-
Notifications
You must be signed in to change notification settings - Fork 134
/
machinetag.json
258 lines (258 loc) · 8.19 KB
/
machinetag.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
{
"namespace": "information-security-data-source",
"description": "Taxonomy to classify the information security data sources.",
"refs": [
"https://www.sciencedirect.com/science/article/pii/S0167404818304978"
],
"version": 1,
"predicates": [
{
"value": "type-of-information",
"expanded": "Type of information",
"description": "Type of provided information"
},
{
"value": "originality",
"expanded": "Originality",
"description": "Originality and novelty of the provided information"
},
{
"value": "timeliness-sharing-behavior",
"expanded": "Timeliness sharing behavior",
"description": "Timeliness of the provided information"
},
{
"value": "integrability-format",
"expanded": "Integrability format",
"description": "Level of integrability format for the provided information"
},
{
"value": "integrability-interface",
"expanded": "Integrability interface",
"description": "Level of integrability interface for the provided information"
},
{
"value": "trustworthiness-creditabilily",
"expanded": "Trustworthiness creditability",
"description": "Source of the creditability"
},
{
"value": "trustworthiness-traceability",
"expanded": "Trustworthiness traceability",
"description": "Traceability of the provided information"
},
{
"value": "trustworthiness-feedback-mechanism",
"expanded": "Trustworthiness feedback mechanism",
"description": "Feedback such as user ratings or comments regarding the usefulness of the provided information"
},
{
"value": "type-of-source",
"expanded": "Type of source",
"description": "Types of information security data source"
}
],
"values": [
{
"predicate": "type-of-information",
"entry": [
{
"value": "vulnerability",
"expanded": "Vulnerability",
"description": "Information regarding a weakness of an asset which might be exploited by a threat"
},
{
"value": "threat",
"expanded": "Threat",
"description": "Information regarding the potential cause on an unwanted incident"
},
{
"value": "countermeasure",
"expanded": "Countermeasure",
"description": "Information regarding any administrative, managerial, technical or legal control that is used to counteract an information security risk"
},
{
"value": "attack",
"expanded": "Attack",
"description": "Information regarding any unauthorized attempt to access, alter or destroy an asset"
},
{
"value": "risk",
"expanded": "Risk",
"description": "Information describing the consequences of a potential event, such as an attack"
},
{
"value": "asset",
"expanded": "Asset",
"description": "Information regarding any object or characteristic that has value to an organization"
}
]
},
{
"predicate": "originality",
"entry": [
{
"value": "original-source",
"expanded": "Original source",
"description": "Information originates from the data sources which publish their own information"
},
{
"value": "secondary-source",
"expanded": "Secondary source",
"description": "Information is integrated or copied from another information security data source"
}
]
},
{
"predicate": "timeliness-sharing-behavior",
"entry": [
{
"value": "routine-sharing",
"expanded": "Routine sharing",
"description": "Information is published at a specific point in time on a regular basis, such as daily, weakly or monthly reports"
},
{
"value": "incident-specific",
"expanded": "Incident specific",
"description": "Information is published whenever news are available or a new incident occurs"
}
]
},
{
"predicate": "integrability-format",
"entry": [
{
"value": "structured",
"expanded": "Structured",
"description": "The provided security information is available in an standardized and structured data format such as MISP core format"
},
{
"value": "unstructured",
"expanded": "Unstructured",
"description": "The provided security information is available in unstructured form without following a common data representation format"
}
]
},
{
"predicate": "integrability-interface",
"entry": [
{
"value": "no-interface",
"expanded": "No interface",
"description": "The information security data source doesn’t provide any interface to access the information"
},
{
"value": "api",
"expanded": "API",
"description": "The information security data source provides an application programming interface (APIs) to obtain the provided information"
},
{
"value": "rss-feeds",
"expanded": "RSS Feeds",
"description": "The information security data source provides an RSS Feed to keep track of the provided information"
},
{
"value": "export",
"expanded": "Export",
"description": "The information security data source provides an interface to export contents as XML, JSON or plain text"
}
]
},
{
"predicate": "trustworthiness-creditabilily",
"entry": [
{
"value": "vendor",
"expanded": "Vendor",
"description": "The publisher of the information is a vendor"
},
{
"value": "government",
"expanded": "Government",
"description": "The publisher of the information is a government"
},
{
"value": "security-expert",
"expanded": "Security expert",
"description": "The publisher of the information is a security expert"
},
{
"value": "normal-user",
"expanded": "Normal user",
"description": "The publisher of the information is a normal user"
}
]
},
{
"predicate": "trustworthiness-traceability",
"entry": [
{
"value": "yes",
"expanded": "Yes",
"description": "The provided information is classified as traceable if it can be traced back, based on meta-data, to a specific publisher and a publishing date"
},
{
"value": "no",
"expanded": "No",
"description": "The provided information cannot be traced back (meta-data are not provided)"
}
]
},
{
"predicate": "trustworthiness-feedback-mechanism",
"entry": [
{
"value": "yes",
"expanded": "Yes",
"description": "The provided information is validated by including user rating, comments or additional analysis"
},
{
"value": "no",
"expanded": "No",
"description": "The provided information is not validated (a user rating, comments is not available)"
}
]
},
{
"predicate": "type-of-source",
"entry": [
{
"value": "news-website",
"expanded": "News website"
},
{
"value": "expert-blog",
"expanded": "Expert blog"
},
{
"value": "security-product-vendor-website",
"expanded": "(Security product) vendor website"
},
{
"value": "vulnerability-database",
"expanded": "Vulnerability database"
},
{
"value": "mailing-list-archive",
"expanded": "Mailing list archive"
},
{
"value": "social-network",
"expanded": "Social network"
},
{
"value": "streaming-portal",
"expanded": "Streaming portal"
},
{
"value": "forum",
"expanded": "Forum"
},
{
"value": "other",
"expanded": "Other"
}
]
}
]
}