search

MISP / misp-taxonomies

Taxonomies used in MISP taxonomy system and can be used by other information sharing tool.
https://www.circl.lu/doc/misp-taxonomies/
Other
260 stars 134 forks source link

Adding IEP 2.0 #176

Closed terrymacdonald closed 4 years ago

terrymacdonald commented 4 years ago

Hi,

I'm one of the IEP co-chairs, and we've just had IEP 2.0 approved by the FIRST board. We're in the process of getting IEP 2.0 website created (it will live at https://www.first.org/iep/), but it's not quite online yet.

As MISP had an IEP 1.0 implementation we wanted to help out the community and do one for IEP 2.0 as well. IEP 2.0 has two objects, the IEP Policy object and the IEP 2.0 Policy Reference object, and as such this pull request contains those two objects as well.

There is one bit I'd like special review on, and that is the fact that I've used a JSON number for the iep_version tag. The reason is that IEP 2.0 specifies the iep_version must be a JSON number. We'd like to check that this won't break MISP... as we're not sure if MISP will handle numerical values in the tags. machinetag.py seems happy to convert this to text, but we'd just like confirmation that this won't break MISP.

I've tested using machinetag.py and have the following results: PS E:\vscode-projects\misp-taxonomies\tools> python.exe .\machinetag.py -n iep2-policy iep2-policy:id="$text" iep2-policy:name="$text" iep2-policy:description="$text" iep2-policy:iep_version="2.0" iep2-policy:start_date="$text" iep2-policy:end_date="$text" iep2-policy:encrypt_in_transit="must" iep2-policy:encrypt_in_transit="may" iep2-policy:permitted_actions="none" iep2-policy:permitted_actions="contact-for-instruction" iep2-policy:permitted_actions="internally-visible-actions" iep2-policy:permitted_actions="externally-visible-indirect-actions" iep2-policy:permitted_actions="externally-visible-direct-actions" iep2-policy:affected_party_notifications="may" iep2-policy:affected_party_notifications="must-not" iep2-policy:tlp="red" iep2-policy:tlp="amber" iep2-policy:tlp="green" iep2-policy:tlp="white" iep2-policy:attribution="may" iep2-policy:attribution="must" iep2-policy:attribution="must-not" iep2-policy:unmodified_resale="may" iep2-policy:unmodified_resale="must-not" iep2-policy:external_reference="$text" PS E:\vscode-projects\misp-taxonomies\tools> python.exe .\machinetag.py -n iep2-reference iep2-reference:id_ref="$text" iep2-reference:url="$text" iep2-reference:iep_version="2.0"

Thanks Terry MacDonald FIRST IEP-SIG Co-chair

terrymacdonald commented 4 years ago

Also just noticed that the 'Mapping of taxonomies' section on https://www.misp-project.org/taxonomies.html#_mapping_of_taxonomies will need to have the new iep2-policy entries added for the TLP equivalence at tables 25-28.

adulau commented 4 years ago

Hi Terry, Thanks a lot for the contribution. I will have a look Today and do the mapping.

adulau commented 4 years ago

Thank you for the contribution. The MISP taxonomies have been updated and it's also available in the 2.4 branch of MISP.

I did some minor updates and add a note in the commit regarding the variable text part:

https://github.com/MISP/misp-taxonomies/commit/8f78178f96b317040008f3698fa6a8307308b6d4