Closed th3r3d closed 2 years ago
Thanks a lot for the pull-request. It's an interesting topic for a taxonomy.
I did some clean-up in the pull-request available https://github.com/MISP/misp-taxonomies/commit/b62e125310d74a8e94994928918ab734d635b37d
I have some questions to finalise the inclusion of the taxonomy:
Thanks a lot.
There is a new pull-request based on your original one. https://github.com/MISP/misp-taxonomies/pull/238 - have a look and let me know if this is fine for you.
Thanks a lot for the pull-request. It's an interesting topic for a taxonomy.
I did some clean-up in the pull-request available b62e125
I have some questions to finalise the inclusion of the taxonomy:
- What's the original document of reference? Is it this one -> https://spfusa.org/research/gray-zone-private-sector-active-defense-cyber-threats/
- I see some missing elements and some new ones. If you have an additional reference or the update that would help me to update it accordingly.
Thanks a lot.
That is correct. The original version has been created by Washington University on US government order. But that concept is in our view outdated and incomplete. So we did make some changes to better tag active / proactive / offensive actions and steps. We use these for deception campaign planning and possible outputs or for threat/adversary emulation. The v2 is @ https://dcg420.org/active-defense-gray-zone-v2-0-by-dcg420/ You will have to use translator (not large text). Basically the reason for this taxonomy and edits of original version is MISP, b/c we also use the MISP as adversary scenario book and that off course help to create own IoC (as someone once tell me: "the best IoC are Your own") ;-) Jan
GrayZone of Active Defense, originaly published by Washington University, v2 created and updated by DCG420