Name: PyTaxonomies
Owner: MISP Project
Description: Python module to use the MISP Taxonomies
Created: 2016-07-25 16:45:13.0
Updated: 2017-12-14 23:04:14.0
Pushed: 2018-01-04 16:39:01.0
Homepage: null
Size: 38
Language: Python
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Pythonic way to work with the taxonomies defined there: https://github.com/MISP/misp-taxonomies
Taxonomies and predicates are represented as immutable Python dictionaries.
install git+https://github.com/MISP/PyTaxonomies
or
clone https://github.com/MISP/PyTaxonomies
yTaxonomies
submodule init && git submodule update
on setup.py install
1]: from pytaxonomies import Taxonomies
2]: taxonomies = Taxonomies()
3]: taxonomies.version
3]: '20160725'
4]: taxonomies.license
4]: 'CC-BY'
5]: taxonomies.description
5]: 'Manifest file of MISP taxonomies available.'
w many taxonomies have been imported
6]: len(taxonomies)
6]: 27
mes of the taxonomies
7]: list(taxonomies.keys())
7]:
p',
-critical-sectors',
i-ism',
-vs',
int',
-caro-malware',
en-threat',
rcl',
p',
ci',
ll-chain',
ropol-events',
ris',
formation-security-indicators',
timative-language',
versary',
ropol-incident',
lware_classification',
sirt',
s-ciip-sectors',
irt_case_classification',
to',
-classif',
isa',
sp',
miralty-scale',
-caro-malware-full']
8]: taxonomies.get('enisa').description
8]: 'The present threat taxonomy is an initial version that has been developed on the basis of available ENISA material. This material has been used as an ENISA-internal structuring aid for information collection and threat consolidation purposes. It emerged in the time period 2012-2015.'
9]: taxonomies.get('enisa').version
9]: 201601
10]: taxonomies.get('enisa').name
10]: 'enisa'
11]: list(taxonomies.get('enisa').keys())
11]:
gal',
tages',
vesdropping-interception-hijacking',
farious-activity-abuse',
ysical-attack',
ilures-malfunction',
saster',
intentional-damage']
12]: list(taxonomies.get('enisa').get('physical-attack'))
12]:
aud-by-employees',
eft',
authorised-physical-access-or-unauthorised-entry-to-premises',
eft-of-documents',
formation-leak-or-unauthorised-sharing',
ndalism',
mage-from-the-wafare',
botage',
ercion-or-extortion-or-corruption',
eft-of-mobile-devices',
eft-of-fixed-hardware',
rrorist-attack',
eft-of-backups',
aud']
13]: taxonomies.get('enisa').get('physical-attack').get('vandalism').value
13]: 'vandalism'
14]: taxonomies.get('enisa').get('physical-attack').get('vandalism').expanded
14]: 'Vandalism'
15]: taxonomies.get('enisa').get('physical-attack').get('vandalism').description
15]: 'Act of physically damaging IT assets.'
1]: print(taxonomies) # or taxonomies.all_machinetags()
play the machine tags for all the taxonomies>
2]: print(taxonomies.get('circl')) # or taxonomies.get('circl').machinetags()
l:incident-classification="vulnerability"
l:incident-classification="malware"
l:incident-classification="fastflux"
l:incident-classification="system-compromise"
l:incident-classification="sql-injection"
l:incident-classification="scan"
l:incident-classification="XSS"
l:incident-classification="information-leak"
l:incident-classification="scam"
l:incident-classification="copyright-issue"
l:incident-classification="denial-of-service"
l:incident-classification="phishing"
l:incident-classification="spam"
l:topic="undefined"
l:topic="industry"
l:topic="ict"
l:topic="finance"
l:topic="services"
l:topic="individual"
l:topic="medical"
l entries
3]: taxonomies.get('circl').amount_entries()
3]: 28
ount predicates
3]: len(taxonomies.get('circl'))
3]: 2
10]: print(taxonomies.get('circl').machinetags_expanded())
l:topic="Individual"
l:topic="Services"
l:topic="Finance"
l:topic="Medical"
l:topic="Industry"
l:topic="Undefined"
l:topic="ICT"
l:incident-classification="Phishing"
l:incident-classification="Malware"
l:incident-classification="XSS"
l:incident-classification="Copyright issue"
l:incident-classification="Spam"
l:incident-classification="SQL Injection"
l:incident-classification="Scan"
l:incident-classification="Scam"
l:incident-classification="Vulnerability"
l:incident-classification="Denial of Service"
l:incident-classification="Information leak"
l:incident-classification="Fastflux"
l:incident-classification="System compromise"