-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathmachinetag.json
133 lines (133 loc) · 4.29 KB
/
machinetag.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
{
"namespace": "cycat",
"expanded": " Cybersecurity Resource Catalogue",
"description": "Taxonomy used by CyCAT, the Cybersecurity Resource Catalogue, to categorize the namespaces it supports and uses.",
"version": 3,
"refs": [
"https://www.cycat.org/"
],
"values": [
{
"predicate": "type",
"entry": [
{
"value": "tool",
"expanded": "Tool",
"description": "Open source or proprietary tool used in cybersecurity."
},
{
"value": "playbook",
"expanded": "Playbook",
"description": "Playbook, such as a defined set of rules with one or more actions triggered by different events to respond to, orchestrate or automate cybersecurity related actions."
},
{
"value": "taxonomy",
"expanded": "Taxonomy",
"description": "Cybersecurity taxonomy is a set of labels used to classify (in both terms - arrange in classes or/and design to national classification) cybersecurity related information."
},
{
"value": "rule",
"expanded": "Rule",
"description": "Detection rule or set of detection rules used in the cybersecurity field. Rulesets can be in different formats for (N/L)IDS/SIEM (such as Snort, Suricata, Zeek, SIGMA or YARA) or any other tool capable of parsing them."
},
{
"value": "notebook",
"expanded": "Notebook",
"description": "Interactive document to code, experiment, train or visualize cybersecurity-related information. A notebook can be transcribed in a format such as Jupyter Notebooks, Apache Zeppelin, Pluton or Google Colab."
},
{
"value": "vulnerability",
"expanded": "Vulnerability",
"description": "Public or non-public information about a security vulnerability in a specific software, hardware or service."
},
{
"value": "proof-of-concept",
"expanded": "Proof-of-concept",
"description": "Code to validate a known vulnerability."
},
{
"value": "fingerprint",
"expanded": "Fingerprint",
"description": "Code to uniquely identify specific cybersecurity-relevant patterns. Fingerprints can be expressed in different formats such as ja3, ja3s, hassh, jarm or favicon-mmh3."
},
{
"value": "mitigation",
"expanded": "Mitigation",
"description": "Mitigating control to prevent unwanted activity from happening, like a specific configuration of the operating system/tools or an implementation policy."
},
{
"value": "dataset",
"expanded": "Dataset",
"description": "Dataset for validation of detections and tool stacks,"
},
{
"value": "dataformat",
"expanded": "Data format",
"description": "Data structure and format to describe elements in the cybersecurity field."
},
{
"value": "configuration",
"expanded": "Configuration",
"description": "A configuration describes the state or environment conditions of a tool."
}
]
},
{
"predicate": "scope",
"entry": [
{
"value": "identify",
"expanded": "Identify"
},
{
"value": "protect",
"expanded": "Protect"
},
{
"value": "detect",
"expanded": "Detect"
},
{
"value": "respond",
"expanded": "Respond"
},
{
"value": "recover",
"expanded": "Recover"
},
{
"value": "exploit",
"expanded": "Exploit"
},
{
"value": "investigate",
"expanded": "Investigate"
},
{
"value": "train",
"expanded": "Train"
},
{
"value": "reset",
"expanded": "Reset"
},
{
"value": "test",
"expanded": "Test"
}
]
}
],
"predicates": [
{
"value": "type",
"expanded": "Type",
"description": "Type of entry in the catalogue."
},
{
"value": "scope",
"expanded": "Scope",
"description": "Scope of usage for the entry in the catalogue."
}
]
}