-
Notifications
You must be signed in to change notification settings - Fork 127
/
Copy pathdefinition.json
198 lines (198 loc) · 5.84 KB
/
definition.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
{
"attributes": {
"description": {
"description": "Description of the anonymisation technique or tool used",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"encryption-function": {
"description": "Encryption function or algorithm used to anonymise the attribute",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"aes128",
"aes-128-cbc",
"aes-128-cfb",
"aes-128-cfb1",
"aes-128-cfb8",
"aes-128-ctr",
"aes-128-ecb",
"aes-128-ofb",
"aes192",
"aes-192-cbc",
"aes-192-cfb",
"aes-192-cfb1",
"aes-192-cfb8",
"aes-192-ctr",
"aes-192-ecb",
"aes-192-ofb",
"aes-256-cfb",
"aes-256-cfb1",
"aes-256-cfb8",
"aes-256-ctr",
"aes-256-ecb",
"aes-256-ofb",
"bf",
"bf-cbc",
"bf-cfb",
"bf-ecb",
"bf-ofb",
"blowfish",
"camellia128",
"camellia-128-cbc",
"camellia-128-cfb",
"camellia-128-cfb1",
"camellia-128-cfb8",
"camellia-128-ctr",
"camellia-128-ecb",
"camellia-128-ofb",
"camellia192",
"camellia-192-cbc",
"camellia-192-cfb",
"camellia-192-cfb1",
"camellia-192-cfb8",
"camellia-192-ctr",
"camellia-192-ecb",
"camellia-192-ofb",
"camellia256",
"camellia-256-cbc",
"camellia-256-cfb",
"camellia-256-cfb1",
"camellia-256-cfb8",
"camellia-256-ctr",
"camellia-256-ecb",
"camellia-256-ofb",
"cast",
"cast5-cbc",
"cast5-cfb",
"cast5-ecb",
"cast5-ofb",
"cast-cbc",
"des",
"des3",
"des-cbc",
"des-cfb",
"des-ecb",
"des-ede",
"des-ede3",
"des-ede3-cbc",
"des-ede3-cfb",
"des-ede3-ofb",
"des-ede-cbc",
"des-ede-cfb",
"des-ede-ofb",
"des-ofb",
"desx",
"gost89",
"gost89-cnt",
"idea",
"idea-cbc",
"idea-cfb",
"idea-ecb",
"idea-ofb",
"rc2",
"rc2-40-cbc",
"rc2-64-cbc",
"rc2-cbc",
"rc2-cfb",
"rc2-ecb",
"rc2-ofb",
"rc4",
"rc4-40",
"rc4-64",
"rc5",
"rc5-cbc",
"rc5-cfb",
"rc5-ecb",
"rc5-ofb",
"seed",
"seed-cbc",
"seed-cfb",
"seed-ecb",
"seed-ofb",
"sm4",
"sm4-cbc",
"sm4-cfb",
"sm4-ctr",
"sm4-ecb",
"sm4-ofb"
],
"ui-priority": 1
},
"iv": {
"description": "Initialisation vector for the encryption function used to anonymise the attribute",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"key": {
"description": "Key (such as a PSK in a keyed-hash-function) used to anonymise the attribute",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"keyed-hash-function": {
"description": "Keyed-hash function used to anonymise the attribute",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"hmac-sha1",
"hmac-md5",
"hmac-sha256",
"hmac-sha384",
"hmac-sha512"
],
"ui-priority": 1
},
"level-of-knowledge": {
"description": "Level of knowledge of the organisation who created this object",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 10,
"values_list": [
"Only the anonymised data is known",
"Deanonymised data is known"
]
},
"method": {
"description": "Anonymisation (or pseudo-anonymisation) method(s) used",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"sane_default": [
"hiding - Attribute is replaced with a constant value (typically 0) of the same size. Sometimes called 'black marker'.",
"hash - A hash function maps each attribute to a new (not necessarily unique) attribute.",
"permutation - Maps each original value to a unique new value.",
"prefix-preserving - Any two values that had the same n-bit prefix before anonymisation will still have the same n-bit prefix as each other after anonymization. (Would be more accurately called 'prefix-relationship-preserving', because the actual prefix values are not preserved.) ",
"shift - Adds a fixed offset to each value/attribute.",
"enumeration - Map each original value to a new value such that their ordering is preserved.",
"partitioning - Possible values are partitioned into meaningful sets; actual values are replaced with a fixed value from the same set. E.g., TCP port numbers 0 to 1023 are replaced with 0, and 1024 to 65535 replaced with 65535.",
"updated - Checksums are recalculated to reflect changes made to other fields.",
"truncation - Field is shortened, losing data at the end.",
"encryption - Attribute is encrypted."
],
"ui-priority": 1
},
"regexp": {
"description": "Regular expression to perfom the anonymisation (reversible or not)",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 10
}
},
"description": "Anonymisation object describing an anonymisation technique used to encode MISP attribute values. Reference: https://www.caida.org/tools/taxonomy/anonymization.xml",
"meta-category": "misc",
"name": "anonymisation",
"requiredOneOf": [
"description",
"method",
"key",
"keyed-hash-function",
"encryption-function",
"regexp",
"iv"
],
"uuid": "5867cffe-60ff-44f6-b097-e5f36b5de0ac",
"version": 2
}