Taxonomies that can be used in MISP (2.4) and other information sharing tool and expressed in Machine Tags (Triple Tags). A machine tag is composed of a namespace (MUST), a predicate (MUST) and an (OPTIONAL) value. Machine tags are often called triple tag due to their format.
The following taxonomies can be used in MISP (as local or distributed tags) or in other tools willing to share common taxonomies among security information sharing tools.
The following taxonomies are described:
- Admiralty Scale
- CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection
- DE German (DE) Government classification markings (VS)
- eCSIRT and IntelMQ incident classification
- EUCI - EU classified information marking
- FIRST CSIRT Case classification
- Information Security Marking Metadata from DNI (Director of National Intelligence - US)
- Malware classification based on a SANS document
- NATO Classification Marking
- OSINT Open Source Intelligence - Classification
- TLP - Traffic Light Protocol
- Vocabulary for Event Recording and Incident Sharing VERIS
The Admiralty Scale (also called the NATO System) is used to rank the reliability of a source and the credibility of an information.
CIRCL Taxonomy is a simple scheme for incident classification and area topic where the incident took place.
DE German (DE) Government classification markings (VS)
Taxonomy for the handling of protectively marked information in MISP with German (DE) Government classification markings (VS).
eCSIRT and IntelMQ incident classification
eCSIRT incident classification Appendix C of the eCSIRT EU project including IntelMQ updates.
EUCI classification
EU classified information (EUCI) means any information or material designated by a EU security classification, the unauthorised disclosure of which could cause varying degrees of prejudice to the interests of the European Union or of one or more of the Member States as described.
FIRST CSIRT Case classification
FIRST CSIRT Case Classification.
Information Security Marking Metadata DNI (Director of National Intelligence - US)
ISM (Information Security Marking Metadata) V13 as described by DNI.gov.
Malware classification
Malware classification based on a SANS whitepaper about malware.
Marking of Classified and Unclassified materials as described by the North Atlantic Treaty Organization, NATO.