Change plurals into singular in the human names

working_copy/humanv1.md

@@ -7,7 +7,7 @@ This is the Reference Security Incident Classification Taxonomy.
 See the [machine readable version](machinev1) as well. It should have an identical contents to the human readable version.
 Note that the 1st column is mandatory, the 2nd colum is an optional but desired field.
 
-Version: 1002
+Version: 1003
 
 Generated from [machine readable version](machinev1). Please **DO NOT** edit this file directly in github, rather use the machinev1 file.
 
@@ -24,18 +24,18 @@ Generated from [machine readable version](machinev1). Please **DO NOT** edit thi
 | Information Gathering | Scanning | Attacks that send requests to a system to discover weaknesses. This also includes testing processes to gather information on hosts, services and accounts. This includes fingerd, DNS querying, ICMP, SMTP (EXPN, RCPT, etc) port scanning. |
 | Information Gathering | Sniffing | Observing and recording of network traffic (i.e. wiretapping). |
 | Information Gathering | Social Engineering | Gathering information from a human being in a non-technical way (e.g., using lies, tricks, bribes, or threats). |
-| Intrusion Attempts | Exploitation of Known Vulnerabilities | An attempt to compromise a system or to disrupt any service by exploiting vulnerabilities with a standardised identifier such as CVE name (e.g., using a buffer overflow, backdoor, cross site scripting) |
-| Intrusion Attempts | Login Attempts | Multiple brute-force login attempts (including guessing or cracking of passwords). This IOC refers to a resource, which has been observed to perform brute-force attacks over a given application protocol. |
-| Intrusion Attempts | New Attack Signature | An attack using an unknown exploit. |
-| Intrusions | Privileged Account Compromise | Compromise of a system where the attacker has gained administrative privileges. |
-| Intrusions | Unprivileged Account Compromise | Compromise of a system using an unprivileged (user/service) account. |
-| Intrusions | Application Compromise | Compromise of an application by exploiting (un)known software vulnerabilities, e.g., SQL injection. |
-| Intrusions | System Compromise | Compromise of a system, e.g., unauthorised logins or commands. This includes attempts to compromise honeypot systems. |
-| Intrusions | Burglary | Physical intrusion, e.g., into a corporate building or data centre. |
+| Intrusion Attempt | Exploitation of Known Vulnerabilities | An attempt to compromise a system or to disrupt any service by exploiting vulnerabilities with a standardised identifier such as CVE name (e.g., using a buffer overflow, backdoor, cross site scripting) |
+| Intrusion Attempt | Login Attempt | Multiple brute-force login attempts (including guessing or cracking of passwords). This IOC refers to a resource, which has been observed to perform brute-force attacks over a given application protocol. |
+| Intrusion Attempt | New Attack Signature | An attack using an unknown exploit. |
+| Intrusion | Privileged Account Compromise | Compromise of a system where the attacker has gained administrative privileges. |
+| Intrusion | Unprivileged Account Compromise | Compromise of a system using an unprivileged (user/service) account. |
+| Intrusion | Application Compromise | Compromise of an application by exploiting (un)known software vulnerabilities, e.g., SQL injection. |
+| Intrusion | System Compromise | Compromise of a system, e.g., unauthorised logins or commands. This includes attempts to compromise honeypot systems. |
+| Intrusion | Burglary | Physical intrusion, e.g., into a corporate building or data centre. |
 | Availability | Denial of Service | Denial of Service attack, e.g., sending specially crafted requests to a web application which causes the application to crash or slow down. |
 | Availability | Distributed Denial of Service | Distributed Denial of Service attack, e.g., SYN flood or UDP-based reflection/amplification attacks. |
 | Availability | Misconfiguration | Software misconfiguration resulting in service availability issues, e.g., DNS server with outdated DNSSEC Root Zone KSK. |
-| Availability | Sabotage | Physical sabotage, e.g., cutting wires or malicious arson. |
+| Availability | Sabotage | Intentional actions maliciously threatening to, attempting to or actually damaging a system or component with the aim of disrupting the availability of a service. These can happen both at logical and physical levels, from malicious firewall rules dropping all traffic, to wire-cutting, bomb threats or arson. |
 | Availability | Outage | An outage caused, for example, by air conditioning failure or natural disaster. |
 | Information Content Security | Unauthorised Access to Information | Unauthorised access to information, e.g., by abusing stolen login credentials for a system or application, intercepting traffic or gaining access to physical documents. |
 | Information Content Security | Unauthorised Modification of Information | Unauthorised modification of information, e.g., by an attacker abusing stolen login credentials for a system or application, or ransomware encrypting data. Also includes defacements. |
@@ -47,7 +47,7 @@ Generated from [machine readable version](machinev1). Please **DO NOT** edit thi
 | Fraud | Phishing | Masquerading as another entity in order to persuade the user to reveal private credentials. This IOC most often refers to a URL, which is used to phish user credentials. |
 | Vulnerable | Weak Cryptography | Publicly accessible services offering weak cryptography, e.g., web servers susceptible to POODLE/FREAK attacks. |
 | Vulnerable | DDoS Amplifier | Publicly accessible services that can be abused for conducting DDoS reflection/amplification attacks, e.g., DNS open-resolvers or NTP servers with monlist enabled. |
-| Vulnerable | Potentially Unwanted Accessible Services | Potentially unwanted publicly accessible services, e.g., Telnet, RDP or VNC. |
+| Vulnerable | Potentially Unwanted Accessible Service | Potentially unwanted publicly accessible services, e.g., Telnet, RDP or VNC. |
 | Vulnerable | Information disclosure | Publicly accessible services potentially disclosing sensitive information, e.g., SNMP or Redis. |
 | Vulnerable | Vulnerable System | A system which is vulnerable to certain attacks, e.g., misconfigured client proxy settings (such as WPAD), outdated operating system version, or cross-site scripting vulnerabilities. |
 | Other | Uncategorised | All incidents which don't fit in one of the given categories should be put into this class or the incident is not categorised. |

working_copy/machinev1

@@ -74,7 +74,7 @@
         },
         {
           "description": "Multiple brute-force login attempts (including guessing or cracking of passwords). This IOC refers to a resource, which has been observed to perform brute-force attacks over a given application protocol.",
-          "expanded": "Login Attempts",
+          "expanded": "Login Attempt",
           "value": "brute-force"
         },
         {
@@ -209,7 +209,7 @@
         },
         {
           "description": "Potentially unwanted publicly accessible services, e.g., Telnet, RDP or VNC.",
-          "expanded": "Potentially Unwanted Accessible Services",
+          "expanded": "Potentially Unwanted Accessible Service",
           "value": "potentially-unwanted-accessible"
         },
         {
@@ -268,13 +268,13 @@
       "value": "information-gathering"
     },
     {
-      "description": "Intrusion Attempts.",
-      "expanded": "Intrusion Attempts",
+      "description": "Attempt of intruding into a system or application.",
+      "expanded": "Intrusion Attempt",
       "value": "intrusion-attempts"
     },
     {
       "description": "A successful compromise of a system or application (service). This can have been caused remotely by a known or new vulnerability, but also by an unauthorised local access. Also includes being part of a botnet.",
-      "expanded": "Intrusions",
+      "expanded": "Intrusion",
       "value": "intrusions"
     },
     {