Skip to content

Page 1

Jump to bottom
Injy Sarhan edited this page Mar 9, 2021 · 3 revisions

Publishing GEIGER Indicator Values

##Device

  • Owner: User_UUID of device owner

##Enterprise Node should contain the following information:

  • Name of enterprise
  • Profile of enterprise: profile UUID (as in :Global:Profiles)
  • Sector: Type of business (Might be integrated in profiles)
  • Assets: Comma seperated list of Assets UUIDs (as in :Global:Assets)
  • Location: Location UUID (as in :Global:Location)
"sector"=[Example],
"Assets"=["Asset1_UUID","Asset2_UUID",..,"AssetN_UUID"]

##Enterprise:User To store info on employees (users) of an enterprise. Each node represents 1 employee(user). The node should contain the following information: -Name: First and last name -Comma seperated list of UUIDs that belongs to the same user* -Role of the user: Role UUID (as in:Global:userRole) -Knowledge Level of the user ranging from 0 --> 4

"Role"=["Role_UUID"]
"KnowledgeLevel"=["1"]

##Global:Threats -Each threat is represented in a node, thats uniquely identified by a UUID (threat_UUID) ------ Remove risk profile uuid

##Global:Recommendations This node contains global recommendations, each node represents a recommendation and its identified by a UUID (recommendation UUID).

##Global: User Role

:Global:UserRole:bf8eef2e-1ad6-4de3-ab04-60d7d1a0a5b7:{ "name"=["main"]}
:Global:UserRole:451aad50-af28-4d3b-8351-adcc308534e5:{ "name"=["regular"]}

##Global:Profiles -Several key, value pairs to represent a threat ans its weight with respect to the profile: -Key = Threat_UUID (as in :Global:Threats) -Value = Weight from 0-->1

:Global:Profiles:3e88c7b7-5bdb-4503-b963-f36333e0224f:{ "name":["Digitally based"], "threat1_UUID"=["0.1"], "threatN_UUID"=["0.8"]}

##:Global:Assets Contains all possible assets that can be linked to an enterprise, each sub-node represents an assets uniquely named after UUID. Should contain the following information: -Name of an asset

:Global:Assets:662f502d-7102-496e-a5fa-2f7cb769dd79:{ "name":["Website"]}

############################################### #Recommendation -Knowledge level required -Financial costs required: Boolean value -Recommendation Type: whether it is related to organisation, user or device -Relevant device type/OS required: Computer, tablet, phone and/or notebook -Steps: comma seperated list of required steps to help the user understand and implement a recommendation -Assets Required: Asset UUID (As in :Global:Assets)

:Global:Recommendations:e430cb4e-dcf4-4169-b0d3-94ea3a3df528:{ "short":["short desciption"], "long"=["long description"], "Action"=[config,URL]
    "relatedThreatsWeights"=["threat1_UUID","0.1";...;"threatN_UUID","0.5"], "userRole"=["bf8eef2e-1ad6-4de3-ab04-60d7d1a0a5b7"], 
    "KnowledgeLevel"=["2"], "costs"=["False"], "RecommendationType"=["Organisational"], "RelevantDeviceTypeOS"=["Computer","Windows";"Phone","Android"],
    "Steps"=["step1","step2","step3"], "RequiredAssets"=["662f502d-7102-496e-a5fa-2f7cb769dd79"]
}

##Sensor Value Sensor value will either represent a metric value for an enterprise, user or a device, thus it must be stored under its respective path

e430cb4e-dcf4-4169-b0d3-94ea3a3df528

There are 3 types of GEIGER indicator scores available, for each type a set of Recommendations will be available

  • Enterprise (MSE) Score: represents the score of the whole Enterprise
  • User Score: represents the score of the current user
  • Device Score: represents the score of the current device

Scores

Each of the aformentioned score types is stored in a single node under it's respective node path. The following information is included in each node:

  • Total score (either total Enterprise Score, total User Score or total Device Score )
  • Several Key,Value pairs, representing the score of each threat.
    • Key = Threat_UUID
    • Value = the score of the threat
  • Description for every node is provided

Only for the 'Enterprise Score', the node visibility is set to TLP: 'AMBER' (or) 'GREEN'; The following additional information (Key-Value pairs) is inlcuded in 'Enterprise Score' node only

  • Profile of the enterprise: UUID of enterprise profile
  • Location: location_UUID of the enterprise
  • Sector: business type of enterprise (Sector might be included in the profile of the enterprise)
  • Desciption of this node will clearly explain the infromation being shared
:Enterprise:fd7448fc-0795-44a9-8ec6-fdcba9520c20:data:GeigerScoreMSE{ "GEIGER_Score"=["40"], "threat1_UUID"=["10"], "threat2_UUID"=["5"], "threatN_UUID"=["5"], "Profile"=["69f753ac-80f4-11eb-8dcd-0242ac130003"], "Location"=["e45128bb-accc-4cca-ff13-aa4b6bf81a4"], "Sector"=["Example"] }

:User:fd7448fc-0795-44a9-8ec6-fdcba9520c20:data:GeigerScoreUser{ "GEIGER_Score"=["30"], "threat1_UUID"=["10"], "threat2_UUID"=["5"], "threatN_UUID"=["5"]}

:Enterprise:fd7448fc-0795-44a9-8ec6-fdcba9520c20:data:GeigerScoreDevice{ "GEIGER_Score"=["10"], "threat1_UUID"=["10"], "threat2_UUID"=["5"], "threatN_UUID"=["5"]}

Where fd7448fc-0795-44a9-8ec6-fdcba9520c20 is GEIGER Indicator UUID

Recommendations

  • Import a HTML file and watch it magically convert to Markdown
  • Drag and drop images (requires your Dropbox account be linked)
  • Import and save files from GitHub, Dropbox, Google Drive and One Drive
  • Drag and drop markdown and HTML files into Dillinger
Clone this wiki locally