Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request - Default/Standardized Taxonomies and Tags #55

Closed
cybermung opened this issue Dec 6, 2016 · 5 comments
Closed

Feature Request - Default/Standardized Taxonomies and Tags #55

cybermung opened this issue Dec 6, 2016 · 5 comments
Assignees
@saadkadhi @jeromeleonard @To-om
Labels
feature request

Comments

@cybermung
Copy link

Request Type

Feature Request - Default/Standardized Taxonomies and Tags

Description

Lack of default tags that can be applied at the case/incident level. This would very similar to the way taxonomies work at at the event level with MISP. This allows for a more formal way of keeping track of different, standardized tags. Example default tags that would require input could include point of origination, attribution (APT, Cybercrime, etc), Detection Tool (SIEM, Employee, etc.)

Possible Solutions

Brainstorm ideas:

  • Use MISP user interface workflow: Click Tags -> select appropriate taxonomy -> tag
  • Use mix of drop downs in a seperate tag edit interface, drop downs can be added

Complementary information

Taxonomies should be importable in a similar way MISP does it (write the taxonomy via json, drop it into a folder, update application, $$)
@saadkadhi saadkadhi mentioned this issue Dec 9, 2016
Closed
@saadkadhi
Copy link
Contributor

Hi @Philee,

Thank you for this interesting feature request which has also been raised in #35. This will take us some time to analyze and implement. Please bear with us as we have other features we'd like to get done in the upcoming weeks and months.

@philip8
Copy link

philip8 commented Jan 5, 2017

@Philee

Hey Phil, can you please contact me. Been trying to reach you.

My e-mail is [email protected]

@nadouani nadouani modified the milestone: 2.13.0 Mar 30, 2017
@saadkadhi saadkadhi modified the milestones: 3.0.0, 2.13.0 May 15, 2017
@saadkadhi
Copy link
Contributor

Adding a description from #35

Looking at MISP as well, there you have the possibility to tag Events in different categories, this is an excellent idea and I propose that this is implemented into thehive
For example in the MISP you can use the VERIS taxonomy, this is really useful for adding tags for cases to show more or less the details around the case, you can tag with country, type of enviroment, source of incident, impact, what kind of actor, insider etc. etc.

I suggest these gets implemented as tags in thehive, also that TLP, VERIS and MISP at least are implemented, if you like to make this work for the same organisations using MISP, then consider being able to use all the same taxonomies as them

@saadkadhi saadkadhi removed this from the 3.1.0 (Cerana 1) milestone Jun 13, 2018
@jeffrey-e
Copy link

Hi there, is there any update on this part? I see some requirements for something similar like this

@rriclet
Copy link
Contributor

rriclet commented Mar 16, 2021
edited
Loading

Taxonomies added to TheHive 4.1.0 :
#1670

@rriclet rriclet closed this as completed Mar 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@saadkadhi saadkadhi

@jeromeleonard jeromeleonard

@To-om To-om

Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@nadouani @cybermung @saadkadhi @jeffrey-e @jeromeleonard @rriclet @To-om @philip8