cti-stix message

Subject: Proposal of confidence level using MISP taxonomies

From: Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu>
To: cti-stix@lists.oasis-open.org, OASIS CTI TC Discussion List <cti@lists.oasis-open.org>
Date: Mon, 12 Sep 2016 17:34:41 +0200

Dear,

Following the recent and good discussions at the TC, here is a proposal of confidence
level that we will implement in MISP via the misp-taxonomies:

{
     "predicate": "confidence-level",
     "entry": [
        {
          "expanded": "Completely confident",
          "value": "completely-confident",
          "numerical_value": 100
        },
        {
          "expanded": "Usually confident",
          "value": "usually-confident",
          "numerical_value": 75
        },
        {
          "expanded": "Fairly confident",
          "value": "fairly-confident",
          "numerical_value": 50
        },
        {
          "expanded": "Rarely confident",
          "value": "rarely-confident",
          "numerical_value": 25
        },
        {
          "expanded": "Unconfident",
          "value": "unconfident",
          "numerical_value": 0
        },
        {
          "expanded": "Confidence cannot be evaluated",
          "value": "confidence-cannot-be-evalued"
        }
     ]
}


https://github.com/MISP/misp-taxonomies/blob/master/misp/machinetag.json#L31

Feedback welcome. I also included the original slides I gave during the TC in Brussels.

I'll summarize the various options of integration with the taxonomies in STIX in another email.

Cheers.


-- 
Alexandre Dulaunoy
CIRCL - Computer Incident Response Center Luxembourg
41, avenue de la gare L-1611 Luxembourg
info@circl.lu - www.circl.lu

Attachment: misp-OASIS-TC-Brussels-2016.pdf
Description: Adobe PDF document

Follow-Ups:
- Re: [cti] Proposal of confidence level using MISP taxonomies
  - From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>