taxonomies updated

taxonomies.html

@@ -467,6 +467,7 @@ <h1>MISP taxonomies and classification as machine tags</h1>
 <li><a href="#_europol_incident">europol-incident</a></li>
 <li><a href="#_event_assessment">event-assessment</a></li>
 <li><a href="#_fr_classif">fr-classif</a></li>
+<li><a href="#_honeypot_basic">honeypot-basic</a></li>
 <li><a href="#_iep">iep</a></li>
 <li><a href="#_information_security_indicators">information-security-indicators</a></li>
 <li><a href="#_kill_chain">kill-chain</a></li>
@@ -6679,6 +6680,212 @@ <h4 id="_fr_classif_non_classifiees_non_classifiees">fr-classif:non-classifiees=
 </div>
 </div>
 <div class="sect1">
+<h2 id="_honeypot_basic">honeypot-basic</h2>
+<div class="sectionbody">
+<div class="admonitionblock note">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-note" title="Note"></i>
+</td>
+<td class="content">
+honeypot-basic namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/honeypot-basic/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
+</td>
+</tr>
+</table>
+</div>
+<div class="sect2">
+<h3 id="_interaction_level">interaction-level</h3>
+<div class="paragraph">
+<p>Describes whether the exposed functionality of a honeypot is limited in some way, which is usually the case for honeypots that simulate services.</p>
+</div>
+<div class="sect3">
+<h4 id="_honeypot_basic_interaction_level_high">honeypot-basic:interaction-level="high"</h4>
+<div class="paragraph">
+<p>High Interaction Level</p>
+</div>
+<div class="paragraph">
+<p>Exposed functionality of the honeypot is not limited.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_honeypot_basic_interaction_level_low">honeypot-basic:interaction-level="low"</h4>
+<div class="paragraph">
+<p>low Interaction Level</p>
+</div>
+<div class="paragraph">
+<p>Exposed functionality being limited. For example, a simulated SSH server of a honeypot is not able to authenticate against a valid login/password combination</p>
+</div>
+</div>
+</div>
+<div class="sect2">
+<h3 id="_data_capture">data-capture</h3>
+<div class="paragraph">
+<p>Describes the type of data a honeypot is able to capture</p>
+</div>
+<div class="sect3">
+<h4 id="_honeypot_basic_data_capture_events">honeypot-basic:data-capture="events"</h4>
+<div class="paragraph">
+<p>Events</p>
+</div>
+<div class="paragraph">
+<p>The honeypot collects data about something that has happened or took place, a change in state.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_honeypot_basic_data_capture_attacks">honeypot-basic:data-capture="attacks"</h4>
+<div class="paragraph">
+<p>Attacks</p>
+</div>
+<div class="paragraph">
+<p>The honeypot collects malicious activity.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_honeypot_basic_data_capture_intrusions">honeypot-basic:data-capture="intrusions"</h4>
+<div class="paragraph">
+<p>Intrusions</p>
+</div>
+<div class="paragraph">
+<p>The honeypot collects malicious activity that leads to a security failure.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_honeypot_basic_data_capture_none">honeypot-basic:data-capture="none"</h4>
+<div class="paragraph">
+<p>None</p>
+</div>
+<div class="paragraph">
+<p>The honeypot does not collect events, attacks, or intrusions.</p>
+</div>
+</div>
+</div>
+<div class="sect2">
+<h3 id="_containment">containment</h3>
+<div class="paragraph">
+<p>Classifies the measures a honeypot takes to defend against malicious activity spreading from itself.</p>
+</div>
+<div class="sect3">
+<h4 id="_honeypot_basic_containment_block">honeypot-basic:containment="block"</h4>
+<div class="paragraph">
+<p>Block</p>
+</div>
+<div class="paragraph">
+<p>Attacker’s actions are identified and blocked. The attack never reaches the target.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_honeypot_basic_containment_defuse">honeypot-basic:containment="defuse"</h4>
+<div class="paragraph">
+<p>Defuse</p>
+</div>
+<div class="paragraph">
+<p>The attack reaches the target, but is manipulated in a way that it fails against the target.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_honeypot_basic_containment_slow_down">honeypot-basic:containment="slow-down"</h4>
+<div class="paragraph">
+<p>Slow Down</p>
+</div>
+<div class="paragraph">
+<p>Attacker is slowed down in his actions of spreading malicious activity.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_honeypot_basic_containment_none">honeypot-basic:containment="none"</h4>
+<div class="paragraph">
+<p>None</p>
+</div>
+<div class="paragraph">
+<p>No action is taken to limit the intruder’s spread of malicious activity against other systems.</p>
+</div>
+</div>
+</div>
+<div class="sect2">
+<h3 id="_distribution_appearance">distribution-appearance</h3>
+<div class="paragraph">
+<p>Describes whether the honeypot system appears to be confined to one system or multiple systems.</p>
+</div>
+<div class="sect3">
+<h4 id="_honeypot_basic_distribution_appearance_distributed">honeypot-basic:distribution-appearance="distributed"</h4>
+<div class="paragraph">
+<p>Distributed</p>
+</div>
+<div class="paragraph">
+<p>The honeypot is or appears to be composed of multiple systems.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_honeypot_basic_distribution_appearance_stand_alone">honeypot-basic:distribution-appearance="stand-alone"</h4>
+<div class="paragraph">
+<p>Stand-Alone</p>
+</div>
+<div class="paragraph">
+<p>The honeypot is or appears to be one system.</p>
+</div>
+</div>
+</div>
+<div class="sect2">
+<h3 id="_communication_interface">communication-interface</h3>
+<div class="paragraph">
+<p>Describes the interfaces one can use to interact directly with the honeypot.</p>
+</div>
+<div class="sect3">
+<h4 id="_honeypot_basic_communication_interface_network_interface">honeypot-basic:communication-interface="network-interface"</h4>
+<div class="paragraph">
+<p>Network Interface</p>
+</div>
+<div class="paragraph">
+<p>The honeypot can be directly communicated with via a network interface.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_honeypot_basic_communication_interface_hardware_interface">honeypot-basic:communication-interface="hardware-interface"</h4>
+<div class="paragraph">
+<p>Non-Network Hardware Interface</p>
+</div>
+<div class="paragraph">
+<p>Examples: Printer port, CDROM drives, USB connections.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_honeypot_basic_communication_interface_software_api">honeypot-basic:communication-interface="software-api"</h4>
+<div class="paragraph">
+<p>Software API</p>
+</div>
+<div class="paragraph">
+<p>The honeypot can be interacted with via a software API.</p>
+</div>
+</div>
+</div>
+<div class="sect2">
+<h3 id="_role">role</h3>
+<div class="paragraph">
+<p>Describes in what role the honeypot acts within a multi-tier architecture.</p>
+</div>
+<div class="sect3">
+<h4 id="_honeypot_basic_role_server">honeypot-basic:role="server"</h4>
+<div class="paragraph">
+<p>Server</p>
+</div>
+<div class="paragraph">
+<p>The honeypot is passively awaiting requests from clients.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_honeypot_basic_role_client">honeypot-basic:role="client"</h4>
+<div class="paragraph">
+<p>Client</p>
+</div>
+<div class="paragraph">
+<p>The honeypot is actively initiating requests to servers.</p>
+</div>
+</div>
+</div>
+</div>
+</div>
+<div class="sect1">
 <h2 id="_iep">iep</h2>
 <div class="sectionbody">
 <div class="admonitionblock note">
@@ -20766,7 +20973,7 @@ <h1 id="_mapping_of_taxonomies" class="sect0">Mapping of taxonomies</h1>
 </div>
 <div id="footer">
 <div id="footer-text">
-Last updated 2017-12-28 19:46:43 CET
+Last updated 2018-01-03 14:06:46 CET
 </div>
 </div>
 </body>