Dear, Following the recent and good discussions at the TC, here is a proposal of confidence level that we will implement in MISP via the misp-taxonomies: { "predicate": "confidence-level", "entry": [ { "expanded": "Completely confident", "value": "completely-confident", "numerical_value": 100 }, { "expanded": "Usually confident", "value": "usually-confident", "numerical_value": 75 }, { "expanded": "Fairly confident", "value": "fairly-confident", "numerical_value": 50 }, { "expanded": "Rarely confident", "value": "rarely-confident", "numerical_value": 25 }, { "expanded": "Unconfident", "value": "unconfident", "numerical_value": 0 }, { "expanded": "Confidence cannot be evaluated", "value": "confidence-cannot-be-evalued" } ] }
https://github.com/MISP/misp-taxonomies/blob/master/misp/machinetag.json#L31 Feedback welcome. I also included the original slides I gave during the TC in Brussels. I'll summarize the various options of integration with the taxonomies in STIX in another email. Cheers. -- Alexandre Dulaunoy CIRCL - Computer Incident Response Center Luxembourg 41, avenue de la gare L-1611 Luxembourg
info@circl.lu -
www.circl.lu Attachment: misp-OASIS-TC-Brussels-2016.pdf Description: Adobe PDF document