misp-osint-collection/version-5/misp_osint_create_event_f.md

119 lines
1.7 KiB
Markdown
Raw Normal View History

2023-09-29 11:59:44 +00:00
# MISP for OSINT: create new event
## cross checking
### Is the OSINT already known?
- Is known from public sources (search in public indexer, blog posts, reports)
- yes
- no
- Is known accross communities
- yes : make a proposal for update if the event requires update
- no: create a new event
## create event
## set-up basic informations
### step 1: event info
- summary, concise
- can add "OSINT" in the text field
### step 2: event distribution
- who will see your event
- your organisation only
- this community only
- connected communities
- All communities
- A sharing group
### step 3: timeline
- activity detected, when it happened
- is there a date of publication, some mentions?
### step 4: add tags
- this step is important for correlation and classification
- use existing tag: source type, requests, certainty, etc...
- TLP: white
- requests
- collaborative intelligence
- confidence level
- osint certainty
- information credibility
- some tags are missing
- you can create your own
- or post an issue on Github
## event content
### step 5: create attributes
- object: is there an object template?
- yes
- review and complete the attributes
- no
- create an issue or proposal on Github
### step 6: create relationships
- set references between the entities
- via the correlation graph (visual)
- via the object reference
### step 7: galaxies
- explore galaxies for additional contextual informations
## review and publish
### review the event details, tags, TLP/PAP tags and distribution
### publish or download your event
## MISP community
### Ask for help
- Issues on Github
- https://github.com/MISP
### Contribute
- MISP Project
- https://www.misp-project.org