Differences

This shows you the differences between two versions of the page.

--- en:classifications [02.04.2015 18:23]
127.0.0.1 external edit
+++ en:classifications [20.01.2016 15:11]
trestikv@cesnet.cz [EventTag: Security event types classification]
@@ Line 3: / Line 3: @@
 ===== EventTag: Security event types classification =====
-Classification of events for IDEA in the "Category" key is based on abbreviation of slightly extended "mkII" taxonomy (by Don Stikvoort from SURFcert, itself based on eCSIRT.net taxonomy, and formerly Jimmi Arvidsson's taxonomy from Telia CERTCC). For comparison with other taxonomies see {{:en:idea:incident_classification_comparison.ods|Incident classification comparison.ods}} and for discussion of changes see {{:en:idea:incident_classification_analysis.pdf|Incident classification analysis.pdf}}.
+Classification of events for IDEA in the "Category" key is based on abbreviation of slightly extended "mkII" taxonomy (by Don Stikvoort from SURFcert, itself based on eCSIRT.net taxonomy, and formerly Jimmi Arvidsson's taxonomy from Telia CERTCC). For comparison with other taxonomies see {{:en:incident_classification_comparison.ods|Incident classification comparison.ods}} and for discussion of changes see {{:en:incident_classification_analysis.pdf|Incident classification analysis.pdf}}.
 For classification of the security event, list of category names is used. All applicable category names must be used (for example, phishing, detected from spam message, must be marked as both "Abusive.Spam" and "Fraud.Phishing". If unsure of more precise nature of the incident, only top level category name (omitting dot and subcategory) can be used.

Differences

Links

Contact

HelpDesk