### Add Private Taxonomy to MISP Source: https://github.com/misp/misp-taxonomies/blob/main/README.md Steps to create a directory and a taxonomy file for a private taxonomy within the MISP installation. ```shell $ cd /var/www/MISP/app/files/taxonomies/ $ mkdir privatetaxonomy $ cd privatetaxonomy $ vi machinetag.json ``` -------------------------------- ### Machine-Parsable Incident Category Tag Source: https://github.com/misp/misp-taxonomies/blob/main/csirt_case_classification/README.md This example shows a machine-parsable tag for classifying an incident as 'internal-hacking'. This format can be used by software for UI representation and storage. ```text csirt_case_classification:incident-category="internal-hacking" ``` -------------------------------- ### Machine-Parsable Admiralty Scale Tag Source: https://github.com/misp/misp-taxonomies/blob/main/admiralty-scale/README.md Example of a machine-parsable tag for source reliability using the Admiralty Scale format. This format is useful for software integration and data storage. ```text admiralty-scale:source-reliability="b" ``` -------------------------------- ### Parse Taxonomies with machinetag.py Source: https://github.com/misp/misp-taxonomies/blob/main/README.md Use the machinetag.py script to parse and list valid tags from a specific taxonomy file. ```shell % cd tools % python machinetag.py admiralty-scale:source-reliability="a" admiralty-scale:source-reliability="b" admiralty-scale:source-reliability="c" admiralty-scale:source-reliability="d" admiralty-scale:source-reliability="e" admiralty-scale:source-reliability="f" admiralty-scale:information-credibility="1" admiralty-scale:information-credibility="2" admiralty-scale:information-credibility="3" admiralty-scale:information-credibility="4" admiralty-scale:information-credibility="5" admiralty-scale:information-credibility="6" ... ``` -------------------------------- ### MISP Taxonomies License Source: https://github.com/misp/misp-taxonomies/blob/main/README.md Standard license text for MISP taxonomies, allowing redistribution with modifications. ```text Copyright (c) 2015-2024 Alexandre Dulaunoy - a@foo.be Copyright (c) 2015-2024 CIRCL - Computer Incident Response Center Luxembourg Copyright (c) 2015-2024 Andras Iklody Copyright (c) 2015-2024 Raphael Vinot Copyright (c) 2016-2024 Various contributors to MISP Project Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ``` -------------------------------- ### Machine-Parsable Malware Classification Tag Source: https://github.com/misp/misp-taxonomies/blob/main/malware_classification/README.md Use this tag to represent malware classification in a machine-readable format. It follows the pattern 'malware_classification:malware-category="[category]"'. ```text malware_classification:malware-category="virus" ``` -------------------------------- ### Machine-Parsable Stealth Malware Tag Source: https://github.com/misp/misp-taxonomies/blob/main/stealth_malware/README.md This tag represents a Type II stealth malware classification. It is used for machine-readable identification of malware behavior. ```text stealth_malware:type="II" ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.