alexandre Dulaunoy] Update Cryptocurrency Threat Taxonomy * Update machinetag.json. [V] * Update machinetag.json. [V] ## v2.4.187 (2024-03-07) ### Changes * [MANIFEST] updated. [Alexandre Dulaunoy] * [tools] clean-up python script to generate the asciidoctor files. [Alexandre Dulaunoy] ### Fix * [tools] Fix #273 in markdown generator. [Alexandre Dulaunoy] ### Other * Merge pull request #274 from JRC-T2/main. [Alexandre Dulaunoy] Dark-Web Ransomware support * Update machinetag.json. [JRC-T2] Added darknet ransomware activity support ## v2.4.185 (2024-02-16) ### Changes * [exercise] updated. [Alexandre Dulaunoy] ### Other * Merge pull request #272 from DCSO/courseofaction-nodiscover. [Alexandre Dulaunoy] Add 'course-of-action:passive=nodiscover' * Added 'course-of-action:passive=nodiscover' [Hendrik Baecker] ## v2.4.183 (2024-01-04) ### Changes * [doc] list updated. [Alexandre Dulaunoy] * [doc] doc and manifest updated. [Alexandre Dulaunoy] ### Fix * [doping-substances] Deduplicated some entries. [Christian Studer] ### Other * Merge pull request #270 from chrisr3d/main. [Christian Studer] Deduplicated some entries ## v2.4.179 (2023-11-23) ### New * [srbcert] New taxonomy for the SRB-CERT. [Alexandre Dulaunoy] ### Changes * [MANIFEST] updated. [Alexandre Dulaunoy] ### Fix * Fix: [tlp] updated TLP:AMBER+strict description based on #261 by @vba-anssi. [Alexandre Dulaunoy] * Fix: [PAP] following pull-request from @vba-anssi #261. [Alexandre Dulaunoy] PAP aligned with TLP version 2 * [srbcert] various fixes. [Alexandre Dulaunoy] - Duplicates removed - Numerical value added ## v2.4.178 (2023-10-30) ### Changes * [adoc] exclude `doping-substances` from adoc generation. [Alexandre Dulaunoy] * Updated manifest with the new taxonomy description. [Christian Studer] * [doping-substances] Handmade review of the taxonomy. [Christian Studer] * Reorder predicates for tests. [Raphaël Vinot] * [circl] significant predicate added. [Alexandre Dulaunoy] ### Other * Merge pull request #269 from chrisr3d/main. [Alexandre Dulaunoy] Doping substances taxonomy * Add: [doping-substances] New taxonomy for doping substances. [Christian Studer] - Merging from original work by @Chaamoxs & @WooZyhh - Added also an additional predicate that was skiped first * Merge pull request #268 from dhondta/main. [Alexandre Dulaunoy] Improved runtime-packers * Jq'ed machinetag.json. [dhondta] * Updated runtime-packer version. [dhondta] * Improved runtime-packers (2) [dhondta] * Improved runtime-packers. [dhondta] ## v2.4.175 (2023-08-23) ### Changes * [tlp] fix an unclear thing in tlp:unclear. [Alexandre Dulaunoy] ## v2.4.174 (2023-07-31) ### Changes * [misp-workflow] Added more entries related to curation. [Sami Mokaddem] ### Fix * [misp-workflow] Bumped version. [Sami Mokaddem] ### Other * Merge pull request #265 from vxsh4d0w/patch-4. [Alexandre Dulaunoy] Update machinetag.json * Update machinetag.json. [V] Added Pig Butchering scam as cryptocurrency threat ## v2.4.172 (2023-06-09) ### New * [crowdsec] New taxonomy for classifications and behaviors categorizing on IP addresses from crowdsec CTI reports. [Christian Studer] ### Changes * [tlp] following a recurring use of TLP:UNCLEAR at FIRST.ORG. [Alexandre Dulaunoy] The tag has been added. * [workflow] state `release` added. [Alexandre Dulaunoy] Thanks to Kevin from the Center for Cyber Security in Belgium. * [MANIFEST] updated. [Alexandre Dulaunoy] * [information-origin] create a new taxonomy define if the content is from an AI-based system, a human or the origin is unknown. [Alexandre Dulaunoy] The original taxonomy from @aaronkaplan has been fixed to match the correct MISP taxonomy schema format. The file in the original pull-request was most probably `information-origin:AI-generated`. This taxonomy is just namespace predicate as there is no need of specific values until now. ### Fix * [crowdsec] Removed duplicated entry. [Christian Studer] ### Other * Add: [crowdsec] Added description, documentation and summary for the crowdsec taxonomy. [Christian Studer] * Merge branch 'main' of github.com:misp/misp-taxonomies. [Christian Studer] * Merge branch 'aaronkaplan-main' into main. [Alexandre Dulaunoy] * Add the ai-or-not taxonomy. [aaronkaplan] * Merge pull request #263 from JRC-T2/main. [Alexandre Dulaunoy] Expanded Dark-Web taxonomy developed by the Joint Research Centre (JRC) * Expanded Dark-Web taxonomy developed by the Joint Research Centre (JRC) [JRC-T2] ## v2.4.170 (2023-04-12) ### Changes * [threatmatch] removing trailing end line. [Alexandre Dulaunoy] * [misp-taxonomy] updated threatmatch taxonomies. [paulingega-sa] ### Other * Merge branch 'paulingega-sa-main' into main. [Alexandre Dulaunoy] ## v2.4.168 (2023-01-23) ### Changes * [MANIFEST] updated. [Alexandre Dulaunoy] * [doc] updated. [Alexandre Dulaunoy] * [aviation] fix criticality value. [Alexandre Dulaunoy] * [aviation] updated by Eurocontrol. [Alexandre Dulaunoy] ## v2.4.167 (2022-12-22) ### New * [aviation] new proposal taxonomy for the aviation sector. [Alexandre Dulaunoy] ### Changes * Bump python version in tests. [Raphaël Vinot] ### Fix * Reorder entries to make tests happy. [Raphaël Vinot] ## v2.4.166 (2022-11-28) ### Other * Merge pull request #259 from lgtm-migrator/codeql. [Alexandre Dulaunoy] Add CodeQL workflow for GitHub code scanning * Add CodeQL workflow for GitHub code scanning. [LGTM Migrator] ## v2.4.165 (2022-11-08) ### New * [misp-workflow] new misp-workflow taxonomy to have a consistent tag message for the MISP workflow. [Alexandre Dulaunoy] ### Changes * [misp-workflow] move to action-taken predicate. [Alexandre Dulaunoy] ### Other * Merge pull request #258 from cudeso/main. [Alexandre Dulaunoy] Sentinel indicator threat types * Update MANIFEST.json. [Koen Van Impe] * Update machinetag.json. [Koen Van Impe] * Update MANIFEST.json. [Koen Van Impe] * Sentinel indicator threat types. [Koen Van Impe] Taxonomy in support of integrating MISP with Sentinel. Allows to set the "threatType values". * Merge pull request #257 from Felix83000/main. [Alexandre Dulaunoy] [Error Fix] Modify ISAC Tag to A_ISAC Tag * [Error Fix] Modify ISAC Tag to A_ISAC Tag. [Félix Herrenschmidt] [Error Fix] Modify ISAC Tag to Aviation ISAC Tag ## v2.4.163 (2022-09-26) ### New * [financial] a new financial taxonomy to better financial entity in MISP. [Alexandre Dulaunoy] ### Changes * [financial] Services added as provided by CSSF. [Alexandre Dulaunoy] * [financial] Updated following CSSF feedback. [Alexandre Dulaunoy] * [doc] index updated. [Alexandre Dulaunoy] * [financial] updated with physical presence. [Alexandre Dulaunoy] * [financial] improved financial taxonomy. [Alexandre Dulaunoy] ### Fix * Better validation for taxonomy files. [Jakub Onderka] * [financial] fix the predicate name change. [Alexandre Dulaunoy] * [financial] typo fixed. [Alexandre Dulaunoy] ### Other * Merge pull request #256 from JakubOnderka/fix-invalid-taxonomy. [Alexandre Dulaunoy] fix: Better validation for taxonomy files * Merge pull request #255 from syloktools/main. [Alexandre Dulaunoy] Added to File Type taxonomy * Merge branch 'main' of https://github.com/syloktools/misp-taxonomies. [Robert Nixon] * Merge branch 'MISP:main' into main. [Robert Nixon] * Add more file types. [Robert Nixon] * Merge branch 'main' of https://github.com/syloktools/misp-taxonomies. [Robert Nixon] * Added bat file type and change data to dat. [Robert Nixon] * Merge pull request #254 from Felix83000/main. [Alexandre Dulaunoy] Publication of the Thales Group taxonomy version 3 * Color update. [Félix Herrenschmidt] * Released version 3. [Félix Herrenschmidt] Add ISAC and InterCERT France communities. * Merge pull request #253 from syloktools/main. [Alexandre Dulaunoy] Added xlsm file type to file-type taxonomy * Merge branch 'MISP:main' into main. [Robert Nixon] * Added xlsm file type. [Robert Nixon] ## v2.4.162 (2022-09-09) ### Changes * [false-positive] add colour scheme to false-positive risk level and typo fixed. [Alexandre Dulaunoy] * [false-positive] Added risk cannot be judged entry. [Sami Mokaddem] ### Other * Merge pull request #251 from syloktools/main. [Alexandre Dulaunoy] Adding img, txt, and ppa for file-type taxonomy * Added filetype txt and ppa. [Robert Nixon] Seeing a lot of txt files that contain PowerShell scripts with encoded AgentTesla binary inside alongside PPA files. * Added img file type. [Robert Nixon] * Merge pull request #249 from syloktools/main. [Alexandre Dulaunoy] Added vbs and hta to file type tags * Added vbs and hta to file type tags. [Robert Nixon] ## v2.4.160 (2022-08-04) ### New * [diamond-model-for-influence-operations] "The Diamond Model for Influence Operations Analysis" taxonomy added. [Alexandre Dulaunoy] * [nis2] NIS2 proposal taxonomy. [Alexandre Dulaunoy] The taxonomy is meant for large scale cybersecurity incidents, as mentioned in the Commission Recommendation of 13 May 2022, also known as the provisional agreement. This proposal is based on the original NIS (machinetag) JSON file with the reflection of NIS2 proposal including changes as: - changes in sectors, - adding subsectors with detailed description, - adding taxonomies for important entities - adding subsectors for important entities. Work done as part of contribution to EnCaViBS project https://encavibs.uni.lu [machinetag2.txt](https://github.com/MISP/misp-taxonomies/files/8948834/machinetag2.txt) Contribution from @AMEXTT ### Changes * [MANIFEST] updated. [Alexandre Dulaunoy] * [tlp] updating the new version of the traffic light protocol published by FIRST.org. [Alexandre Dulaunoy] Some notes concerning the version 2.0 of the tlp taxonomy: - A new tag is introduced `TLP:AMBER+STRICT` to clarify the restriction to share only with your organisation. - A new tag is introduced called `TLP:CLEAR` which seems to replace `TLP:WHITE` as it disappears from the version 2.0 of the official TLP document. - The old tag `TLP:WHITE` is preserved in the taxonomy. As we don't have any official reference in the version 2.0 about the compatibility with `TLP:CLEAR`, we *assume* it's a synomym from the original `TLP:WHITE`. - The old tag `TLP:EX:CHR` is also preserved in the taxonomy for backward compatibility. We strongly recommend any users using the tlp taxonomy in their tools to review workflows and ensure that the new version 2.0 is taken into consideration. * [nis2] various fixes. [Alexandre Dulaunoy] * [github action] YAML parsing is just a piece-of-crap(tm) [Alexandre Dulaunoy] * [gh] Python 3.10 added. [Alexandre Dulaunoy] * [pyoti] refs are array. [Alexandre Dulaunoy] * [pyoti] clean-up JSON. [Alexandre Dulaunoy] ### Fix * [tlp] description of the TLP taxonomy updated to clarify the aspect of four labels mentioned in the standard even if there are five labels and some more in this taxonomy for backward compatibility. [Alexandre Dulaunoy] ### Other * Merge branch 'main' of github.com:MISP/misp-taxonomies into main. [Alexandre Dulaunoy] * Merge pull request #248 from goodlandsecurity/pyoti-v3. [Alexandre Dulaunoy] Pyoti v3 * Forgot jq_all_the_things.sh. [goodlandsecurity] * Bump pyoti version. [goodlandsecurity] * Remove predicate description so entry description shows on hover, added virustotal entry. [goodlandsecurity] * Merge pull request #247 from goodlandsecurity/pyoti-v2. [Alexandre Dulaunoy] Pyoti taxonomy v2 * Merge remote-tracking branch 'upstream/main' into pyoti-v2 fetch upstream and merge. [goodlandsecurity] * Added entries for domain-based reputation block lists. [goodlandsecurity] * Bump pyoti version. [goodlandsecurity] * Merge branch 'goodlandsecurity-pyoti-enrichment-taxonomy' into main. [Alexandre Dulaunoy] * Adding pyoti enrichment taxonomy. [goodlandsecurity] ## v2.4.159 (2022-05-30) ### New * [dga] First version of the DGA taxonomy based on https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_plohmann.pdf. [Alexandre Dulaunoy] A Comprehensive Measurement Study of Domain Generating Malware Daniel Plohmann, Fraunhofer FKIE; Khaled Yakdan, University of Bonn; Michael Klatt, DomainTools; Johannes Bader; Elmar Gerhards-Padilla, Fraunhofer FKIE ### Changes * [MANIFEST] updated. [Alexandre Dulaunoy] * [cnsd] many fixes. [Alexandre Dulaunoy] * [artificial-satellite] fixes. [Alexandre Dulaunoy] * [satellite] fix the predicate. [Alexandre Dulaunoy] * [artificial-satellite] satellite renamed. [Alexandre Dulaunoy] * [articifial-satellite] remove duplicate in education. [Alexandre Dulaunoy] * Chg: [dga] Include the improvements from @danielplohmann. [Alexandre Dulaunoy] * [cnsd] remove incorrect file. [Alexandre Dulaunoy] * [manifest] updated. [Alexandre Dulaunoy] * [MANIFEST] updated. [Alexandre Dulaunoy] * [artificial-satellites] updated. [Alexandre Dulaunoy] * [artificial-satellites] clean-up. [Alexandre Dulaunoy] * [manifest] updated. [Alexandre Dulaunoy] * [GrayZone] fixes. [Alexandre Dulaunoy] * [manifest] updated. [Alexandre Dulaunoy] * [clean-up] some clean-up, typo and JSON forms. [Alexandre Dulaunoy] Open question: what's the original reference of the document? Is it this one https://cynergia.mx/wp-content/uploads/2016/12/CCHS-ActiveDefenseReportFINAL.pdf ? Some elements are missing in the taxonomy. ### Fix * Order in cnsd. [Raphaël Vinot] * [dga] leading space removed. [Alexandre Dulaunoy] * [cnsd] update. [Alexandre Dulaunoy] ### Other * Merge pull request #244 from jelervasquez/patch-7. [Alexandre Dulaunoy] Update machinetag.json * Update machinetag.json. [jelervasquez] * Merge branch 'th3r3d-patch-1' into main. [Alexandre Dulaunoy] * Merge branch 'main' into th3r3d-patch-1. [Alexandre Dulaunoy] * Merge branch 'jelervasquez-patch-2' into main. [Alexandre Dulaunoy] * Taxonomy for security incidents. [jelervasquez] * Merge branch 'Sinbadde-main' into main. [Alexandre Dulaunoy] * Merge branch 'main' of https://github.com/Sinbadde/misp-taxonomies into Sinbadde-main. [Alexandre Dulaunoy] * Add files via upload. [Mélanie MERGEN] * Delete Artificial Satellites directory. [Mélanie MERGEN] * Add files via upload. [Mélanie MERGEN] * Delete Artificial Satellites. [Mélanie MERGEN] * Create Artificial Satellites. [Mélanie MERGEN] * Add machinetag.json. [th3r3d] GrayZone of Active Defense, originaly published by Washington University, v2 created and updated by DCG420 ## v2.4.158 (2022-04-19) ### Changes * [extended-event] `counter-analysis` predicate added and missing descriptions added. [Alexandre Dulaunoy] * [tools] update exclusion list. [Alexandre Dulaunoy] ### Other * Merge pull request #234 from solsdii/main. [Alexandre Dulaunoy] poison taxonomy * Debug. [solsdii] * Debug. [solsdii] * Update README.md. [solsdii] * Poison-taxonomy. [solsdii] * Adding poison taxonomy. [solsdii] ## v2.4.154 (2022-03-02) ### New * [tools] add a skip list for large taxonomies or specific topic. [Alexandre Dulaunoy] A new option has been added `--disable-skip-list` to disable it if required * [social-engineering-attack-vectors] new taxonomy describing technical and non-technical social engineering techniques. [Alexandre Dulaunoy] ### Changes * [script] typo fixed. [Alexandre Dulaunoy] ### Fix * [machinetag] skip_list supported for the listing of directory. [Alexandre Dulaunoy] ### Other * Merge pull request #230 from matthijsvp/ransomwareroles. [Alexandre Dulaunoy] Ransomwareroles * Merge branch 'ransomwareroles' of github.com:matthijsvp/misp-taxonomies into ransomwareroles. [matthijsvp] * Delete accidentally added DS_Store file. [Matthijs van P] * Fixed MANIFEST.json. [matthijsvp] * Merge branch 'ransomwareroles' of github.com:matthijsvp/misp-taxonomies into ransomwareroles. [matthijsvp] * Merge branch 'MISP:main' into ransomwareroles. [Matthijs van P] * Merge pull request #229 from M2O2/main. [Alexandre Dulaunoy] Adding Death Possibilities Taxonomy, jq file launched * Midification du namespace du JSON pour corrspondre au nom du dossier. [osboxes.org] * Manifest updatet and jq all things run. [osboxes.org] * Json corrected. [osboxes.org] * .jq all runned. [osboxes.org] * Manifest updated. [osboxes.org] * Merge pull request #1 from M2O2/M2O2-Pull-Request-Death-Possibilities-Taxonomy. [M2O2] Intégration de la taxonomie sur les causes de mort * Add files via upload. [M2O2] * Manifest mis. [osboxes.org] * Fixed reference, validated and jq'ed again. [matthijsvp] * Validated and jq'ed. [matthijsvp] * Improved descriptions. [matthijsvp] * Initial commit of seven ransomware roles. [matthijsvp] * Initial commit, adding first two roles. [matthijsvp] ## v2.4.153 (2022-02-04) ### Changes * [tools] updated for the new website. [Alexandre Dulaunoy] * [MANIFEST] updated. [Alexandre Dulaunoy] * [state-responsibility] various clean-up. [Alexandre Dulaunoy] * [MANIFEST] updated. [Alexandre Dulaunoy] * [workflow] rejected state added to support flow-intel platform. [Alexandre Dulaunoy] * [README] updated with recent taxonomies. [Alexandre Dulaunoy] * [gitchangelogrc] added. [Alexandre Dulaunoy] ### Fix * [tools] fix anchor reference to lower case. [Alexandre Dulaunoy] Fix #224 ### Other * Merge pull request #226 from dhondta/main. [Alexandre Dulaunoy] Improved runtime-packers * Improved runtime-packers. [dhondta] * Merge branch 'cudeso-main' into main. [Alexandre Dulaunoy] * Add state-responsibility. [Koen Van Impe] * Merge pull request #222 from freitzzz/readme-machine-tags-grammar-typo-patch. [Alexandre Dulaunoy] Rephrase machine tags sentence in README.md (#221) * Change "and expressed in Machine Tags" to ", are expressed in Machine Tags" [João Freitas] * Merge pull request #220 from matthijsvp/unified-kill-chain. [Alexandre Dulaunoy] Initial commit of Unified Kill Chain. * Ran jq_all_the_things. [matthijsvp] * Updated MANIFEST.json. [matthijsvp] * Initial commit of Unified Kill Chain. [matthijsvp] ## v2.4.152 (2021-12-22) ### Changes * [MANIFEST] updated. [Alexandre Dulaunoy] * [MANIFEST] updated. [Alexandre Dulaunoy] * [exercise] fix description. [Alexandre Dulaunoy] * [exercise] Cyber Europe 2022 (former CE2020) added. [Alexandre Dulaunoy] * [MANIFEST] updated. [Alexandre Dulaunoy] ### Other * Merge branch 'main' of github.com:MISP/misp-taxonomies into main. [Alexandre Dulaunoy] * Merge pull request #219 from Delta-Sierra/main. [Alexandre Dulaunoy] political spectrum taxonomy - first proposition * Jq. [Delta-Sierra] * Merge https://github.com/MISP/misp-taxonomies into main. [Delta-Sierra] * Add political spectrum taxonomy - first proposition. [Delta-Sierra] * Merge pull request #218 from Delta-Sierra/main. [Alexandre Dulaunoy] deception taxonomy * Add deception taxonomy. [Delta-Sierra] * Merge. [Delta-Sierra] * Jq. [Delta-Sierra] * Jq. [Delta-Sierra] ## v2.4.151 (2021-11-19) ### New * [interactive-cyber-training-training-setup] added missing taxonomies. [Alexandre Dulaunoy] * [interactive-cyber-training-environment] added missing taxo. [Alexandre Dulaunoy] * [manifest] updated. [Alexandre Dulaunoy] ### Changes * [fr-classif] updated following changes from July 2021 with 2 new levels. [Alexandre Dulaunoy] Thanks to ANSSI-FR for the contribution * [exercise] Locked Shields 2022 added as exercise. [Alexandre Dulaunoy] * [MANIFEST] updated. [Alexandre Dulaunoy] * [MANIFEST] updated. [Alexandre Dulaunoy] * [interactive-cyber] remove unused directory. [Alexandre Dulaunoy] * [clean] remove unused directory. [Alexandre Dulaunoy] * [interactive-cyber-training-*] jq all the things. [Alexandre Dulaunoy] * [dark-web] ransomware group. [Terrtia] ### Fix * [typo] fixed. [Alexandre Dulaunoy] * Reorganize order taxonomies. [Raphaël Vinot] ### Other * Merge pull request #217 from lcpdn/patch-1. [Alexandre Dulaunoy] Correction de "Non classifiée" vers "Non protégé" * Correction de "Non classifiée" vers "Non protégé" [lcpdn] L'IGI1300 décrit 2 niveaux de classification : Secret et Très Secret. Les informations ainsi protégées sont dites classifiées. L'IGI1300 (§1.3.2) précise également qu'il existe une mention de protection dite "Diffusion Restreinte" pour des informations non classifiées. Or, les informations non classifiées et non protégées par la mention Diffusion Restreinte sont dites "Non protégées". * Delete interactive-cyber-training-environment directory. [Alexandre Dulaunoy] Fix * Mv: [training-training-env] updated. [Alexandre Dulaunoy] * Merge pull request #215 from Delta-Sierra/master. [Alexandre Dulaunoy] New taxonomies based on Cyber Taxi * CyberTaxi update. [Delta-Sierra] * Add new taxonomies based on Cyber Taxi. [Delta-Sierra] * Merge pull request #214 from wagner-certat/update-rsit. [Alexandre Dulaunoy] update RSIT to version 1003 * Update RSIT to version 1003. [Sebastian Wagner] v1.3 was released in May: https://github.com/enisaeu/Reference-Security-Incident-Taxonomy-Task-Force/releases/tag/v1.3 including the version tag fix (https://github.com/enisaeu/Reference-Security-Incident-Taxonomy-Task-Force/pull/109) * Merge pull request #213 from Terrtia/main. [Alexandre Dulaunoy] [dark-web] Add ransomware group ## v2.4.147 (2021-07-27) ### Other * Merge pull request #212 from R1ch01d/patch-1. [Alexandre Dulaunoy] Typo fix in Confidence levels * Typo fix in Confidence levels. [01d$] ## v2.4.145 (2021-06-28) ### Changes * [phishing] BEC typo fixed. [Alexandre Dulaunoy] * [doc] README updated. [Alexandre Dulaunoy] * [thales group] fix #209. [Alexandre Dulaunoy] * [thales] exportable removed. [Alexandre Dulaunoy] * [thales] fix the unknown field "exportable" in the taxonomy. [Alexandre Dulaunoy] * [thales] taxonomy updated. [Alexandre Dulaunoy] ### Other * Merge pull request #211 from eli-cyb/patch-1. [Alexandre Dulaunoy] Update machinetag.json * Update machinetag.json. [eli-cyb] Added the value "business email compromise" as part of the distribution predicate. Previously not included in as an available tag. * Merge pull request #207 from Felix83000/main. [Alexandre Dulaunoy] Thales Group taxonomy to contribute for the official MISP taxonomy repository * Update README.md. [Félix Herrenschmidt] * Update README.md. [Félix Herrenschmidt] Init description. * Create machinetag.json. [Félix Herrenschmidt] Init Thales Group taxonomy. ## v2.4.144 (2021-06-07) ### New * [misp] event-type added to have a generic way to label an event. [Alexandre Dulaunoy] * [cycat] Taxonomy used by cycat (Universal Cybersecurity Catalogue) to categorize namespace available in their cybersecurity catalogue. (DRAFT version) [Alexandre Dulaunoy] * GH workflow. [Raphaël Vinot] * [misinformation-website-labels] first proposal. [Cookie] * [extended-event] first proposal. [Cookie] * [taxonomy] Pandemic and covid-19 type tracking. [Christophe Vandeplas] * [taxonomy] new current-events taxonomy covering covid-19. [Christophe Vandeplas] * [taxonomy] add new "DFRLab Dichotomies of Disinformation" taxonomy courtesy the Atlantic Council DFRLab. [VVX7] * [failure-mode-in-machine-learning] new taxonomy for Failure Modes in Machine Learning. [Alexandre Dulaunoy] Ref: https://docs.microsoft.com/en-us/security/failure-modes-in-machine-learning * Added Manifest and Markdown generators. [mokaddem] * [ics] FIRST.ORG CTI SIG - MISP Proposal for ICS/OT Threat Attribution (IOC) Project (WiP) [Alexandre Dulaunoy] * [phishing] Taxonomy to classify phishing attacks including techniques, collection mechanisms and analysis status. [Alexandre Dulaunoy] * Scripps CO2 taxonomies. [Raphaël Vinot] * Flags used by scrippsco2. [Raphaël Vinot] * Add mwdb taxonomy. [Raphaël Vinot] * [csirt-americas] taxonomy updated. [Alexandre Dulaunoy] * [threats-to-dns] New taxonomy threats to DNS. [Alexandre Dulaunoy] An overview of some of the known attacks related to DNS as described by Torabi, S., Boukhtouta, A., Assi, C., & Debbabi, M. (2018) in Detecting Internet Abuse by Analyzing Passive DNS Traffic: A Survey of Implemented Systems. IEEE Communications Surveys & Tutorials, 1–1. doi:10.1109/comst.2018.2849614 As seen during FIRSTCON19 * [flesch-reading-ease] Flesch Reading Ease is a revised system for determining the comprehension difficulty of written material. The scoring of the flesh score can have a maximum of 121.22 and there is no limit on how low a score can be (negative score are valid). [Alexandre Dulaunoy] * [information-security-data-source] add new taxonomy. [Alexandre Dulaunoy] * [information-security-data-source] Taxonomy to classify the information security data sources (WiP) [Alexandre Dulaunoy] * [cyber-exercise] Cyber exercise is a taxonomy to describe if the information is part of one or more cyber or crisis exercise. [Alexandre Dulaunoy] * Added gsma-fraud taxonomy. [iglocska] * [gsma-attack-category] first version of Taxonomy used by GSMA for their information sharing program with telco describing the attack categories. [Alexandre Dulaunoy] * Add all other relevant taxonomies. [Raphaël Vinot] * CCCS taxonomies, first batch. [Raphaël Vinot] * [rsit] Reference Security Incident Classification Taxonomy added. [Alexandre Dulaunoy] thanks to ENISA @amicaross @aaronkaplan * False positive taxonomy. [Raphaël Vinot] * A taxonomy (infoleak) describing information leaks and especially information classified as being potentially leaked. [Alexandre Dulaunoy] * Incident-disposition taxonomy added. [Alexandre Dulaunoy] * Added basic binary file taxonomy. Fixes #59. [Hannah Ward] ### Changes * [domain-abuse] include registry and registrar incident. [Alexandre Dulaunoy] * [MANIFEST] updated. [Alexandre Dulaunoy] * [course-of-action] typo fixed. [Alexandre Dulaunoy] * [threatmap] namespace is lower space. [Alexandre Dulaunoy] * [MANIFEST] fixed. [Alexandre Dulaunoy] * [ioc] typo fixed in predicate. [Alexandre Dulaunoy] * [README] list updated. [Alexandre Dulaunoy] * [circl] updated the original proposal + ransomware added + classification proposal removed (should be in a different taxonomy) [Alexandre Dulaunoy] * [cti/ioc] jq and MANIFEST updated. [Alexandre Dulaunoy] * [MANIFEST] updated. [Alexandre Dulaunoy] * [vmray] jq the JSON file. [Alexandre Dulaunoy] * [MANIFEST] updated. [Alexandre Dulaunoy] * [summary] updated. [Alexandre Dulaunoy] * [adversary] C2 type added. [Alexandre Dulaunoy] * [ransomware] academic reference added. [Alexandre Dulaunoy] * [manifest] updated. [Alexandre Dulaunoy] * [manifest] updated. [Alexandre Dulaunoy] * [cycat] updated. [Alexandre Dulaunoy] * [MANIFEST] updated. [Alexandre Dulaunoy] * [copyright] we are in 2021. [Alexandre Dulaunoy] * [adversary] sinkholed action added. [Alexandre Dulaunoy] * [doc] Travis is dead, GH Action is alive! [Alexandre Dulaunoy] * Add PR to GH actions. [Raphaël Vinot] * Master -> main everywhere. [Raphaël Vinot] * [threat-match] fixed all the namespaces. [Alexandre Dulaunoy] * [MANIFEST] regenerated. [Alexandre Dulaunoy] * [threatmatch*] jq all the things. [Alexandre Dulaunoy] * [information-website-label] fixed. [Alexandre Dulaunoy] * [misinformation-website-label] version is an integer. [Alexandre Dulaunoy] * [misinformation-website-label] updated. [Alexandre Dulaunoy] * [manifest] updated. [Alexandre Dulaunoy] * [misinformation-website-labels] updated. [Alexandre Dulaunoy] * [extended-event] description typo fixed. [Alexandre Dulaunoy] * [extended-event] updated to please our strict rules. [Alexandre Dulaunoy] * [exercise] a new generic predicate added for comcheck without name. [Alexandre Dulaunoy] * [pandemic] geostrategy added. [Alexandre Dulaunoy] * [pandemic] Disinfrmation added. [Andras Iklody] * [phishing] JSON fixed. [Alexandre Dulaunoy] * [pandemic] events and pandemic namespace added. [Alexandre Dulaunoy] * [circl] covid-19 topic added. [Alexandre Dulaunoy] * Update travis file. [Raphaël Vinot] * Fix travis. [Raphaël Vinot] * [travis] pytaxonomies fixed. [Alexandre Dulaunoy] * Fix directory name. [Raphaël Vinot] * [travis] temp fix before pytaxonomies is fixed. [Alexandre Dulaunoy] * [travis] default to pip3. [Alexandre Dulaunoy] * [MANIFEST] fixed. [Alexandre Dulaunoy] * [DFRLab] fix namespace to match default directory. [Alexandre Dulaunoy] * [MANIFEST] for new: [taxonomy] add "DFRLab Dichotomies of Disinformation" #177. [Alexandre Dulaunoy] * [travis] Python 3.8 test added - removed the nightly build (3.9 is heavily broken) [Alexandre Dulaunoy] * [doc] summary updated. [Alexandre Dulaunoy] * [iep2] MANIFEST updated, set version value to string (all are strings in taxonomies) [Alexandre Dulaunoy] Notes: $text feature is something not implemented currently in MISP (IEP is the only taxonomy having variable values). Maybe having a set of police like SPDX license module would help to have more generic agreement. * [exercise] Cyber Coalition 2019 and more added. [Christophe Vandeplas] * [MANIFEST] updated. [Alexandre Dulaunoy] * [tools] a quick-and-dirty script to dump missing expanded fields. [Alexandre Dulaunoy] * [mwdb] added missing expanded predicate values. [Alexandre Dulaunoy] * [MANIFEST] updated. [Alexandre Dulaunoy] * [misp] ids predicate added following discussion in a MISP user-group. [Alexandre Dulaunoy] A new predicate has been added to potentially influence IDS flag at event or attribute level. This is often a desired option to overwrite existing IDS flag set by the event creator by a local preference. - `misp:ids="true"` -> set the IDS flag - `misp:ids="force"` -> force the use of the ids predicate (over the IDS flag set) - `misp:ids="false"` -> unset the IDS flag This predicates is not currently used in MISP directly but must be used for external tools using it. Those tags can be set at local or global level depending of the use-case. * [MANIFEST] updated. [Alexandre Dulaunoy] * [exercise] LS20 added. [Alexandre Dulaunoy] * [false-positive] missing expanded. [Alexandre Dulaunoy] * [cssa] version updated. [Alexandre Dulaunoy] * [IOT] Data Sharing Level is now exclusive. [Alexandre Dulaunoy] * [IoT] put the exclusive flag on the "Data Sharing Level" [Alexandre Dulaunoy] * [doc] copyright statement updated. [Alexandre Dulaunoy] * [doc] summary added. [Alexandre Dulaunoy] * [doc] Summary file removed. [Alexandre Dulaunoy] * [MANIFEST] newline is the king of the castle. [Alexandre Dulaunoy] * [tool] sort before output. [mokaddem] * [tools] utf-8 by default. [Alexandre Dulaunoy] * [MANIFEST] update. [Alexandre Dulaunoy] * [economical-impact] No need to bump version twice. [mokaddem] * [numerical_value] Incremented version of taxonomies having num_val. [mokaddem] * [exclusive] Set `exclusive` meta for relevant taxonomies. [mokaddem] * [infoleak] add public-key. [Terrtia] * [coa] typo fixed for deceive. [Alexandre Dulaunoy] * [MANIFEST] jq all the things. [Alexandre Dulaunoy] * [MANIFEST] updated to the latest version. [Alexandre Dulaunoy] * [expiration] 10 years expiration. [Alexandre Dulaunoy] * [infoleak] Added IP address tag value. [mokaddem] * Reorder predicates in ICS. [Raphaël Vinot] * [MANIFEST] updated to the latest version. [Alexandre Dulaunoy] * [false-positive] confirmed predicate added. [Alexandre Dulaunoy] * [collaborative-intelligence] request malware config added. [Alexandre Dulaunoy] Following feedback during a workshop session at a bank. * [ics] remove duplicate value entries. [Alexandre Dulaunoy] * [ics] references added. [Alexandre Dulaunoy] * [ics] OT IR Security Issues added. [Alexandre Dulaunoy] * [ics] more data transmission protocols. [Alexandre Dulaunoy] * [ics] OT IR Communication Interface added. [Alexandre Dulaunoy] * [false-positive] reorder the logic behind the numerical_value (to be consistent with the decaying model) [Alexandre Dulaunoy] * [MANIFEST] updated targeted-threat-index. [Alexandre Dulaunoy] * [targeted-threat-index] set MISP numerical_value range. [Alexandre Dulaunoy] TODO: Improve taxonomy format to add original_numerical_value to get the original value of the taxonomy author * [ics] new RTOS added. [Alexandre Dulaunoy] * [MANIFEST] phishing taxonomy updated. [Alexandre Dulaunoy] * [phishing] Fix #157. [Alexandre Dulaunoy] * [phishing] add principles of persuasions - based on: - Cialdini's principal of influence, - Graggs's psychological triggers, - Stajano's principles of scams, - see associated paper: Ferreira & al. DOI: 10.1007/978-3-319-20376-8_4. [Jean-Louis Huynen] * [phishing] various updates and clarification. [Alexandre Dulaunoy] - psychological-acceptability predicate added to define the social acceptance of a phishing attack - report-type and report-origin replaced ambiguous type/report - distribution predicate added to move distribution out of techniques Thanks to Bertrand Lathoud and Sascha Rommelfangen for the feedback :sparkles: * Numerical values added. [Alexandre Dulaunoy] * [analyst-assessment] numerical_value fixed to match new model. [Alexandre Dulaunoy] * [copine] numerical values added. [Alexandre Dulaunoy] * [phishing] fix the missing expanded. [Alexandre Dulaunoy] * [phishing] dispute resolution added. [Alexandre Dulaunoy] * [MANIFEST] phishing taxonomy added. [Alexandre Dulaunoy] * Bump Manifest. [Raphaël Vinot] * [workflow] updated to the new OSINT acquisition process. [Alexandre Dulaunoy] * Minor text changes. [itAtcsirtamericasDotOrg] * [remove] old directory. [Alexandre Dulaunoy] * [csirt-americas] updated directory. [Alexandre Dulaunoy] * [CSIRTamericas] updated. [Alexandre Dulaunoy] * [all] Sami request to have "numerical values" for the decaying indicators project. [Alexandre Dulaunoy] * [misp-taxonomies] make numerical values consistent based on Sami feedback. [Alexandre Dulaunoy] * [maec-malware-capabilities] typo fixed - #149 fixed. [Alexandre Dulaunoy] * [dark-web] taxonomy version updated. [Alexandre Dulaunoy] * [darkweb] version updated. [Alexandre Dulaunoy] * [darkweb] updated to the latest version. [Alexandre Dulaunoy] * [dark-web] json fixed. [Alexandre Dulaunoy] * [retention] hide_tag removed to validate current schema. [Alexandre Dulaunoy] Maybe we could improve the format to include it by default to taxonomy format to trigger the MISP hide tag functionality directly. {'value': 'expired', 'expanded': 'Set when the retention period has expired', 'numerical_value': 0, 'hide_tag': True}: Additional properties are not allowed ('hide_tag' was unexpected) * [MANIFEST] retention taxonomy added. [Alexandre Dulaunoy] * [ransomware] jq all the things. [Alexandre Dulaunoy] * [infoleak] add pgp-public-key-block, pgp-signature. [Terrtia] * [rsit] updated to the latest version. [Alexandre Dulaunoy] * [mapping] updated to the latest version. [Alexandre Dulaunoy] * [circl] sextortion added - #133 fixed. [Alexandre Dulaunoy] * [misp] misp2yara related tags added. [Alexandre Dulaunoy] * [ransomware] spaces removed. [Alexandre Dulaunoy] * [MANIFEST] ransonware added in the manifest. [Alexandre Dulaunoy] * [MANIFEST] fix the EUCI description. [Alexandre Dulaunoy] * [common-taxonomy] version fixed. [Alexandre Dulaunoy] * [MANIFEST] common-taxonomy added. [Alexandre Dulaunoy] * [dcso-sharing] fix the namespace name. [Alexandre Dulaunoy] * [dcso-sharing] jq all the things. [Alexandre Dulaunoy] * [dcso-sharing] fixing the path. [Alexandre Dulaunoy] * [MANIFEST] updated to the latest version. [Alexandre Dulaunoy] * [exercise] locked shields 2019 added. [Alexandre Dulaunoy] * [MANIFEST] updated for the exercise taxonomy. [Alexandre Dulaunoy] * [exercise] Cyber SOPEx added. [Alexandre Dulaunoy] * [MANIFEST] fixed. [Alexandre Dulaunoy] * [cryptocurrency-threat] fixing small typo. [Alexandre Dulaunoy] * [tools] replace function fixed. [Alexandre Dulaunoy] * [tools] quick-and-dirty tools to generate markdown list of taxonomies for misp-project.org. [Alexandre Dulaunoy] * [passivetotal] typo fixed. [Alexandre Dulaunoy] * [information-security-data-source] updated to the latest version. [Alexandre Dulaunoy] * [information-security-data-source] more predicates (WiP) [Alexandre Dulaunoy] * [information-security-data-source] more predicates described (WiP) [Alexandre Dulaunoy] * [information-security-data-source] originality added (WiP) [Alexandre Dulaunoy] * [information-security-data-source] descriptions added for type of information (WiP) [Alexandre Dulaunoy] * [economical-scale] updated to the latest version. [Alexandre Dulaunoy] * [economical-impact] scale of loss/gain increased as million and billion gain/lost are reported. [Alexandre Dulaunoy] * Update MANIFEST file. [Raphaël Vinot] * [licensing] 2-clause BSD added in addition to CC0. [Alexandre Dulaunoy] To remove ambiguity of licensing and allowing users to select the license they would like to use CC0 or 2-clause BSD. Fix #126 * [MANIFEST] updated descriptions. [Alexandre Dulaunoy] * [description] fixed. [Alexandre Dulaunoy] * [description] fixed. [Alexandre Dulaunoy] * Description improved of the accessnow and action-taken taxonomies. [Alexandre Dulaunoy] * [accessnow] improved the description. [Alexandre Dulaunoy] * [osint] new collection methods added (manual) to cover such as open directory or publicly accessible evidences. [Alexandre Dulaunoy] * [exercise] EU-NATO PACE exercise added. [Alexandre Dulaunoy] * [exercise] NATO exercise added. [Alexandre Dulaunoy] * Cyber-exercise is now less cyber cyber cyber. [Alexandre Dulaunoy] * [MANIFEST] Cyber exercise is a taxonomy to describe if the information is part of one or more cyber or crisis exercise added. [Alexandre Dulaunoy] * [event-classification] event-classification renamed + description updated. [Alexandre Dulaunoy] * [MANIFEST] updated with gsma-network-technology. [Alexandre Dulaunoy] * [gsma-network-technology] first version (still a WiP) Taxonomy used by GSMA for their information sharing program with telco describing the types of infrastructure. WiP. [Alexandre Dulaunoy] * [workflow] add a review for privacy. [Alexandre Dulaunoy] * [workflow] draft state added and release-requested as todo added to fix #122. [Alexandre Dulaunoy] * [ifx-vetting] add expanded values to IFX vetting. [Alexandre Dulaunoy] * [admiralty-scale] description has been included based on below ref. [Alexandre Dulaunoy] ref: https://fas.org/irp/doddir/army/fm2-22-3.pdf * [admiralty-scale] deliberately deceptive added. [Alexandre Dulaunoy] Issue to solve: ref. Scientific Methods of Inquiry of Intelligence Analysis added additional code and there is an inconsistency in the values. Other docs to be checked for colliding values required. * [admiralty-scale] when information or source cannot be judged - the numerical scale should be 50% as the information is considered as an average estimated trust. [Alexandre Dulaunoy] source: Scientific Methods of Inquiry of Intelligence Analysis * [manifest] updated to the latest revision. [Alexandre Dulaunoy] * [honeypot-basic] medium interaction added (based on various papers definition from EURECOM to Georg Wicherski paper) [Alexandre Dulaunoy] * [honeypot-basic] extended with adaptive interaction level. [Alexandre Dulaunoy] ref: http://www.ecmlpkdd2018.org/wp-content/uploads/2018/09/262.pdf * [monarc-threat] taxonomy added. [Alexandre Dulaunoy] * [monarc] change the namespace to monarc-threat (more to come) [Alexandre Dulaunoy] * [honeypot-simple] updated to the new version. [Alexandre Dulaunoy] * [honeypot-basic] updated to include no-interactive honeypot + network capture as data collection. [Alexandre Dulaunoy] * Link to PyTaxonomies library added. [Alexandre Dulaunoy] * [event-assessment] fixing typographic error. [Alexandre Dulaunoy] * Fix the name of the taxonomy. [Alexandre Dulaunoy] * Ifx-vetting added. [Alexandre Dulaunoy] * Jq all the things(tm) [Alexandre Dulaunoy] * [infoleak] add iban. [Terrtia] * [infoleak] add binary and hexadecimal. [Terrtia] * [nis] NIS taxonomy added to the Manifest. [Alexandre Dulaunoy] * Reorder predicates in smart-airports-threats. [Raphaël Vinot] * [smart-airport-threats] finalised based on WP2016-1.1 doc. [Alexandre Dulaunoy] * [smart-airports-threats] some more malicious actions. [Alexandre Dulaunoy] * [smart-airport-threats] third-party-failures added. [Alexandre Dulaunoy] * [smart-airport-threats] natural and social phenomena added. [Alexandre Dulaunoy] * [smart-airports-threats] system failures predicate added. [Alexandre Dulaunoy] * Saner veris taxonomy generation. [Raphaël Vinot] * VERIS taxonomy updated to the latest version. [Alexandre Dulaunoy] * Change predicate order to make PyTaxonomies happy. [Raphaël Vinot] * Added binary-class to README. [Hannah Ward] ### Fix * [threatmatch] predicate typos fixed. [Alexandre Dulaunoy] * [threatmatch] typo fixed in predicate value. [Alexandre Dulaunoy] * [threatmatch] various fixes. [Alexandre Dulaunoy] * [tools] website and README list generator are now the same. [Alexandre Dulaunoy] * [doc] README cleanup and lists updated with the new format. [Alexandre Dulaunoy] * Update URL in MANIFEST. [Raphaël Vinot] * Incorrect merge. [Raphaël Vinot] * Reorder predicates. [Raphaël Vinot] * Reorder predicates, make pytaxonomies happy. [Raphaël Vinot] * [tool] newline. [Alexandre Dulaunoy] * [tool] Write in utf8. [mokaddem] * Broken json. [Raphaël Vinot] * Missing patenthesis. [Raphaël Vinot] * Typo in rsit, predicates order in misp. [Raphaël Vinot] * Typo in last commit. [Raphaël Vinot] * Bad filename for the drugs taxonomy. [Raphaël Vinot] * Wrong namespace. [Raphaël Vinot] * Reorder predicates. [Raphaël Vinot] * Remove extra comma. [Raphaël Vinot] * Reorder exercise taxonomy. [Raphaël Vinot] * Typo, empty entries. [Raphaël Vinot] * Force non-empty strings and arrays. [Raphaël Vinot] * [gsma-attack-category] added in the manifest. [Alexandre Dulaunoy] * Remove empty expanded field. [Raphaël Vinot] Fix #117 * [infoleak] typo. [Terrtia] * Duplicate fixed. [iglocska] * Duplicate removed. [Alexandre Dulaunoy] * Remove duplicate. [Alexandre Dulaunoy] * MAEC namespace added. [Alexandre Dulaunoy] * Make namespace consistent for MAEC. [Alexandre Dulaunoy] * Ensure javascript is valid. [Alexandre Dulaunoy] * Remove the incorrect namespace. [Alexandre Dulaunoy] * Reorder infoleak predicates. [Raphaël Vinot] * MANIFEST updated. [Alexandre Dulaunoy] * A typo to include numerical_value in the asciidoctor output. [Alexandre Dulaunoy] * Add cryptojacking as proposed in #90 - CIRCL will do the update on their side too. [Alexandre Dulaunoy] * Description are top-level of the namespace is different than description at lower levels. [Alexandre Dulaunoy] * Version missing added in cyber-threat-framework. [Alexandre Dulaunoy] * Order of predicate (misp). [Raphaël Vinot] * Typos in predicate names (CERT-XLM & pentest). [Raphaël Vinot] * Misp tool added (misp2stix) to be used as label. [Alexandre Dulaunoy] * Exclusive flag added in documentation generation. [Alexandre Dulaunoy] * Clarification of the certainty entry based on feedback from an analyst. [Alexandre Dulaunoy] The probability is now set in the expanded value. The percentage has been removed to avoid confusion. * Structure of the document + CEF dedication. [Alexandre Dulaunoy] * Typo fixed in JSON. [Alexandre Dulaunoy] * JSON schema fixed to have a colour at entry level. [Alexandre Dulaunoy] * Table of content level reduced for asciidoctor output. [Alexandre Dulaunoy] * Typo in readme. [Hannah Ward] ### Other * Merge branch 'paulingega-sa-main' into main. [Alexandre Dulaunoy] * Merge branch 'main' of https://github.com/paulingega-sa/misp-taxonomies into paulingega-sa-main. [Alexandre Dulaunoy] * Update machinetag.json. [paulingega-sa] * Update threatmatch taxonomies into a single taxonomy. [paulingega-sa] * Merge branch 'vxsh4d0w-patch-3' into main. [Alexandre Dulaunoy] * Merge branch 'patch-3' of https://github.com/vxsh4d0w/misp-taxonomies into vxsh4d0w-patch-3. [Alexandre Dulaunoy] * Update machinetag.json. [V] * Incident classification updates. [V] This proposal involves new incident categories and adds a section related information classification. * Merge branch 'ghost-main' into main. [Alexandre Dulaunoy] * Creation of CTI taxonomy. [Carlos Borges] The CTI taxonomy follows a standard process/cycle. This classification helps teams to control the workflow of their activities * Creation of IOC taxonomy. [Carlos Borges] The IOC taxonomy was created to address automation needs. As we share IoC's, some of them are not malicious in nature, but it's presence can point to something malicious happening. For automation purposes, the use of data classification helps when you need to block something or not. * Merge branch 'kuselfu-main' into main. [Alexandre Dulaunoy] * Merge branch 'main' of https://github.com/kuselfu/misp-taxonomies into kuselfu-main. [Alexandre Dulaunoy] * Add VMRay taxonomies. [Jens Thom] * Merge branch 'master' of github.com:MISP/misp-taxonomies into main. [Alexandre Dulaunoy] * Merge pull request #204 from Delta-Sierra/master. [Alexandre Dulaunoy] update ransomware taxonomy * Update ransomware taxonomy. [Delta-Sierra] * Merge pull request #202 from JakubOnderka/patch-1. [Alexandre Dulaunoy] rsit: Update to version 1002 * Rsit: Update to version 1002. [Jakub Onderka] Latest version from https://github.com/enisaeu/Reference-Security-Incident-Taxonomy-Task-Force/blob/master/working_copy/machinev1 * Merge pull request #201 from CyCat-project/main. [Alexandre Dulaunoy] Updates from Freddy * Update machinetag.json. [Freddy Dezeure] * Update machinetag.json. [Freddy Dezeure] * Merge pull request #200 from CyCat-project/main. [Alexandre Dulaunoy] Policy added * Policy added. [Alexandre Dulaunoy] * Merge pull request #198 from CyCat-project/main. [Alexandre Dulaunoy] Better wording * Better wording. [Saad Kadhi] * Merge pull request #196 from CyCat-project/main. [Alexandre Dulaunoy] Updates * Update machinetag.json. [Freddy Dezeure] * Update machinetag.json. [Freddy Dezeure] * Merge branch 'master' of github.com:MISP/misp-taxonomies into main. [Alexandre Dulaunoy] * Merge pull request #195 from Vasileios-Mavroeidis/patch-1. [Alexandre Dulaunoy] Update machinetag.json * Update machinetag.json. [Vasileios Mavroeidis] Updated Taxonomy for Sectors and Digital Services based on the EU NIS Directive. https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016L1148&from=EN#ntr17-L_2016194EN.01000101-E0017 Removed entity types that have been misclassified as sub-sectors. If we wanted to include entity types we should have done the same for all subsectors and not selectively for the sectors that do not define subsectors. If this is something that we desire, instead of removing what I have suggested we need to include all the ones that haven't initially. Second, the digital service providers in the NIS Directive should not be classified as sectors but as digital services. Normally this would require a new taxonomy of three entities only. I can go both ways. * Merge branch 'paulingega-sa-main' into main. [Alexandre Dulaunoy] * Adding ThreatMatch taxonomies. [paulingega-sa] * Adding ThreatMatch taxonomies. [paulingega-sa] * Merge branch 'C00kie--master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/C00kie-/misp-taxonomies into C00kie--master. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot] * Merge branch 'C00kie--master' [Alexandre Dulaunoy] * Complete version before merge. [Cookie] * Update to predicate. [Cookie] * Merge pull request #189 from stricaud/trust. [Alexandre Dulaunoy] Trust Taxonomy * After running ./jq_all_the_things.sh. [Sebastien Tricaud] * Adding the trust taxonomy to the MANIFEST. [Sebastien Tricaud] * Change the README. [Sebastien Tricaud] * Adding the Taxonomy for Trust. [Sebastien Tricaud] * Merge branch 'vxsh4d0w-patch-1' [Alexandre Dulaunoy] * Proposal for whaling phishing. [V] Suggestion for another phishing attack related directors and executive employees, usually named also as Ceo Spoofing attack. * Merge pull request #185 from stricaud/trust. [Alexandre Dulaunoy] Trust * After running the ./jq_all_the_things.sh. [Sebastien Tricaud] * Wrap all values under the value array. [Sebastien Tricaud] * Merge pull request #184 from stricaud/trust. [Alexandre Dulaunoy] Adding the Trust Taxonomy * Adding the expanded description. [Sebastien Tricaud] * Adding trust to the MANIFEST file. [Sebastien Tricaud] * Changes after running the tool ./jq_all_the_things.sh. [Sebastien Tricaud] * Adding the Trust Taxonomy. It is using the reverse approach in order to describe what is known to be good, instead of the bad stuff. [Sebastien Tricaud] * Merge pull request #182 from cvandeplas/master. [Alexandre Dulaunoy] Covid-19 tracking * Merge branch 'cudeso-master' [Alexandre Dulaunoy] * Taxonomy to describe desired actions for Cytomic Orion. [Koen Van Impe] * Merge branch 'VVX7-master' [Alexandre Dulaunoy] * Merge branch 'terrymacdonald-iep2' [Alexandre Dulaunoy] * Renamed iep policy reference to shorter name. [temacdonald] * Corrected policy statement options and iep_version. [temacdonald] * Initial IEP 2.0 creation commit. [temacdonald] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot] * Merge branch 'feature-exclusive' [mokaddem] * Merge pull request #174 from MISP/feature-exclusive. [Alexandre Dulaunoy] Feature `exclusive` and `numerical_value` * Merge pull request #173 from wesinator/patch-1. [Alexandre Dulaunoy] Correct Diamond model taxonomy description * Correct Diamond model taxonomy description. [Ԝеѕ] #172 * Merge pull request #167 from Delta-Sierra/master. [Alexandre Dulaunoy] [WiP] - starting IoT taxonomy based on https://iotuk.org.uk/wp-content/upload… * Jq. [Deborah Servili] * Update MANIFEST.json. [Deborah Servili] * Merge https://github.com/MISP/misp-taxonomies. [Deborah Servili] * Merge pull request #171 from Terrtia/master. [Alexandre Dulaunoy] chg: [infoleak] add public-key * Merge pull request #170 from Nedfire2347/master. [Deborah Servili] Risk Add * [root] * [root] * [root] * Merge pull request #169 from Nedfire2347/master. [Deborah Servili] gea-nz * [root] * [root] * [root] * [root] * Merge branch 'master' into master. [Nedfire23] * Merge branch 'yannw-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/yannw/misp-taxonomies into yannw-master. [Alexandre Dulaunoy] * Update MANIFEST.json. [yannw] * Coa taxonomie to describe aktion taken. [yannw] * Merge pull request #166 from yannw/patch-4. [Alexandre Dulaunoy] add "report" * Add report. [yannw] * Merge pull request #164 from MISP/infoleak5. [Alexandre Dulaunoy] chg: [infoleak] Added IP address tag value * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] * Merge pull request #161 from eCrimeLabs/master. [Alexandre Dulaunoy] Course of Action * Added Course of Action A Course Of Action analysis considers six potential courses of action for the development of a cyber security capability. [Dennis Rand] * Added Course of Action A Course Of Action analysis considers six potential courses of action for the development of a cyber security capability. [Dennis Rand] * Typo. [Sami Mokaddem] * Merge pull request #158 from gallypette/master. [Alexandre Dulaunoy] chg: [phishing] add principles of persuasions * Merge pull request #156 from Vincent-CIRCL/master. [Alexandre Dulaunoy] add: [tags] crypto, contreband, etc. * Add: [tags] crypto, contreband, etc. [Vincent-CIRCL] * [root] * [root] * [root] * [root] * [root] * [root] * [root] * [root] * Progress on IoT taxonomy - add description. [Deborah Servili] * Progress on IoT taxonomy - add description [still WiP] [Deborah Servili] * Progress on IoT taxonomy. [Deborah Servili] * Starting IoT taxonomy based on https://iotuk.org.uk/wp-content/uploads/2017/01/IOT-Taxonomy-Report.pdf. [Deborah Servili] * Merge pull request #155 from itATcsirtamericasDOTorg/master. [Alexandre Dulaunoy] chg:minor text changes * Merge branch 'itATcsirtamericasDOTorg-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/itATcsirtamericasDOTorg/misp-taxonomies into itATcsirtamericasDOTorg-master. [Alexandre Dulaunoy] * Adding first version of CSIRTAmericas.org Taxonomy. [itAtcsirtamericasDotOrg] * Merge pull request #153 from Vincent-CIRCL/master. [Alexandre Dulaunoy] add: [darkweb] ddos services, politics, whistleblower * Add: [darkweb] ddos services, politics, whistleblower, ... [Vincent-CIRCL] * Merge pull request #152 from Vincent-CIRCL/master. [Alexandre Dulaunoy] fix [darkweb] videos and ponies * Fix [darkweb] videos and ponies. [Vincent-CIRCL] * Merge pull request #151 from Vincent-CIRCL/master. [Alexandre Dulaunoy] add: [darkweb] tags for hate-speech, religious, privacypolicy * Add: [darkweb] tags for hate-speech, religious, privacypolicy. [Vincent-CIRCL] * Merge pull request #150 from Vincent-CIRCL/master. [Alexandre Dulaunoy] add: [darkweb] tags for mailprovider, mysterybox, vpn provider, conspirationist… * Add: [darkweb] tags for mailprovider, mysterybox, vpn provider, conspirationist, ... [Vincent-CIRCL] * Merge pull request #148 from Vincent-CIRCL/master. [Alexandre Dulaunoy] Scam, Software, Escrow and a few definitions * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Vincent-CIRCL] * Merge branch 'Vincent-CIRCL-master' [Alexandre Dulaunoy] * Add: [core] darkweb improvement : scame, softwares, escrow, ... [Vincent-CIRCL] * Add: [core] darkweb structures and fixing previous motivations and topics. [Vincent-CIRCL] * Add: [core] darkweb structures and fixing previous motivations and topics. [Vincent-CIRCL] * Merge branch 'RichieB2B-ncsc-nl/retention' [Alexandre Dulaunoy] * Add retention taxonomy. [Jop van der Lelie] * Merge branch 'bartblaze-master' [Alexandre Dulaunoy] * Update machinetag.json. [Bart] Made several edits and additions. * Merge pull request #144 from Terrtia/master. [Alexandre Dulaunoy] chg: [infoleak] add pgp-public-key-block, pgp-signature * Add: [dark-web] Criminal motivation on the dark web: A categorisation model for law enforcement. [Alexandre Dulaunoy] Ref: Criminal motivation on the dark web: A categorisation model for law enforcement Janis Dalins, Campbell Wilson, Mark Carman * Merge pull request #143 from michael-hamm/master. [Alexandre Dulaunoy] RSIT taxonomie added * RSIT taxonomie added. [Michael Hamm] * Merge pull request #142 from SwitHak/patch-1. [Alexandre Dulaunoy] Update Ransomware Taxonomy * Update Ransomware taxonomy. [SwitHak] Integer value (sic) * Update Ransomware galaxy. [SwitHak] Date: 2019-04-11 Author: SwitHak Purpose: Add 3 meta tag to be able to give specification of extensions usage: - ransomware-appended-extension -> This is the extension added by the ransomware to the files. - ransomware-encrypted-extensions", -> This is the list of extensions that will be encrypted by the ransomware. Beware to keep the order. - ransomware-excluded-extensions", -> This is the list of extensions that will not be encrypted by the ransomware. Beware to keep the order. If I missed something, tell me through the PR or via Twitter: @SwitHak * Merge pull request #141 from Delta-Sierra/master. [Alexandre Dulaunoy] add ransomware taxonomy [WIP] * Ransomware taxonomy - purpose. [Deborah Servili] * Ransomware taxonomy - complexity level. [Deborah Servili] * Ransomware taxonomy [WIP] [Deborah Servili] * Add complexity level [WIP - DO NOT MERGE] [Deborah Servili] * ##COMMA## [Deborah Servili] * Ransomware taxonomy : decribe some elements. [Deborah Servili] * Ransomware taxonomy : decribe some elements. [Deborah Servili] * Ransomware taxonomy : decribe some types. [Deborah Servili] * Merge https://github.com/MISP/misp-taxonomies. [Deborah Servili] * Add ransomware taxonomy WIP. [Deborah Servili] * Update readme. [Deborah Servili] * Fix space. [Deborah Servili] * Merge branch 'agent334-patch-1' [Alexandre Dulaunoy] * Common Taxonomy for LE and CSIRTs (Cybercrime) [Alvaro] The Common Taxonomy for Law Enforcement and The National Network of CSIRTs bridges the gap between the CSIRTs and international Law Enforcement communities by adding a legislative framework to facilitate the harmonisation of incident reporting to competent authorities, the development of useful statistics and sharing information within the entire cybercrime ecosystem. * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot] * Merge pull request #137 from DCSO/master. [Alexandre Dulaunoy] DCSO Sharing Taxonomy added * DCSO Sharing Taxonomy added. [Mezz] * Add drugs taxonomy. [Raphaël Vinot] Initial source: https://github.com/HTasselli/taxonomy_drugs * Merge pull request #131 from Delta-Sierra/master. [Alexandre Dulaunoy] add cryptocurrency threat taxonomy, based on CipherTrace report * Add cryptocurrency threat taxonomy, based on CipherTrace report. [Deborah Servili] * Merge pull request #130 from Delta-Sierra/master. [Alexandre Dulaunoy] fix jq_all_the_things script * Fix jq_all_the_things script. [Deborah Servili] * Add: [type] Taxonomy to describe different types of intelligence gathering discipline which can be described the origin of intelligence. [Alexandre Dulaunoy] This taxonomy has been created for various reasons: - For the past years, we have seen a recurring tag called "type:osint" actively used by various sharing communities. - The Intelligence Community is actively using the information gathering classification. So we basically merged in the type namespace which has the advantage to keep the old free tag "type:osint" valid and get a more consistent approach for the overall classification used in information gathering in IC. * Merge pull request #128 from Delta-Sierra/master. [Alexandre Dulaunoy] add new Taxonomy type -improvement still needed- * Add new Taxonomy type -improvement still needed- [Deborah Servili] * Add: [data-classification] Data classification for data potentially at risk of exfiltration based on table 2.1 of Solving Cyber Risk book. [Alexandre Dulaunoy] * Merge branch 'd3sre-master' [Raphaël Vinot] * Added use case applicability machinetag.json. [des] * Add: [tools] a simple generator for the list of taxonomies to be included in the RFC. [Alexandre Dulaunoy] * Merge pull request #125 from michael-hamm/master. [Alexandre Dulaunoy] RTIR Event Classification * Change from plural to singular. [Michael Hamm] * Move RTIR Event Classification to Generic Event Classification. [Michael Hamm] * Fix Mainifest. [Michael Hamm] * RTIR Event Classification. [Michael Hamm] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot] * Update machinetag.json. [Andras Iklody] * Small change. [Andras Iklody] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [iglocska] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] * Merge pull request #124 from MISP/init_tax_cccs. [Raphaël Vinot] new: CCCS taxonomies, first batch * Merge pull request #120 from Delta-Sierra/master. [Alexandre Dulaunoy] update workflow taxonomy * Merge https://github.com/MISP/misp-taxonomies. [Deborah Servili] * Merge pull request #119 from raw-data/master. [Alexandre Dulaunoy] [fix] trim space content of value * [fix] trim space content of value. [raw-data] * Merge pull request #118 from raw-data/master. [Alexandre Dulaunoy] [add] new file-type taxonomy * Update machinetag.json. [raw-data] * Update MANIFEST.json. [raw-data] * [fix] remove duplicated words. [raw-data] * [add] new file-type taxonomy + version bump. [raw-data] * [add] file-type taxonomy description. [raw-data] * [add] new file-type taxonomy. [raw-data] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] * Merge pull request #116 from Delta-Sierra/master. [Alexandre Dulaunoy] improve workfloy taxonomy, add not do-not-delete and add-mitre-attack… * Merge pull request #115 from jfrocha/patch-1. [Alexandre Dulaunoy] Add MONARC Taxonomy * Check json format. [Juan Rocha] * Fix Typo. [Juan Rocha] * MONARC Threats taxonomy. [Juan Rocha] Add v1.0 of MONARC threats taxonomy * Update workflow taxonomy. [Deborah Servili] * Fix typo. [Deborah Servili] * Jq. [Deborah Servili] * Update workflow version. [Deborah Servili] * Improve workfloy taxonomy, add not do-not-delete and add-mitre-attack-cluster values. [Deborah Servili] * Merge branch 'IFX-CDC-RaphaelOtto-patch-1' [Alexandre Dulaunoy] * Update machinetag.json. [RaphaelOtto] Added description for all fields * Add ifx-vetting taxonomy. [RaphaelOtto] * Merge pull request #109 from Terrtia/master. [Alexandre Dulaunoy] chg: [infoleak] add iban * Merge pull request #108 from ibakatsis/patch-1. [Alexandre Dulaunoy] Update README.md * Update README.md. [ibakatsis] * Merge pull request #107 from Terrtia/master. [Alexandre Dulaunoy] chg: [infoleak] add binary and hexadecimal * Merge branch 'feature/nis' [iglocska] * Rework of the NIS taxonomy. [iglocska] * Added first version of nis taxonomies. [iglocska] * Rsit should be lower-case. [Alexandre Dulaunoy] * Manifest fixed with proper name. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] * Merge pull request #105 from Terrtia/master. [Alexandre Dulaunoy] infoleak, add type of submission, output format and test predicates * Infoleak, add type of submission, output format and test predicates. [Terrtia] * Add: [WiP] Threat taxonomy in the scope of securing smart airports by ENISA. [Alexandre Dulaunoy] * Merge branch 'makflwana-master' [Alexandre Dulaunoy] * Updated MAEC 5.0 malware capabilties. [makflwana] * MAEC 5.0 Malware obfuscation methods. [makflwana] * MAEC 5.0 Malware Delivery Vectors. [makflwana] * MAEC 5.0 Malware capabilties. [makflwana] * MAEC 5.0 Malware behavior. [makflwana] * Merge pull request #102 from Terrtia/master. [Alexandre Dulaunoy] fix typo * Fix typo. [Terrtia] * Typo fixed. [Alexandre Dulaunoy] * Add: The COPINE Scale is a rating system created in Ireland and used in the United Kingdom to categorise the severity of images of child sex abuse. [Alexandre Dulaunoy] * Add: The COPINE Scale is a rating system created in Ireland and used in the United Kingdom to categorise the severity of images of child sex abuse. [Alexandre Dulaunoy] * Merge pull request #101 from Terrtia/master. [Alexandre Dulaunoy] infoleak taxonomy, add ail tags * Infoleak taxonomy, add ail tags. [Terrtia] * Merge pull request #100 from Delta-Sierra/master. [Alexandre Dulaunoy] add new incident-classification tags in circl taxonomy * Add new incident-classification tags in circl taxonomy. [Deborah Servili] * Add: A taxonomy describing information leaks and especially information classified as being potentially leaked. [Alexandre Dulaunoy] * List of taxonomies updated. [Alexandre Dulaunoy] * MANIFEST file updated for fpf and gdpr taxonomy. [Alexandre Dulaunoy] * Merge pull request #97 from circlsupportuser/master. [Alexandre Dulaunoy] Add two taxonomies related to data protection, specifically in the scope of GDPR * Add taxonomy to classify the degree of identifiability of personal data. [circlsupportuser] * Add taxonomy to classify special categories of personal data as defined in the GDPR. [circlsupportuser] * Add: Economical impact is a taxonomy to describe the financial impact as positive or negative gain to the tagged information. [Alexandre Dulaunoy] * Version updated. [Alexandre Dulaunoy] * Add: Expressing Confidence In Analytic Judgments. [Alexandre Dulaunoy] * Add: Expressing Confidence In Analytic Judgments added in estimative language namespace. [Alexandre Dulaunoy] source of the document (page 114): http://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/jp2_0.pdf * Merge pull request #94 from Delta-Sierra/master. [Alexandre Dulaunoy] rename workflow tag - disambiguation between create and add MISP galax… * Rename workflow tag - disambiguation between creat and add MISP galaxy cluster. [Deborah Servili] * Add: EU-NIS Sector and Subectors. [Alexandre Dulaunoy] * Remove file instead of directory. [Alexandre Dulaunoy] * Merge pull request #93 from F3N0B1/patch-1. [Alexandre Dulaunoy] eu-nis-sector-and-subsectors * Create eu-nis-sector-and-subsectors. [F3N0B1] Taxonomy created that includes the sectors and sub sectors according to the NIS Directive. Adding the sub sectors allows creation of using more detailed tags. Content is strictly based on the directive requirements. * Add: priority-level added in MANIFEST. [Alexandre Dulaunoy] After an incident is scored, it is assigned a priority level. The six levels listed below are aligned with NCCIC, DHS, and the CISS to help provide a common lexicon when discussing incidents. This priority assignment drives NCCIC urgency, pre-approved incident response offerings, reporting requirements, and recommendations for leadership escalation. Generally, incident priority distribution should follow a similar pattern to the graph below. Based on https://www.us-cert.gov/NCCIC-Cyber-Incident-Scoring-System. * Add: new priority-level taxonomy based on NCCIC Cyber Incident Scoring System. [Alexandre Dulaunoy] * Add: add missing galaxy in the case we need a large group of classification. [Alexandre Dulaunoy] * Cyber Threat Framework added in README. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] * Merge pull request #88 from yannw/patch-3. [Alexandre Dulaunoy] Update machinetag.json * Update machinetag.json. [yannw] added "please analyse sample" tag * Add: cyber-threat-framework taxonomy added. [Alexandre Dulaunoy] Cyber Threat Framework was developed by the US Government to enable consistent characterization and categorization of cyber threat events, and to identify trends or changes in the activities of cyber adversaries. * Merge pull request #85 from gianninou/master. [Alexandre Dulaunoy] add pentext taxonomy * Add references for pentest taxonomy. [Valentin Giannini] * Update namespace pentest. [Valentin Giannini] * Add pentext taxonomy. [Valentin Giannini] * Add: incident-disposition taxonomy. [Alexandre Dulaunoy] * Merge pull request #83 from gianninou/master. [Alexandre Dulaunoy] Add CERT-XLM taxonomie * Add CERT-XLM on MANIFEST.json. [Valentin Giannini] * Update CERT-XLM json. [Valentin Giannini] * Add missing. [Valentin Giannini] * Add CERT-XLM taxonomie. [Valentin Giannini] * Merge pull request #81 from droe/master. [Alexandre Dulaunoy] Set exclusive flag on misp:automation-level predicate * Set exclusive flag on automation-level predicate. [Daniel Roethlisberger] * Merge pull request #80 from droe/master. [Alexandre Dulaunoy] Add automation-level predicate to misp taxonomy * Bumping version to 6. [Daniel Roethlisberger] * Add automation-level to the list of predicate descriptions. [Daniel Roethlisberger] * Rename "automatic" to "unsupervised" after review with @amuehlem. [Daniel Roethlisberger] * Add: New predicate misp:automation-level indicating whether an event or attribute was imported into MISP in a fully automatic fashion, was reviewed by a human, or directly stems from manual analysis. [Daniel Roethlisberger] /cc @h122015 * Add: new taxonomy added Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf. [Alexandre Dulaunoy] * Merge pull request #79 from michael-hamm/master. [Alexandre Dulaunoy] Honeypot basic taxonomy * Replace underscore with dash. [Michael Hamm] * Role in Multi-tier Architecture added. [Michael Hamm] * Communication-interface added. [Michael Hamm] * Distribution Appearance added. [Michael Hamm] * Containment added. [Michael Hamm] * Data Capture added. [Michael Hamm] * Honeypot basic taxonomy. [Michael Hamm] * Fixed. [Alexandre Dulaunoy] * New taxonomy runtime-packer added. [Alexandre Dulaunoy] Runtime or software packer used to combine compressed data with the decompression code. The decompression code can add additional obfuscations mechanisms including polymorphic-packer or other o bfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries. * Manifest updated. [Alexandre Dulaunoy] * Workflow: review credibility added. [Alexandre Dulaunoy] * Perms changed. [Alexandre Dulaunoy] * Perms changed. [Alexandre Dulaunoy] * Add: Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information. [Alexandre Dulaunoy] * Add: numerical value is now displayed in the documentation. [Alexandre Dulaunoy] * Osint version updated. [Alexandre Dulaunoy] * Add: exclusive property added to express exclusivity at predicate or value level. [Alexandre Dulaunoy] Exclusive property allows to express if a predicate or a value is exclusive. The exclusive property applies at namespace level (if the predicate is exclusive) or at predicate level is the value is exclusive. TLP and fr-classif updated with exclusive property. The exclusive property can be used by the software (e.g. MISP) to warn users if (s)he tries to add multiple tags on the same element (attribute, event...). It's up to the configuration of the software to enforce it or not. By default, tags are not exclusive. * Cannot type Today. [Alexandre Dulaunoy] * Numerical values added to admiralty scale based on feedback. [Alexandre Dulaunoy] * Update: OSINT now includes a "presentation" type source. [Alexandre Dulaunoy] * Ais-marking added to manifest. [Alexandre Dulaunoy] * AIS marking based on The AIS Marking Schema implementation is maintained by the National Cybersecurity and Communication Integration Center (NCCIC) of the U.S. Department of Homeland Security (DHS). [Alexandre Dulaunoy] * Merge pull request #76 from Delta-Sierra/master. [Alexandre Dulaunoy] update mapping * Update mapping. [Deborah Servili] * Description added at predicate level too. [Alexandre Dulaunoy] * Add: description is now added in the asciidoc output for the values. [Alexandre Dulaunoy] * Merge pull request #75 from michael-hamm/master. [Alexandre Dulaunoy] eCSIRT taxonomy updated to fully support version mkVI of 31 March 201… * ECSIRT taxonomy updated to fully support version mkVI of 31 March 2015 and still support IntelMQ taxonomy-type mapping. [Michael Hamm] * Add: mapping of taxonomy added in the asciidoc output. [Alexandre Dulaunoy] * Added: numerical value (approximation) added to estimative language namespace. [Alexandre Dulaunoy] * Collaborative analysis updated. [Alexandre Dulaunoy] * Request detection-signature. [Alexandre Dulaunoy] * Collaborative-intelligence added. [Alexandre Dulaunoy] * Collaborative-intelligence namespace added. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] * Properly fix manifest. [Raphaël Vinot] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot] * Remove duplicate. [Raphaël Vinot] * Add schema for mapping. [Raphaël Vinot] * Added: Collaborative intelligence support language is a common language to support analysts to perform their analysis to get crowdsourced support when using threat intelligence sharing platform like MISP. The objective of this language is to advance collaborative analysis and to share earlier than later. [Alexandre Dulaunoy] * Change the path of the default asciidoctor-pdf. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] * Update manifest. [Raphaël Vinot] * CSSA agreed taxonomy added. [Alexandre Dulaunoy] * Cssa: Version must be an integer. [Alexandre Dulaunoy] * Moved to a proper directory - The CSSA agreed sharing taxonomy. [Alexandre Dulaunoy] * Remove cssa file. [Alexandre Dulaunoy] * Merge pull request #73 from yannw/patch-1. [Raphaël Vinot] CSSA Taxonomy * CSSA Taxonomy. [yannw] Used by CSSA e.V. members to add the Class (quality of the data: High_class, Vetted, Unvetted) anbd the Origin of the data. * Update validate. [Raphaël Vinot] * Clean travis. [Raphaël Vinot] * Cleanup tests. [Raphaël Vinot] * Improve consistency when lising the predicates, remove duplicates. [Raphaël Vinot] * SeekmoSearchAssistant was here twice in ms-caro-malware-full * Mult was here twice in ms-caro-malware-full * CouponRuc was here twice in ms-caro-malware-full * mobile-malware was here twice in enisa * spear-phishing-attacks was here twice in enisa * Cleanup veris. [Raphaël Vinot] * Force run PyTaxonomies in travis. [Raphaël Vinot] * Make the schema more sane. [Raphaël Vinot] * Generator added. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] * Merge pull request #72 from Delta-Sierra/master. [Alexandre Dulaunoy] update manifest * Merge https://github.com/MISP/misp-taxonomies. [Deborah Servili] * Update manifest. [Deborah Servili] * Add DöL to readme. [Deborah Servili] * Additional sources including honeypot, spamtramp or alike. [Alexandre Dulaunoy] * Merge pull request #71 from Delta-Sierra/master. [Alexandre Dulaunoy] add DML taxonomy * Merge branch 'master' of https://github.com/Delta-Sierra/misp-taxonomies. [Deborah Servili] * Add DML taxonomy. [Deborah Servili] * Automatic-analysis added. [Alexandre Dulaunoy] * Merge pull request #69 from Delta-Sierra/master. [Alexandre Dulaunoy] mapping tlp * Correct typo~ [Deborah Servili] * Merge https://github.com/MISP/misp-taxonomies. [Deborah Servili] * Fix #67 - typo in the description of Culture-oriented organisation. [Alexandre Dulaunoy] * Merge pull request #68 from Delta-Sierra/master. [Alexandre Dulaunoy] add action-taken taxonomy * Mapping tlp. [Deborah Servili] * Jq. [Deborah Servili] * Add action-taken taxonomy. [Deborah Servili] * Documentation links added. [Alexandre Dulaunoy] * MinItem for the array. [Alexandre Dulaunoy] * Type added to only allow tagging on users or organisations. [Alexandre Dulaunoy] * Schema updated to include the type - https://github.com/MISP/MISP/issues/2159. [Alexandre Dulaunoy] By default all taxonomies are applicable to events and attributes. But new features will be introduced to support specific tagging for users or organisations. For more information: https://github.com/MISP/MISP/issues/2159 * New type added - user and org only. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] * Merge pull request #63 from gallypette/master. [Alexandre Dulaunoy] New items to analyst assessment, removal of analysis-related items * Adds experience related to web application security. [gallypette] * Adds experience related to crypto. [gallypette] * Adds OS, and web-related items. [gallypette] * Removes parts that belong to the analysis, adds predicates relating to reversing. [gallypette] * New taxonomy event-assessment - series of assessment predicates describing the event assessment performed to make judgement(s) under a certain level of uncertainty. [Alexandre Dulaunoy] * New taxonomy to describe Tor network infrastructure added. [Alexandre Dulaunoy] * Fix the asciidoctor admonition reference to have a proper output. [Alexandre Dulaunoy] * Machinetag list is now sorted by default. [Alexandre Dulaunoy] * A first version of A series of assessment predicates describing the analyst capabilities to perform analysis or making judgments under a certain level of uncertainty. These assessment can be assigned by the analyst him/herself or by another party evaluating the analyst or the analysis. [Alexandre Dulaunoy] This is based on various documents but especially those two documents: - Psychology of Intelligence Analysis (Richards J. Heuer, Jr.) - Judgment under Uncertainty: Heuristics and Biases (Amos Tversky; Daniel Kahneman) The challenge when doing such taxonomy is to describes a human process into a machine-readable taxonomy. So feedback (via PR or issues) is more than welcome. * Merge pull request #61 from FloatingGhost/master. [Alexandre Dulaunoy] Basic binary taxonomy * Vocabulaire des probabilités estimatives added to index. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot] * Make pep8 happy. [Raphaël Vinot] * Vocabulaire des probabilités estimatives added based on the document from "Service canadien de renseignements criminels". [Alexandre Dulaunoy] * Typo corrected. [Andras Iklody] * A first taxonomy covering DDoS attack. [Alexandre Dulaunoy] * Merge pull request #60 from MISP/access. [Raphaël Vinot] [WIP] Add assessnow taxonomy * Add assessnow taxonomy. [Raphaël Vinot] * Clean-up. [Alexandre Dulaunoy] * Proposal for blocking module expansion. [Alexandre Dulaunoy] * Update schema, fix taxonomies accordingly. [Raphaël Vinot] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot] * Diamond model added to the README and MANIFEST. [Alexandre Dulaunoy] * Merge pull request #58 from FloatingGhost/master. [Alexandre Dulaunoy] Update machinetag to allow running from any directory * Update machinetag to allow running from any directory. [Hannah Ward] * Merge pull request #57 from gbossert/killchain-weaponization. [Alexandre Dulaunoy] Typo fix: replaces weaponiSation by weaponiZation * Upgrade version number from 1 to 2 in cyber killchain taxo. [Georges Bossert] * Typo fix: replaces weaponiSation by weaponiZation. [Georges Bossert] The official term (see. http://www.lockheedmartin.com/us/what-we-do/aerospace-defense/cyber/cyber-kill-chain.html) relies on the American/Oxford spelling. * MANIFEST updated. [Alexandre Dulaunoy] * Source-code-repository as source added. [Alexandre Dulaunoy] * JQ all the things. [Raphaël Vinot] * Add schema. [Raphaël Vinot] * Merge pull request #56 from FloatingGhost/master. [Alexandre Dulaunoy] Added passivetotal tags for #30. * Restored manifest to have the right entries. [Hannah Ward] * Added basic PassiveTotal tags, updated MANIFEST. [Hannah Ward] * MANIFEST file version updated. [Alexandre Dulaunoy] * Merge pull request #55 from gbossert/stix-ttp. [Andras Iklody] Registers stix-ttp taxonomy in MANIFEST.json. * Registers stix-ttp taxonomy in MANIFEST.json. [Georges Bossert] * Merge pull request #54 from gbossert/stix-ttp. [Andras Iklody] Introducing STIX-TTP Taxonomy * Introducing STIX-TTP Taxonomy. [Georges Bossert] The STIX-TTP taxonomy follows the STIX model to handle the classification of event TTPs. This version covers both Victim Trageting by Sector and Victim Targeting by Information Type. * OSINT updated. [Alexandre Dulaunoy] * Microblog-post added in the type OSINT source. [Alexandre Dulaunoy] * Default branch of MISP changed - so raw path images too... [Alexandre Dulaunoy] * MANIFEST updated to add TTI. [Alexandre Dulaunoy] * Typo fixed. [Alexandre Dulaunoy] * TTI added. [Alexandre Dulaunoy] * Targeted-threat-index taxonomy added. [Alexandre Dulaunoy] The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman. ref: https://citizenlab.org/2013/10/targeted-threat-index/ * Galaxy removed. [Alexandre Dulaunoy] * MISP galaxy removed as included by default via galaxy. [Alexandre Dulaunoy] https://github.com/MISP/MISP/issues/1731#issuecomment-265766291 * Reference added to the diamond model taxonomy. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] * Merge pull request #52 from pstirparo/master. [Alexandre Dulaunoy] adding diamond model taxonomy * Adding diamond model taxonomy. [Pasquale Stirparo] * Merge pull request #50 from cvandeplas/master. [Alexandre Dulaunoy] Updated misp-galaxy taxonomy * Updated misp-galaxy taxonomy. [Christophe Vandeplas] * Merge pull request #51 from flmsc/master. [Alexandre Dulaunoy] Fixed some broken links in README.md * Fixed some broken links in README.md. [Florian Schuetz] * Version for galaxy updated. [Alexandre Dulaunoy] * Merge pull request #49 from cvandeplas/master. [Alexandre Dulaunoy] Updated misp-galaxy taxonomy * Updated misp-galaxy taxonomy. [Christophe Vandeplas] * Merge pull request #47 from cvandeplas/master. [Alexandre Dulaunoy] Updated misp-galaxy taxonomy * Updated misp-galaxy taxonomy. [Christophe Vandeplas] * Version updated. [Alexandre Dulaunoy] * Updated to the latest version of the MISP galaxy. [Alexandre Dulaunoy] * Fixing the galaxy with the new clusters name. [Alexandre Dulaunoy] * Merge pull request #46 from Delta-Sierra/master. [Alexandre Dulaunoy] update mapping * Update mapping. [Déborah Servili] * Match taxonomy namespace. [Alexandre Dulaunoy] * Stealth_malware to match taxonomy namespace. [Alexandre Dulaunoy] * Stealth-malware namespace added. [Alexandre Dulaunoy] * Typo fixed. [Alexandre Dulaunoy] * Merge pull request #44 from RichieB2B/ncsc-nl/stealth-malware. [Alexandre Dulaunoy] Add Stealth Malware Taxonomy as defined by Joanna Rutkowska * Add Stealth Malware Taxonomy as defined by Joanna Rutkowska. [Richard van den Berg] * Merge pull request #43 from cvandeplas/master. [Alexandre Dulaunoy] Galaxy elements as taxonomies * Converted galaxy to taxonomy. [Christophe Vandeplas] * Script to convert galaxy to taxonomy. [Christophe Vandeplas] * MISP mapping changed key as object to add optional fields like colour, description. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] * Merge pull request #41 from cvandeplas/master. [Alexandre Dulaunoy] dynamically build taxonomies list * Dynamically build taxonomies list. [Christophe Vandeplas] solves the problem to update the list constantly * Explicitely set values to null if there are none. [Raphaël Vinot] * New mapping taxonomy library added. [Alexandre Dulaunoy] A simple JSON format where a vernacular/common name describes all the potential associated machine tags. The format is a simple JSON object with a key for the common name which references a list of potential associated machine tags. The usage (in a first step) in MISP will be the following: - The replacement in the index UI of the corresponding list of machine tags by the vernacular/common name. - The ability to add automatically associated machine tags when tagging with the vernacular/common name. Even if the machine tags is not enabled in MISP, the tag will be added. * Fix Typos in TLP & PAP. [Raphaël Vinot] * Version of MISP taxonomy updated. [Alexandre Dulaunoy] * Misp:should-not-sync added (to be used with feeds or other local event which are not recommended to be synced) [Alexandre Dulaunoy] * Manifest fixed. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] Conflicts: osint/machinetag.json * Merge pull request #39 from cvandeplas/master. [Alexandre Dulaunoy] added OSINT source-type expansion * Added OSINT source-type expansion. [Christophe Vandeplas] * Fix inconsistencies between MANIFEST, directory names and taxonomies. [Raphaël Vinot] * Merge pull request #38 from michael-hamm/rt_event_status. [Alexandre Dulaunoy] Status of events used in Request Tracker. * Status of events used in Request Tracker. [Michael Hamm] * Merge pull request #37 from bradh/patch-1. [Alexandre Dulaunoy] Typo fix * Typo fix. [Brad Hards] * Filter or block list added to the OSINT taxonomy. [Alexandre Dulaunoy] * Domain-abuse addetd. [Alexandre Dulaunoy] * Merge pull request #36 from mausding/master. [Alexandre Dulaunoy] Domain name abuse taxonomy * Added domain-abuse. [Michael Hausding] * Added domain-abuse taxonomy. [Michael Hausding] * Merge branch 'master' of github.com:mausding/misp-taxonomies. [Michael Hausding] * Name of taxonomies updated. [Alexandre Dulaunoy] * OSINT: numerical value added to confidence level. [Alexandre Dulaunoy] * Threat-level predicate fixed. [Alexandre Dulaunoy] * Added predicate description. [Andras Iklody] * Low risk added. [Alexandre Dulaunoy] * New threat level created (including CEUS mapping) [Alexandre Dulaunoy] * Merge pull request #34 from rommelfs/patch-1. [Alexandre Dulaunoy] Update, language related * Update, language related. [Sascha Rommelfangen] * Typo fixed. [Alexandre Dulaunoy] * MISP confidence level updated. [Alexandre Dulaunoy] The confidence levels have been changed to 100, 75, 50, 25 and 0. Undefined confidences are not set to avoid ambiguities. * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] * Fixed a typo in the MUST NOT tag. [Andras Iklody] As discovered by @packet-rat in https://github.com/MISP/misp-taxonomies/issues/33 * First experimental confidence level for MISP taxonomy. [Alexandre Dulaunoy] * License clarification - CC0. [Alexandre Dulaunoy] * TLP updated according to FIRST SIG about TLP. [Alexandre Dulaunoy] For more info: https://www.first.org/tlp * Merge pull request #31 from Delta-Sierra/master. [Alexandre Dulaunoy] add Botnet to malware_classification:malware-category * Add Botnet to malware_classification:malware-category. [Raphaël Vinot] * Galaxy mapping removed - moved to the galaxy repo. [Alexandre Dulaunoy] * Galaxy moved to galaxy repo. [Alexandre Dulaunoy] * URLs to galaxy, clusters and elements fixed. [Alexandre Dulaunoy] * Simplify the mapping. [Alexandre Dulaunoy] KISS KISS KISS principle * Reserved taxonomy added. [Alexandre Dulaunoy] * First idea of mapping the MISP galaxy with taxonomies. [Alexandre Dulaunoy] * IEP added. [Alexandre Dulaunoy] * Domain Name Abuse. [Michael Hausding] Taxonomy to tag domain names used for cybercrime. Use europol-incident to tag abuse-activity. TF-CSIRT hackathon Zurich: sykaeh mausding * PAP added. [Alexandre Dulaunoy] * PAP added to the Manifest file. [Alexandre Dulaunoy] * PAP to pap for the file directory. [Alexandre Dulaunoy] * Colour values added to PAP. [Alexandre Dulaunoy] * Merge pull request #28 from jenter8/master. [Alexandre Dulaunoy] Permissible Actions Protocol ("PAP") * Add files via upload. [jenter8] * Add files via upload. [jenter8] * Add test with PyTaxonomies. [Raphaël Vinot] * Update version. [Raphaël Vinot] * Fix manifest. [Raphaël Vinot] * Directory names fixed. [Alexandre Dulaunoy] * Left off the new MANIFEST.json. [Iglocska] * Added versions to manifest and some directory name changes. [Iglocska] - made some changes to the directory names to reflect the actual namespace - added version numbers in MANIFEST.json * First version of the root MANIFEST file for the MISP taxonomies. [Alexandre Dulaunoy] The objective is to generate all the public indexes of MISP taxonomies from that MANIFEST file including the ones from the MISP website, taxonomies and documentation. The file can be also used for automatic updates of taxonomies from MISP or any other application. Note for taxonomy maintainer, don't forget to PR for the MANIFEST update. To be included in the MANIFEST are the external references too (as a ref array in each taxonomy). * Open Threat Taxonomy added. [Alexandre Dulaunoy] * Merge pull request #27 from SDOIR/master. [Raphaël Vinot] Add Open Threat Taxonomy * Add Open Threat Taxonomy. [SDOIR] * Merge pull request #26 from 2xyo/information-security-indicators. [Alexandre Dulaunoy] Add the Information Security Indicators taxonomy * Add the Information Security Indicators taxonomy. [Yohann Lepage] * Merge pull request #25 from SDOIR/master. [Alexandre Dulaunoy] Microsoft's Computer Antivirus Research Organization (CARO) implement… * Microsoft's Computer Antivirus Research Organization (CARO) implementation including malware families. This taxonomy is large and and difficult to work with without a search feature. Instead, use ms-caro-malware. [SDOIR] * Microsoft malware classification added. [Alexandre Dulaunoy] * Ms-caro-malware taxonomy added. [Alexandre Dulaunoy] * Remove jso file. [Alexandre Dulaunoy] * Merge pull request #24 from SDOIR/master. [Alexandre Dulaunoy] Microsoft's Computer Antivirus Research Organization implementation f… * Microsoft's Computer Antivirus Research Organization implementation for malware classification. [SDOIR] * Microsoft's Computer Antivirus Research Organization implementation for malware classification. [SDOIR] * Estimative language added. [Alexandre Dulaunoy] * Estimative language taxonomy added. [Alexandre Dulaunoy] * Fixed JSON format. [Alexandre Dulaunoy] * Estimative language from Intelligence Community Directive 203 (ICD 203) added. [Alexandre Dulaunoy] * Skip non-existing expanded value. [Alexandre Dulaunoy] * Expanded values for the variable string. [Alexandre Dulaunoy] * Skip tags without expanded value. [Alexandre Dulaunoy] * Information Exchange Policy framework updated. [Alexandre Dulaunoy] * Cyber Kill Chain added. [Alexandre Dulaunoy] * Kill-chain taxonomy added. [Alexandre Dulaunoy] * Merge pull request #23 from iglocska/master. [Alexandre Dulaunoy] Updated the kill chain explanations to reflect the meaning of the kil… * Updated the kill chain explanations to reflect the meaning of the kil chain phase instead of the remedy. [Iglocska] * Added the Cyber kill-chain. [Iglocska] * Added Forum Incident Response and Security Teams (FIRST) Information Exchange Policy framework Version 1.0. [Alexandre Dulaunoy] * Misp contibutor predicate. [Alexandre Dulaunoy] * ENISA link added. [Alexandre Dulaunoy] * Updated to reflect the ENISA and Europol taxonimies added. [Alexandre Dulaunoy] * Complete ENISA Threat Taxonomy added. [Alexandre Dulaunoy] * ENISA updated. [Alexandre Dulaunoy] * Eavesdropping/ Interception/ Hijacking added. [Alexandre Dulaunoy] * Outages added. [Alexandre Dulaunoy] * ENISA taxonomy updated. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] Conflicts: tools/machinetag.py * Add Europol types of events taxonomy. [Raphaël Vinot] * Add doc, update tool. [Raphaël Vinot] * Add Europol incidents taxonomy. [Raphaël Vinot] * Add the ENISA taxonomy. [Alexandre Dulaunoy] * Colour added to the TLP taxonomy (fix #21) [Alexandre Dulaunoy] Colour is now an optional field that can be at predicate level or value level to set a default color for the tag. * Updated ENISA taxonomies. [Alexandre Dulaunoy] * More disasters added. [Alexandre Dulaunoy] * Typo fixed + disaster predicate added. [Alexandre Dulaunoy] * More unintentional-damage. [Alexandre Dulaunoy] * More entries added. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] * Initial MISP internal taxonomy to infer with MISP behaviors. [Alexandre Dulaunoy] * Namespace and predicated added - ENISA Threat Taxonomy A tool for structuring threat information. [Alexandre Dulaunoy] * Asciidoctor output fixed. [Alexandre Dulaunoy] * FR Classification - pretty print. [Alexandre Dulaunoy] * EU Critical Sectors added. [Alexandre Dulaunoy] * DHS CIIP reference added. [Alexandre Dulaunoy] * Add adversary infrastructure taxonomy. [Alexandre Dulaunoy] * Merge pull request #20 from smsiebe/patch-2. [Andras Iklody] typo fix * Typo fix. [Steven Siebert] documentation typo fix * Merge pull request #19 from smsiebe/patch-1. [Andras Iklody] fix missing step in command line example * Fix missing step in command line example. [Steven Siebert] command line example starting on line 76 missed a step, and if followed, results in the machinetag.json file being created in the wrong directory * Update readme. [Raphaël Vinot] * Add travis file. [Raphaël Vinot] * Presentation added. [Alexandre Dulaunoy] * Merge pull request #18 from remg427/patch-2. [Alexandre Dulaunoy] Update machinetag.json * Update machinetag.json. [remg427] Official Classification markings EUCI * Typo fixed. [Alexandre Dulaunoy] * New taxonomies added. [Alexandre Dulaunoy] * DHS CIIP added + some fixes from pull request. [Alexandre Dulaunoy] * Include #16. [Alexandre Dulaunoy] * FR gov classification. [Alexandre Dulaunoy] * Remove fr-classif (should be a directory by default) [Alexandre Dulaunoy] * Merge pull request #15 from eu-pi/patch-1. [Alexandre Dulaunoy] FR data classification * Update fr-classif. [eu-pi] * Create fr-classif. [eu-pi] * -n option added to view a specific namespace. [Alexandre Dulaunoy] * Action added to the adversary name space. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] * Typo fixed. [Alexandre Dulaunoy] * Infrastructure state has been added. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] * Merge pull request #10 from deralexxx/patch-1. [Alexandre Dulaunoy] How to write your private taxonomy * How to write your private taxonomy. [Alexander J] * DE German (DE) - Government classification markings (VS) added. [Alexandre Dulaunoy] * To be UTF-8 consistent. [Alexandre Dulaunoy] * Merge pull request #12 from MichaelDwucet/master. [Alexandre Dulaunoy] Merge German (DE) Government classification markings (VS) with misp-taxonomies master * Update README.md. [Michael Dwucet] typo * Merge pull request #2 from MichaelDwucet/MichaelDwucet-patch-DE-Classified-Information-2. [Michael Dwucet] Create README.md for German Classifed Information Taxonomy * Create README.md. [MichaelDwucet] Readme for DE-VS Taxonomy. * Merge pull request #1 from MichaelDwucet/MichaelDwucet-patch-DE-Classified-Information-1. [Michael Dwucet] Create machinetag.json for German Classifed Information Taxonomy * Create machinetag.json. [MichaelDwucet] New machinetag.json for German (DE) Government classification markings (VS) * New taxonomies listed. [Alexandre Dulaunoy] * SANS malware classification added. [Alexandre Dulaunoy] * FIRST Case classification added in the index. [Alexandre Dulaunoy] * UTF-8 output. [Alexandre Dulaunoy] * Malware namespace added. [Alexandre Dulaunoy] * Merge pull request #9 from deralexxx/master. [Alexandre Dulaunoy] first shot of malware classification * First shot of malware classification. [deralexxx] * First_csirt_case_classification added in the tool. [Alexandre Dulaunoy] * Merge pull request #8 from deralexxx/master. [Alexandre Dulaunoy] CSIRT Case Classification (Example for Enterprise CSIRT) * Tags. [deralexxx] * Readme. [deralexxx] * TDS fixed. [Alexandre Dulaunoy] * Adversary taxonomy: typo fixed. [Alexandre Dulaunoy] * Adversary expanded with TDS and panel classification. [Alexandre Dulaunoy] * Adversary machine tag added - first draft version. [Alexandre Dulaunoy] * OSINT add in the list. [Alexandre Dulaunoy] * Certainty scale added. [Alexandre Dulaunoy] The scale is based on the section "An Odds Table" from the following reference: https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/books-and-monographs/sherman-kent-and-the-board-of-national-estimates-collected-essays/6words.html * OSINT taxonomy (early version) added. [Alexandre Dulaunoy] * NATO classification marking added. [Alexandre Dulaunoy] * Image added. [Alexandre Dulaunoy] * Image of the explanation added. [Alexandre Dulaunoy] * Overview of the MISP taxonomies technique. [Alexandre Dulaunoy] * Expanded namespace for TLP added. [Alexandre Dulaunoy] * Support for expanded namespace added. [Alexandre Dulaunoy] * EUCI added. [Alexandre Dulaunoy] * Description fixed. [Alexandre Dulaunoy] * Description added in the asciidoctor output. [Alexandre Dulaunoy] * EUCI added. [Alexandre Dulaunoy] * EUCI marking added. [Alexandre Dulaunoy] * EU classified information (EUCI) marking added. [Alexandre Dulaunoy] * Logo added in documentation generation. [Alexandre Dulaunoy] * Generate asciidoctor pages from JSON taxonomies. [Alexandre Dulaunoy] Option -a added to generate asciidoctor output of all taxonomies. * -v verbose option added to print descriptions. [Alexandre Dulaunoy] * NATO classification markings. (first DRAFT) [Alexandre Dulaunoy] * ISM added. [Alexandre Dulaunoy] * Missing atomicEnergyMarkings added. [Alexandre Dulaunoy] * Initial support for ISM (Information Security Marking Metadata) as described by DNI.gov. [Alexandre Dulaunoy] * First version of Information Security Marking Metadata (DNI.gov) [Alexandre Dulaunoy] * ECSIRT added. [Alexandre Dulaunoy] * Added Incident Classification by the ecsirt.net project WP4 clearinghouse policy and updated by IntelMQ. [Alexandre Dulaunoy] * List of taxonomies added. [Alexandre Dulaunoy] * How to contribute your taxonomy added. [Alexandre Dulaunoy] * Added missing version. [Alexandre Dulaunoy] * MISP link added. [Alexandre Dulaunoy] * Generic taxonomies support starts in MISP 2.4. [Alexandre Dulaunoy] * Typo fixed. [Alexandre Dulaunoy] * Veris added. [Alexandre Dulaunoy] * Minimal code to parse Veris label and generate triple tags/machine tags. [Alexandre Dulaunoy] * Veris added + skipping non expanded predicates. [Alexandre Dulaunoy] * Vocabulary for Event Recording and Incident Sharing (VERIS) added. [Alexandre Dulaunoy] * CIRCL Taxonomy added. [Alexandre Dulaunoy] * CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection added. [Alexandre Dulaunoy] * CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection added. [Alexandre Dulaunoy] * TLP classification added - fix #3. [Alexandre Dulaunoy] * TLP (Traffic Light Protocol) added as triple tags format. [Alexandre Dulaunoy] based on the description from CIRCL: https://www.circl.lu/pub/traffic-light-protocol/ * Support triple tags JSON file without values. [Alexandre Dulaunoy] * Added a version number in the JSON - Fix #2. [Alexandre Dulaunoy] * Some clarification of the machine tags usage. [Alexandre Dulaunoy] * Minimal README added. [Alexandre Dulaunoy] * Parsing tool for MISP taxonomies expressed in Machine Tags (Triple Tags) to list all valid tags from a specific taxonomy. [Alexandre Dulaunoy] * JSON coherence. [Alexandre Dulaunoy] * Default json added. [Alexandre Dulaunoy] * First version of the Admiralty Scale machine tags described in JSON. [Alexandre Dulaunoy] * Dmiralty-scale added (description and overview) [Alexandre Dulaunoy]