├── README.md
├── json
    └── machinetag.json
└── yaml
    └── machinetag.yaml


/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | # CyCAT.org taxonomy
 3 | 
 4 | Taxonomy used by CyCAT.org, the Cybersecurity Resource Catalogue, to categorize the namespaces it supports and uses.
 5 | 
 6 | # Format
 7 | 
 8 | The CyCAT.org taxonomy is [available in JSON format](https://github.com/CyCat-project/cycat-taxonomy/blob/main/json/machinetag.json) and [yaml format](https://github.com/CyCat-project/cycat-taxonomy/blob/main/yaml/machinetag.yaml).
 9 | 
10 | # Goal
11 | 
12 | The taxonomy will be used on the CyCAT.org portal to classify and label the resources in the catalogue.
13 | 
14 | # Contributing
15 | 
16 | - Fork the repository, update the JSON or yaml and propose your changes via a pull-request.
17 | 
18 | # License
19 | 
20 | The CyCAT.org taxonomy (JSON/yaml files) are dual-licensed under:
21 | 
22 | - [CC0 1.0 Universal](https://creativecommons.org/publicdomain/zero/1.0/legalcode) (CC0 1.0) - Public Domain Dedication.
23 | 
24 | or
25 | 
26 | ~~~~
27 |  Copyright (c) 2021 Alexandre Dulaunoy 
28 |  Copyright (c) 2021 Freddy Dezeure
29 |  Copyright (c) 2021 Saâd Kadhi 
30 | 
31 |  Redistribution and use in source and binary forms, with or without modification,
32 |  are permitted provided that the following conditions are met:
33 | 
34 |     1. Redistributions of source code must retain the above copyright notice,
35 |        this list of conditions and the following disclaimer.
36 |     2. Redistributions in binary form must reproduce the above copyright notice,
37 |        this list of conditions and the following disclaimer in the documentation
38 |        and/or other materials provided with the distribution.
39 | 
40 |  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
41 |  ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
42 |  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
43 |  IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
44 |  INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
45 |  BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
46 |  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
47 |  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
48 |  OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49 |  OF THE POSSIBILITY OF SUCH DAMAGE.
50 | ~~~~~
51 | 
52 | 


--------------------------------------------------------------------------------
/json/machinetag.json:
--------------------------------------------------------------------------------
  1 | {
  2 |   "namespace": "cycat",
  3 |   "expanded": " Cybersecurity Resource Catalogue",
  4 |   "description": "Taxonomy used by CyCAT, the Cybersecurity Resource Catalogue, to categorize the namespaces it supports and uses.",
  5 |   "version": 3,
  6 |   "refs": [
  7 |     "https://www.cycat.org/"
  8 |   ],
  9 |   "values": [
 10 |     {
 11 |       "predicate": "type",
 12 |       "entry": [
 13 |         {
 14 |           "value": "tool",
 15 |           "expanded": "Tool",
 16 |           "description": "Open source or proprietary tool used in cybersecurity."
 17 |         },
 18 |         {
 19 |           "value": "playbook",
 20 |           "expanded": "Playbook",
 21 |           "description": "Playbook, such as a defined set of rules with one or more actions triggered by different events to respond to, orchestrate or automate cybersecurity related actions."
 22 |         },
 23 |         {
 24 |           "value": "taxonomy",
 25 |           "expanded": "Taxonomy",
 26 |           "description": "Cybersecurity taxonomy is a set of labels used to classify (in both terms - arrange in classes or/and design to national classification) cybersecurity related information."
 27 |         },
 28 |         {
 29 |           "value": "rule",
 30 |           "expanded": "Rule",
 31 |           "description": "Detection rule or set of detection rules used in the cybersecurity field. Rulesets can be in different formats for (N/L)IDS/SIEM (such as Snort, Suricata, Zeek, SIGMA or YARA) or any other tool capable of parsing them."
 32 |         },
 33 |         {
 34 |           "value": "notebook",
 35 |           "expanded": "Notebook",
 36 |           "description": "Interactive document to code, experiment, train or visualize cybersecurity-related information. A notebook can be transcribed in a format such as Jupyter Notebooks, Apache Zeppelin, Pluton or Google Colab."
 37 |         },
 38 |         {
 39 |           "value": "vulnerability",
 40 |           "expanded": "Vulnerability",
 41 |           "description": "Public or non-public information about a security vulnerability in a specific software, hardware or service."
 42 |         },
 43 |         {
 44 |           "value": "proof-of-concept",
 45 |           "expanded": "Proof-of-concept",
 46 |           "description": "Code to validate a known vulnerability."
 47 |         },
 48 |         {
 49 |           "value": "fingerprint",
 50 |           "expanded": "Fingerprint",
 51 |           "description": "Code to uniquely identify specific cybersecurity-relevant patterns. Fingerprints can be expressed in different formats such as ja3, ja3s, hassh, jarm or favicon-mmh3."
 52 |         },
 53 |         {
 54 |           "value": "mitigation",
 55 |           "expanded": "Mitigation",
 56 |           "description": "Mitigating control to prevent unwanted activity from happening, like a specific configuration of the operating system/tools or an implementation policy."
 57 |         },
 58 |         {
 59 |           "value": "dataset",
 60 |           "expanded": "Dataset",
 61 |           "description": "Dataset for validation of detections and tool stacks,"
 62 |         },
 63 |         {
 64 |           "value": "dataformat",
 65 |           "expanded": "Data format",
 66 |           "description": "Data structure and format to describe elements in the cybersecurity field."
 67 |         },
 68 |         {
 69 |           "value": "configuration",
 70 |           "expanded": "Configuration",
 71 |           "description": "A configuration describes the state or environment conditions of a tool."
 72 |         }
 73 |       ]
 74 |     },
 75 |     {
 76 |       "predicate": "scope",
 77 |       "entry": [
 78 |         {
 79 |           "value": "identify",
 80 |           "expanded": "Identify"
 81 |         },
 82 |         {
 83 |           "value": "protect",
 84 |           "expanded": "Protect"
 85 |         },
 86 |         {
 87 |           "value": "detect",
 88 |           "expanded": "Detect"
 89 |         },
 90 |         {
 91 |           "value": "respond",
 92 |           "expanded": "Respond"
 93 |         },
 94 |         {
 95 |           "value": "recover",
 96 |           "expanded": "Recover"
 97 |         },
 98 |         {
 99 |           "value": "exploit",
100 |           "expanded": "Exploit"
101 |         },
102 |         {
103 |           "value": "investigate",
104 |           "expanded": "Investigate"
105 |         },
106 |         {
107 |           "value": "train",
108 |           "expanded": "Train"
109 |         },
110 |         {
111 |           "value": "reset",
112 |           "expanded": "Reset"
113 |         },
114 |         {
115 |           "value": "test",
116 |           "expanded": "Test"
117 |         }
118 |       ]
119 |     }
120 |   ],
121 |   "predicates": [
122 |     {
123 |       "value": "type",
124 |       "expanded": "Type",
125 |       "description": "Type of entry in the catalogue."
126 |     },
127 |     {
128 |       "value": "scope",
129 |       "expanded": "Scope",
130 |       "description": "Scope of usage for the entry in the catalogue."
131 |     }
132 |   ]
133 | }
134 | 


--------------------------------------------------------------------------------
/yaml/machinetag.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | namespace: cycat
 3 | expanded: " Cybersecurity Resource Catalogue"
 4 | description: Taxonomy used by CyCAT, the Cybersecurity Resource Catalogue, to categorize
 5 |   the namespaces it supports and uses.
 6 | version: 3
 7 | refs:
 8 | - https://www.cycat.org/
 9 | values:
10 | - predicate: type
11 |   entry:
12 |   - value: tool
13 |     expanded: Tool
14 |     description: Open source or proprietary tool used in cybersecurity.
15 |   - value: playbook
16 |     expanded: Playbook
17 |     description: Playbook, such as a defined set of rules with one or more actions
18 |       triggered by different events to respond to, orchestrate or automate cybersecurity
19 |       related actions.
20 |   - value: taxonomy
21 |     expanded: Taxonomy
22 |     description: Cybersecurity taxonomy is a set of labels used to classify (in both
23 |       terms - arrange in classes or/and design to national classification) cybersecurity
24 |       related information.
25 |   - value: rule
26 |     expanded: Rule
27 |     description: Detection rule or set of detection rules used in the cybersecurity
28 |       field. Rulesets can be in different formats for (N/L)IDS/SIEM (such as Snort,
29 |       Suricata, Zeek, SIGMA or YARA) or any other tool capable of parsing them.
30 |   - value: notebook
31 |     expanded: Notebook
32 |     description: Interactive document to code, experiment, train or visualize cybersecurity-related
33 |       information. A notebook can be transcribed in a format such as Jupyter Notebooks,
34 |       Apache Zeppelin, Pluton or Google Colab.
35 |   - value: vulnerability
36 |     expanded: Vulnerability
37 |     description: Public or non-public information about a security vulnerability in
38 |       a specific software, hardware or service.
39 |   - value: proof-of-concept
40 |     expanded: Proof-of-concept
41 |     description: Code to validate a known vulnerability.
42 |   - value: fingerprint
43 |     expanded: Fingerprint
44 |     description: Code to uniquely identify specific cybersecurity-relevant patterns.
45 |       Fingerprints can be expressed in different formats such as ja3, ja3s, hassh,
46 |       jarm or favicon-mmh3.
47 |   - value: mitigation
48 |     expanded: Mitigation
49 |     description: Mitigating control to prevent unwanted activity from happening, like
50 |       a specific configuration of the operating system/tools or an implementation
51 |       policy.
52 |   - value: dataset
53 |     expanded: Dataset
54 |     description: Dataset for validation of detections and tool stacks,
55 |   - value: dataformat
56 |     expanded: Data format
57 |     description: Data structure and format to describe elements in the cybersecurity
58 |       field.
59 |   - value: configuration
60 |     expanded: Configuration
61 |     description: A configuration describes the state or environment conditions of
62 |       a tool.
63 | - predicate: scope
64 |   entry:
65 |   - value: identify
66 |     expanded: Identify
67 |   - value: protect
68 |     expanded: Protect
69 |   - value: detect
70 |     expanded: Detect
71 |   - value: respond
72 |     expanded: Respond
73 |   - value: recover
74 |     expanded: Recover
75 |   - value: exploit
76 |     expanded: Exploit
77 |   - value: investigate
78 |     expanded: Investigate
79 |   - value: train
80 |     expanded: Train
81 |   - value: reset
82 |     expanded: Reset
83 |   - value: test
84 |     expanded: Test
85 | predicates:
86 | - value: type
87 |   expanded: Type
88 |   description: Type of entry in the catalogue.
89 | - value: scope
90 |   expanded: Scope
91 |   description: Scope of usage for the entry in the catalogue.
92 | 


--------------------------------------------------------------------------------