Taxonomy

Background

STORM provides predefined fields for Enisa, KRITIS and TLP taxonomies and event classification.

  • Enisa - European Union Agency for Cybersecurity
  • KRITIS - Kritische Infrastrukturen
  • TLP - Traffic Light Protocol

New dynamic fields are added to enhance tickets with standardized information and data:

- EnisaSecurityIncidentClassification
- EventClassification
- KRITISSituationAssessment
- KRITISTaxonomy
- TLP

Some of these dynamic fields are drop-down fields, while others are dynamic fields of type web service. The dynamic fields are marked as internal, so they cannot be deleted from the system.

In order to update their values easily, some of these fields use web services internally, that by default does a loop-back request to a specific static file that is installed in the local system. The web services can be modified to point to another server that could provide an updated file that could be maintained by third parties.

STORM provides not only the dynamic fields, but also the underlying web services and the needed static files that are the source of the information for some of this dynamic fields. The web services point to the local server localhost:8080 and the related dynamic fields have a default caching configuration of their values set for 1 day (8640 seconds).

Please make sure that the configuration of the web services is synched with the OTRS web server. Any change will require to cleanup the cache by executing the OTRS console command Maint::Cache::Delete.

The static files are saved in <OTRSHOME>/httpd/htdocs/STORM. These files can be modified by the system administrator without provoking a package modification warnings in package manager.

Note

This feature requires the Dynamic Field Web Service feature add-on.

If the default settings are not applicable for the current system, they can be changed in the system configuration and/or in the web service management screens.

Usage

All dynamic fields are added to the Change Free Fields action of the ticket detail view.

Dynamic Fields in Change Free Fields Action

Dynamic Fields in Change Free Fields Action

Furthermore, the TLP field is added to the Properties widget of the ticket detail view, and shown as a column in ticket lists and organizer items. The TLP field is set for in-line editing when it is shown as column.

TLP Dynamic Field in Ticket Properties

TLP Dynamic Field in Ticket Properties

TLP Dynamic Field in Ticket List

TLP Dynamic Field in Ticket List

TLP Dynamic Field in Organizer Item

TLP Dynamic Field in Organizer Item

The settings can be modified to show more or less fields depending on the needs for a particular system.

See also

Taxonomies are available in OTRS statistics.