Closed terrymacdonald closed 4 years ago
Also just noticed that the 'Mapping of taxonomies' section on https://www.misp-project.org/taxonomies.html#_mapping_of_taxonomies will need to have the new iep2-policy entries added for the TLP equivalence at tables 25-28.
Hi Terry, Thanks a lot for the contribution. I will have a look Today and do the mapping.
Thank you for the contribution. The MISP taxonomies have been updated and it's also available in the 2.4 branch of MISP.
I did some minor updates and add a note in the commit regarding the variable text part:
https://github.com/MISP/misp-taxonomies/commit/8f78178f96b317040008f3698fa6a8307308b6d4
Hi,
I'm one of the IEP co-chairs, and we've just had IEP 2.0 approved by the FIRST board. We're in the process of getting IEP 2.0 website created (it will live at https://www.first.org/iep/), but it's not quite online yet.
As MISP had an IEP 1.0 implementation we wanted to help out the community and do one for IEP 2.0 as well. IEP 2.0 has two objects, the IEP Policy object and the IEP 2.0 Policy Reference object, and as such this pull request contains those two objects as well.
There is one bit I'd like special review on, and that is the fact that I've used a JSON number for the iep_version tag. The reason is that IEP 2.0 specifies the iep_version must be a JSON number. We'd like to check that this won't break MISP... as we're not sure if MISP will handle numerical values in the tags. machinetag.py seems happy to convert this to text, but we'd just like confirmation that this won't break MISP.
I've tested using machinetag.py and have the following results: PS E:\vscode-projects\misp-taxonomies\tools> python.exe .\machinetag.py -n iep2-policy iep2-policy:id="$text" iep2-policy:name="$text" iep2-policy:description="$text" iep2-policy:iep_version="2.0" iep2-policy:start_date="$text" iep2-policy:end_date="$text" iep2-policy:encrypt_in_transit="must" iep2-policy:encrypt_in_transit="may" iep2-policy:permitted_actions="none" iep2-policy:permitted_actions="contact-for-instruction" iep2-policy:permitted_actions="internally-visible-actions" iep2-policy:permitted_actions="externally-visible-indirect-actions" iep2-policy:permitted_actions="externally-visible-direct-actions" iep2-policy:affected_party_notifications="may" iep2-policy:affected_party_notifications="must-not" iep2-policy:tlp="red" iep2-policy:tlp="amber" iep2-policy:tlp="green" iep2-policy:tlp="white" iep2-policy:attribution="may" iep2-policy:attribution="must" iep2-policy:attribution="must-not" iep2-policy:unmodified_resale="may" iep2-policy:unmodified_resale="must-not" iep2-policy:external_reference="$text" PS E:\vscode-projects\misp-taxonomies\tools> python.exe .\machinetag.py -n iep2-reference iep2-reference:id_ref="$text" iep2-reference:url="$text" iep2-reference:iep_version="2.0"
Thanks Terry MacDonald FIRST IEP-SIG Co-chair