diff --git a/MANIFEST.json b/MANIFEST.json index 2c7df46..f520aca 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -501,7 +501,7 @@ { "description": "Classification based on different categories. Based on https://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848", "name": "malware_classification", - "version": 2 + "version": 3 }, { "description": "classification for the identification of type of misinformation among websites. Source:False, Misleading, Clickbait-y, and/or Satirical News Sources by Melissa Zimdars 2019", @@ -511,7 +511,7 @@ { "description": "MISP taxonomy to infer with MISP behavior or operation.", "name": "misp", - "version": 12 + "version": 14 }, { "description": "MISP workflow taxonomy to support result of workflow execution.", @@ -748,12 +748,17 @@ "name": "vocabulaire-des-probabilites-estimatives", "version": 3 }, + { + "description": "A taxonomy for describing vulnerabilities (software, hardware, or social) on different scales or with additional available information.", + "name": "vulnerability", + "version": 1 + }, { "description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.", "name": "workflow", - "version": 12 + "version": 14 } ], "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/", - "version": "20240304" + "version": "20240830" } diff --git a/tools/gen.sh b/tools/gen.sh index f2586a2..0e55f0f 100644 --- a/tools/gen.sh +++ b/tools/gen.sh @@ -1,7 +1,7 @@ python3 machinetag.py -a >a.txt asciidoctor a.txt asciidoctor-pdf -a allow-uri-read a.txt -cp a.html ../../misp-website-new/static/taxonomies.html -cp a.pdf ../../misp-website-new/static/taxonomies.pdf +cp a.html ../../misp-website/static/taxonomies.html +cp a.pdf ../../misp-website/static/taxonomies.pdf scp a.html circl@cpab.circl.lu:/var/www/nwww.circl.lu/doc/misp-taxonomies/index.html scp a.pdf circl@cpab.circl.lu://var/www/nwww.circl.lu/doc/misp-taxonomies/taxonomies.pdf diff --git a/vulnerability/machinetag.json b/vulnerability/machinetag.json new file mode 100644 index 0000000..8aa398d --- /dev/null +++ b/vulnerability/machinetag.json @@ -0,0 +1,66 @@ +{ + "namespace": "vulnerability", + "expanded": "vulnerability", + "description": "A taxonomy for describing vulnerabilities (software, hardware, or social) on different scales or with additional available information.", + "version": 1, + "predicates": [ + { + "value": "exploitability", + "expanded": "Exploitability", + "description": "Quantification of attack exploitability, providing a level of exploitation for the identified vulnerability.", + "exclusive": true + }, + { + "value": "information", + "expanded": "Information", + "description": "Complementary information related to the vulnerability." + } + ], + "values": [ + { + "predicate": "exploitability", + "entry": [ + { + "value": "industrialised", + "expanded": "Industrialised", + "description": "Existing vulnerability with detailed attack methods; multiple tools are available for exploitation." + }, + { + "value": "customised", + "expanded": "Customised", + "description": "Existing vulnerability with a detailed attack approach and one known custom tool available for exploitation." + }, + { + "value": "documented", + "expanded": "Documented", + "description": "Existing vulnerability is documented with an attack approach, but tools for exploitation are not available." + }, + { + "value": "theoretical", + "expanded": "Theoretical", + "description": "Publication describes a theoretical but no actual vulnerability is reported." + } + ] + }, + { + "predicate": "information", + "entry": [ + { + "value": "PoC", + "expanded": "Proof-of-Concept", + "description": "Reference to a proof-of-concept for exploiting the vulnerability." + }, + { + "value": "remediation", + "expanded": "Remediation", + "description": "Remediation to limit or block the exploitability of the vulnerability." + }, + { + "value": "annotation", + "expanded": "Annotation", + "description": "Annotation or clarification to a vulnerability." + } + ] + } + ] +}