search

MISP / misp-taxonomies

Taxonomies used in MISP taxonomy system and can be used by other information sharing tool.
https://www.circl.lu/doc/misp-taxonomies/
Other
260 stars 134 forks source link

Add machinetag.json of GrayZone Taxonomy #237

Closed th3r3d closed 2 years ago

th3r3d commented 2 years ago

GrayZone of Active Defense, originaly published by Washington University, v2 created and updated by DCG420

adulau commented 2 years ago

Thanks a lot for the pull-request. It's an interesting topic for a taxonomy.

I did some clean-up in the pull-request available https://github.com/MISP/misp-taxonomies/commit/b62e125310d74a8e94994928918ab734d635b37d

I have some questions to finalise the inclusion of the taxonomy:

Thanks a lot.

adulau commented 2 years ago

There is a new pull-request based on your original one. https://github.com/MISP/misp-taxonomies/pull/238 - have a look and let me know if this is fine for you.

th3r3d commented 2 years ago

Thanks a lot for the pull-request. It's an interesting topic for a taxonomy.

I did some clean-up in the pull-request available b62e125

I have some questions to finalise the inclusion of the taxonomy:

Thanks a lot.

That is correct. The original version has been created by Washington University on US government order. But that concept is in our view outdated and incomplete. So we did make some changes to better tag active / proactive / offensive actions and steps. We use these for deception campaign planning and possible outputs or for threat/adversary emulation. The v2 is @ https://dcg420.org/active-defense-gray-zone-v2-0-by-dcg420/ You will have to use translator (not large text). Basically the reason for this taxonomy and edits of original version is MISP, b/c we also use the MISP as adversary scenario book and that off course help to create own IoC (as someone once tell me: "the best IoC are Your own") ;-) Jan