Taxonomy

Table of Contents

Background

STORM provides predefined fields for Enisa, KRITIS and TLP taxonomies and event classification.

  • EnisaEuropean Union Agency for Cybersecurity

  • KRITISKritische Infrastrukturen

  • TLPTraffic Light Protocol

New dynamic fields are added to enhance tickets with standardized information and data:

- EnisaSecurityIncidentClassification
- EventClassification
- KRITISSituationAssessment
- KRITISTaxonomy
- TLP

Some of these dynamic fields are drop-down fields, while others are dynamic fields of type web service. The dynamic fields are marked as internal, so they cannot be deleted from the system.

In order to update their values easily, some of these fields use web services internally, that by default does a loop-back request to a specific static file that is installed in the local system. The web services can be modified to point to another server that could provide an updated file that could be maintained by third parties.

STORM provides not only the dynamic fields, but also the underlying web services and the needed static files that are the source of the information for some of this dynamic fields. The web services point to the local server localhost:8080 and the related dynamic fields have a default caching configuration of their values set for 1 day (86400 seconds).

Please make sure that the configuration of the web services is synchronized with the OTRS web server. Any change will require to cleanup the cache by executing the OTRS console command Maint::Cache::Delete.

The static files are saved in <OTRSHOME>/httpd/htdocs/STORM. A direct file modification is not possible. In order to modify you need to copy the file and save it with another name. The new file can then be customized. Please be aware to update the affected web service to point to the correct file.

Note

This feature requires the Dynamic Field Web Service feature.

If the default settings are not applicable for the current system, they can be changed in the system configuration and/or in the web service management screens.

Usage

All dynamic fields are added to the Change Free Fields action of the ticket detail view.

Dynamic Fields in Change Free Fields Action

Dynamic Fields in Change Free Fields Action

Furthermore, the TLP field is added to the Properties widget of the ticket detail view, and shown as a column in ticket lists and organizer items. The TLP field is set for inline editing when it is shown as column.

TLP Dynamic Field in Ticket Properties

TLP Dynamic Field in Ticket Properties

TLP Dynamic Field in Ticket List

TLP Dynamic Field in Ticket List

TLP Dynamic Field in Organizer Item

TLP Dynamic Field in Organizer Item

The settings can be modified to show more or less fields depending on the needs for a particular system.

See also

Taxonomies are available in OTRS statistics.

Scroll to Top