Merge branch 'MISP:main' into main

MANIFEST.json

@@ -501,7 +501,7 @@
  {
  "description": "Classification based on different categories. Based on https://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848",
  "name": "malware_classification",
- "version": 2
+ "version": 3
  },
  {
  "description": "classification for the identification of type of misinformation among websites. Source:False, Misleading, Clickbait-y, and/or Satirical News Sources by Melissa Zimdars 2019",
@@ -511,7 +511,7 @@
  {
  "description": "MISP taxonomy to infer with MISP behavior or operation.",
  "name": "misp",
- "version": 12
+ "version": 14
  },
  {
  "description": "MISP workflow taxonomy to support result of workflow execution.",
@@ -748,12 +748,17 @@
  "name": "vocabulaire-des-probabilites-estimatives",
  "version": 3
  },
+ {
+ "description": "A taxonomy for describing vulnerabilities (software, hardware, or social) on different scales or with additional available information.",
+ "name": "vulnerability",
+ "version": 1
+ },
  {
  "description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.",
  "name": "workflow",
- "version": 12
+ "version": 14
  }
  ],
  "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/",
- "version": "20240304"
+ "version": "20240830"
 }

tools/gen.sh

@@ -1,7 +1,7 @@
 python3 machinetag.py -a >a.txt
 asciidoctor a.txt
 asciidoctor-pdf -a allow-uri-read a.txt
-cp a.html ../../misp-website-new/static/taxonomies.html
-cp a.pdf ../../misp-website-new/static/taxonomies.pdf
+cp a.html ../../misp-website/static/taxonomies.html
+cp a.pdf ../../misp-website/static/taxonomies.pdf
 scp a.html [email protected]:/var/www/nwww.circl.lu/doc/misp-taxonomies/index.html
 scp a.pdf [email protected]://var/www/nwww.circl.lu/doc/misp-taxonomies/taxonomies.pdf

vulnerability/machinetag.json

@@ -0,0 +1,66 @@
+{
+ "namespace": "vulnerability",
+ "expanded": "vulnerability",
+ "description": "A taxonomy for describing vulnerabilities (software, hardware, or social) on different scales or with additional available information.",
+ "version": 1,
+ "predicates": [
+ {
+ "value": "exploitability",
+ "expanded": "Exploitability",
+ "description": "Quantification of attack exploitability, providing a level of exploitation for the identified vulnerability.",
+ "exclusive": true
+ },
+ {
+ "value": "information",
+ "expanded": "Information",
+ "description": "Complementary information related to the vulnerability."
+ }
+ ],
+ "values": [
+ {
+ "predicate": "exploitability",
+ "entry": [
+ {
+ "value": "industrialised",
+ "expanded": "Industrialised",
+ "description": "Existing vulnerability with detailed attack methods; multiple tools are available for exploitation."
+ },
+ {
+ "value": "customised",
+ "expanded": "Customised",
+ "description": "Existing vulnerability with a detailed attack approach and one known custom tool available for exploitation."
+ },
+ {
+ "value": "documented",
+ "expanded": "Documented",
+ "description": "Existing vulnerability is documented with an attack approach, but tools for exploitation are not available."
+ },
+ {
+ "value": "theoretical",
+ "expanded": "Theoretical",
+ "description": "Publication describes a theoretical but no actual vulnerability is reported."
+ }
+ ]
+ },
+ {
+ "predicate": "information",
+ "entry": [
+ {
+ "value": "PoC",
+ "expanded": "Proof-of-Concept",
+ "description": "Reference to a proof-of-concept for exploiting the vulnerability."
+ },
+ {
+ "value": "remediation",
+ "expanded": "Remediation",
+ "description": "Remediation to limit or block the exploitability of the vulnerability."
+ },
+ {
+ "value": "annotation",
+ "expanded": "Annotation",
+ "description": "Annotation or clarification to a vulnerability."
+ }
+ ]
+ }
+ ]
+}