Open Source Security Event Taxonomy
As many of you know, we have been for some time working on and using a classification system for security events.
We have published this information before and other organizations like OISF (Suricata) and Snort (Sourcefire) are beginning to use our taxonomy to classify security events.
The first version of the classification system has 240 subcategories, based on 20 main categories:
Access
Alert
Antivirus
Application
Authentication
Availability
Database
Denial_Of_Service
Exploit
Honeypot
Info
Inventory
Malware
Network
Policy
Recon
Suspicious
System
Voip
Wireless
If you are an Alienvault SIEM customer, you know that this is the system that we are using to classify our own information so we are waiting for you feedback/comments/improvements.
You can find the whole classification system here
jaime.blasco
At AlienVault Jaime manages the Lab and runs the Vulnerability Research Team. Prior to working in the AlienVault lab he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. His background stems from a number of years working in vulnerability management, malware analysis and security researching.
Follow Me:
