mirror of
https://github.com/adulau/misp-osint-collection.git
synced 2024-12-22 08:25:58 +00:00
fix: action-taken and classification added in the flowchart
This commit is contained in:
parent
120a92ca8a
commit
b5ebcc63a1
6 changed files with 41975 additions and 18396 deletions
10
README.md
10
README.md
|
@ -1,2 +1,12 @@
|
|||
# misp-osint-collection
|
||||
|
||||
Collection of best practices to add OSINT into MISP and/or MISP communities
|
||||
|
||||
![](docs/Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform.png)
|
||||
|
||||
The document is available in XMind format and the [source is available](docs/Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform.xmind).
|
||||
|
||||
# How to contribute?
|
||||
|
||||
Fork the project, download the XMind format document, edit the document with XMind, commit and do a pull-request.
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -11,41 +11,41 @@
|
|||
<a name="20uk789ukeagkl9e3m2i391u8b">Collecting and analysing OSINT into MISP threat intelligence platform.</a>
|
||||
</h1>
|
||||
<div align="center" class="globalOverview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Collecting and analysing OSINT into MISP threat intelligence platform..jpg"></div>
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Collecting and analysing OSINT into MISP threat intelligence platform. 2.jpg"></div>
|
||||
<p align="center" class="topicImage">
|
||||
<img height="139" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/26esv1mp7d84gjtd2b95t0p2cm.png" width="139"></p>
|
||||
<img height="139" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/26esv1mp7d84gjtd2b95t0p2cm 2.png" width="139"></p>
|
||||
<h2 class="topic">
|
||||
<a name="18qn49v1dn59nsrl74hu1lblq1">Cross-checking if the OSINT is already known</a>
|
||||
</h2>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Cross-checking if the OSINT is already known.jpg"></div>
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Cross-checking if the OSINT is already known 2.jpg"></div>
|
||||
<h3 class="topic">
|
||||
<a name="2lotcssbdimc6ir0h2cpesgm0k"> Search in public indexer if already reported in other blog posts, reports or any public sources.</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1 2.png"></p>
|
||||
<h2 class="topic">
|
||||
<a name="6bv9guc84jss5apved4fgorn9q">Cross-checking if the OSINT already exists in one or more MISP communities (public or private)</a>
|
||||
</h2>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Cross-checking if the OSINT already exists in one or more MISP communities (public or private).jpg"></div>
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Cross-checking if the OSINT already exists in one or more MISP communities (public or private) 2.jpg"></div>
|
||||
<h3 class="topic">
|
||||
<a name="56r4g2b4dgn8nco6vm7e7g8fg8"> If not create a new MISP event</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1 2.png"></p>
|
||||
<p class="relationships">See Also: <a href="#2f33hrh2mj7cn1ksscus3ac49i">Create one or more MISP events</a>
|
||||
</p>
|
||||
<h3 class="topic">
|
||||
<a name="7oa8hc3elmtfrgiohu3ir7gv4g"> If some events already exist and require an update, then make a MISP proposal.</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_2.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_2 2.png"></p>
|
||||
<h2 class="topic">
|
||||
<a name="2f33hrh2mj7cn1ksscus3ac49i">Create one or more MISP events</a>
|
||||
</h2>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Create one or more MISP events.jpg"></div>
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Create one or more MISP events 2.jpg"></div>
|
||||
<div class="notesContainer">
|
||||
<p>A MISP event is usually a semantic bundle of information depending from a specific report, event, notes, blog posts or information.</p>
|
||||
<p></p>
|
||||
|
@ -63,7 +63,7 @@
|
|||
<a name="2q4s6b1e6901850ojb3f43dfje"> Set a meaningful event info</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1 2.png"></p>
|
||||
<div class="notesContainer">
|
||||
<p>The Event Info field in MISP is also a summary and a title of the event. It's important to set a meaning and concise summary.</p>
|
||||
<p></p>
|
||||
|
@ -89,7 +89,7 @@
|
|||
<a name="6077f7ch5k48er1kv495mck88f"> Set a date in accordance with the event</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1 2.png"></p>
|
||||
<div class="notesContainer">
|
||||
<p>A MISP event contains a date which is usually the date related to when the activity happens or detected. It's often easier and clearer to set the publishing date of the OSINT information even if the event happened in the past. </p>
|
||||
<p></p>
|
||||
|
@ -101,9 +101,9 @@
|
|||
<a name="7m3bn1rtme01cogkjkrs0fqe69"> Tag and classify information at event level (default tagging for the whole event)</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1 2.png"></p>
|
||||
<p class="topicImage">
|
||||
<img height="153" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/5a4lvhfjva27c128rqm3g0liab.png" width="400"></p>
|
||||
<img height="153" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/5a4lvhfjva27c128rqm3g0liab 2.png" width="400"></p>
|
||||
<div class="notesContainer">
|
||||
<p>Tagging is important because it helps analyst at a later state to group or search per specific classification or categories.</p>
|
||||
<p></p>
|
||||
|
@ -115,14 +115,14 @@
|
|||
<a name="0pfohr2csagm0jac0p5f65nj7c"> Add attributes related to the OSINT source</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1 2.png"></p>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Add attributes related to the OSINT source.jpg"></div>
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Add attributes related to the OSINT source 2.jpg"></div>
|
||||
<h3 class="topic">
|
||||
<a name="3rro9n9pdeuu0h71c4neesua68"> Add "External analysis"/link to the original source </a>
|
||||
</h3>
|
||||
<p class="topicImage">
|
||||
<img height="322" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/6pkedn123t88n9n8cqbuclpk46.png" width="400"></p>
|
||||
<img height="322" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/6pkedn123t88n9n8cqbuclpk46 2.png" width="400"></p>
|
||||
<div class="notesContainer">
|
||||
<p>Adding reference to the original source is a critical step to ensure proper credits, further analysis or set a confidence/credibility level of the OSINT source.</p>
|
||||
<p></p>
|
||||
|
@ -143,129 +143,204 @@
|
|||
<a name="6ldnh030g2j2rrfj04i8g7ke77"> Classify and tags the OSINT source (with at least the osint namespace)</a>
|
||||
</h3>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Classify and tags the OSINT source (with at least the osint namespace).jpg"></div>
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Classify and tags the OSINT source (with at least the osint namespace) 2.jpg"></div>
|
||||
<p class="topicImage">
|
||||
<img height="208" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/1tjbk0vcv683uh8889lqol26qk.png" width="400"></p>
|
||||
<img height="208" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/1tjbk0vcv683uh8889lqol26qk 2.png" width="400"></p>
|
||||
<h3 class="topic">
|
||||
<a name="2e3vq7pmn1m13bgf60h16imei7"> If there is a missing value in an existing taxonomy or a new one have to be created. </a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_2.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_2 2.png"></p>
|
||||
<p class="relationships">See Also: <a href="#3oqs7n1ncqmed6be2rck3k90qj">Update an existing MISP taxonomy</a>
|
||||
</p>
|
||||
<h3 class="topic">
|
||||
<a name="11cp43ubsqh4t5hhfpqrc9ncph"> Add one or more galaxy/cluster to the event</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_2.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_2 2.png"></p>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Add one or more galaxy cluster to the event.jpg"></div>
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Add one or more galaxy cluster to the event 2.jpg"></div>
|
||||
<p class="topicImage">
|
||||
<img height="400" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/2aommk8t62okah23ifkfo3ivs7.png" width="356"></p>
|
||||
<img height="400" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/2aommk8t62okah23ifkfo3ivs7 2.png" width="356"></p>
|
||||
<h3 class="topic">
|
||||
<a name="32bt7q3qe91mkophrv2ll8b32i"> If there is no related galaxy/cluster/value, add a new one.</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_2.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_2 2.png"></p>
|
||||
<p class="relationships">See Also: <a href="#40lq7ghhlibm3e5jabfkg2aftm">Update an existing MISP galaxy cluster</a>
|
||||
</p>
|
||||
<h3 class="topic">
|
||||
<a name="0kurr339st0hjl3f372glnj7l7"> Add attributes related to the indicators mentioned in the OSINT document</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1 2.png"></p>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Add attributes related to the indicators mentioned in the OSINT document.jpg"></div>
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Add attributes related to the indicators mentioned in the OSINT document 2.jpg"></div>
|
||||
<h3 class="topic">
|
||||
<a name="5utopcfbbl1f549r5intleg36o"> If there is any files mentioned in the OSINT information, add corresponding file object(s).</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1 2.png"></p>
|
||||
<p class="topicImage">
|
||||
<img height="126" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/2bosl9uhkkg8unudkbbude61ah.png" width="400"></p>
|
||||
<img height="126" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/2bosl9uhkkg8unudkbbude61ah 2.png" width="400"></p>
|
||||
<h3 class="topic">
|
||||
<a name="1rh5q85trp7jtpl4uhvo71cfjn"> If there is any missing objects or attributes type in MISP to describe this OSINT, propose a new one.</a>
|
||||
</h3>
|
||||
<h3 class="topic">
|
||||
<a name="0re5puuscd0nqlhtp41sbbe6q0"> Add attributes related to the target groups mentioned in the OSINT document</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1 2.png"></p>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Add attributes related to the target groups mentioned in the OSINT document.jpg"></div>
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Add attributes related to the target groups mentioned in the OSINT document 2.jpg"></div>
|
||||
<h3 class="topic">
|
||||
<a name="66nnj1qajolck937t6d9g045ml"> If there is any target groups, pick the right attribute types in the "Targeting data" category.</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1 2.png"></p>
|
||||
<p class="topicImage">
|
||||
<img height="299" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/5h5g9i2rh777tdiburu32iv7th.png" width="400"></p>
|
||||
<img height="299" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/5h5g9i2rh777tdiburu32iv7th 2.png" width="400"></p>
|
||||
<h3 class="topic">
|
||||
<a name="2v1t90q36bvff159ot7rcbn8k9"> Add and attach evidences</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1 2.png"></p>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Add and attach evidences.jpg"></div>
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Add and attach evidences 2.jpg"></div>
|
||||
<h3 class="topic">
|
||||
<a name="05ro8ahnubevtjcld3erbkkugc"> Evidence like screenshot or static report</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1 2.png"></p>
|
||||
<p class="topicImage">
|
||||
<img height="267" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/07dkpqsoc6frqllp8hrm8bag7h.png" width="400"></p>
|
||||
<img height="267" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/07dkpqsoc6frqllp8hrm8bag7h 2.png" width="400"></p>
|
||||
<h3 class="topic">
|
||||
<a name="79mp5uq5jdhl1spujbnb8899it"> Evidence like malicious sample files or malware</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_1 2.png"></p>
|
||||
<div class="notesContainer">
|
||||
<p>Add attachment in MISP allows to include malicious or non-malicious file to the platform. The difference is a matter of flag "IDS (encrypt and hash" where the evidence will be encrypted with a default password "infected" to avoid any human-error to execute malicious binaries.</p>
|
||||
</div>
|
||||
<h2 class="topic">
|
||||
<a name="2a7ju3ea4cg73soahc6302uk7s">Review classification and tagging on the created events</a>
|
||||
</h2>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Review classification and tagging on the created events.jpg"></div>
|
||||
<h3 class="topic">
|
||||
<a name="33dpdjeej2e1uiun3td5oh2qmf"> Confidence level of the OSINT information</a>
|
||||
</h3>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Confidence level of the OSINT information.jpg"></div>
|
||||
<h3 class="topic">
|
||||
<a href="https://www.misp-project.org/taxonomies.html#_osint" name="0rp3qmqh4gmouhemffktra5b7u"> Taxonomy - osint:certainty</a>
|
||||
</h3>
|
||||
<h3 class="topic">
|
||||
<a href="https://www.misp-project.org/taxonomies.html#_admiralty_scale" name="78plro6urnun93h458odmd0gj2"> Taxonomy admiralty-scale</a>
|
||||
</h3>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Taxonomy admiralty-scale.jpg"></div>
|
||||
<h3 class="topic">
|
||||
<a name="510rhb21ndqf8kgnpell3n6kpn"> Review source-reliability</a>
|
||||
</h3>
|
||||
<h3 class="topic">
|
||||
<a name="63ce35fc0e66ind2kge195j4h9"> Review information-credibility</a>
|
||||
</h3>
|
||||
<h3 class="topic">
|
||||
<a name="5sbk8cqf19jicqfk6kad4escet"> Request for competitive analysis or additional information (e.g. sample, context)</a>
|
||||
</h3>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Request for competitive analysis or additional information (e.g. sample, context).jpg"></div>
|
||||
<h3 class="topic">
|
||||
<a href="https://www.misp-project.org/taxonomies.html#_collaborative_intelligence" name="38lruop3n5tlenl8oq6mkrf6pt"> Taxonomy - collaborative-intelligence</a>
|
||||
</h3>
|
||||
<h2 class="topic">
|
||||
<a name="263ime1ome71421p9f1qec5ojm">Action taken from the OSINT entered in MISP</a>
|
||||
</h2>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Action taken from the OSINT entered in MISP.jpg"></div>
|
||||
<div class="notesContainer">
|
||||
<p>When dealing with OSINT information, you might have taken additional actions beside entering a MISP event. An example can be the notification of an ISP if a system is compromised or the notification of a registrar because a domain is abused. This kind of information should be also added in MISP to support other analysts.</p>
|
||||
<p></p>
|
||||
</div>
|
||||
<h3 class="topic">
|
||||
<a name="6e7j5sjib3jscc73j6c086ilhq"> Notified or informed a third-party</a>
|
||||
</h3>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Notified or informed a third-party.jpg"></div>
|
||||
<h3 class="topic">
|
||||
<a href="https://www.misp-project.org/taxonomies.html#_action_taken" name="0pnepfqle5qv075a4cvfsvi5dt"> Add tagging and classification regarding the OSINT where actions were taken</a>
|
||||
</h3>
|
||||
<h2 class="topic">
|
||||
<a href="https://www.misp-project.org/galaxy.html" name="40lq7ghhlibm3e5jabfkg2aftm">Update an existing MISP galaxy cluster</a>
|
||||
</h2>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Update an existing MISP galaxy cluster.jpg"></div>
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Update an existing MISP galaxy cluster 2.jpg"></div>
|
||||
<p class="relationships">See Also: <a href="#32bt7q3qe91mkophrv2ll8b32i">If there is no related galaxy/cluster/value, add a new one.</a>
|
||||
</p>
|
||||
<h3 class="topic">
|
||||
<a href="https://github.com/MISP/misp-galaxy" name="4ldddje35o0c16v7v45a7gr41n"> Adding a new value to an existing cluster (or fix an existing one)</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_2.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_2 2.png"></p>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Adding a new value to an existing cluster (or fix an existing one).jpg"></div>
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Adding a new value to an existing cluster (or fix an existing one) 2.jpg"></div>
|
||||
<h3 class="topic">
|
||||
<a href="https://github.com/MISP/misp-galaxy/issues" name="2ln09evt2fkn64t3joab3u301v"> Open an issue</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_3.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_3 2.png"></p>
|
||||
<h3 class="topic">
|
||||
<a name="6qc1uca2dg7v80kcjl0qdn91en"> Update the JSON of the cluster and create a pull-request</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_2.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_2 2.png"></p>
|
||||
<h2 class="topic">
|
||||
<a href="https://www.misp-project.org/taxonomies.html" name="3oqs7n1ncqmed6be2rck3k90qj">Update an existing MISP taxonomy</a>
|
||||
</h2>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Update an existing MISP taxonomy.jpg"></div>
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Update an existing MISP taxonomy 2.jpg"></div>
|
||||
<p class="relationships">See Also: <a href="#2e3vq7pmn1m13bgf60h16imei7">If there is a missing value in an existing taxonomy or a new one have to be created. </a>
|
||||
</p>
|
||||
<h3 class="topic">
|
||||
<a href="https://github.com/MISP/misp-taxonomies/" name="630troncsdvbgv4jcf05o8icd6"> Adding a new value to an existing taxonomy (or fix an existing one)</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_2.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_2 2.png"></p>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Adding a new value to an existing taxonomy (or fix an existing one).jpg"></div>
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Adding a new value to an existing taxonomy (or fix an existing one) 2.jpg"></div>
|
||||
<h3 class="topic">
|
||||
<a href="https://github.com/MISP/misp-taxonomies/issues" name="62rhsgsocoqosnjp74pqujrvb4"> Open an issue</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_3.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_3 2.png"></p>
|
||||
<h3 class="topic">
|
||||
<a name="0q1m70tmb67rkulimfds00hb6s"> Update the JSON and create a pull-request</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_2.png"></p>
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_2 2.png"></p>
|
||||
<h2 class="topic">
|
||||
<a name="2g18pjsj78hjjcvfahj1su7k3m">Propose a new attribute type in MISP</a>
|
||||
</h2>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Propose a new attribute type in MISP.jpg"></div>
|
||||
<h3 class="topic">
|
||||
<a name="721gmpsgomo77ubdgprgeoqh8b"> Attribute type are really atomic information, misp object should be preferred.</a>
|
||||
</h3>
|
||||
<h2 class="topic">
|
||||
<a name="229f4anhse7d3ov8ivtf5smepn">Propose a new MISP object template</a>
|
||||
</h2>
|
||||
<div class="overview">
|
||||
<img src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/Propose a new MISP object template.jpg"></div>
|
||||
<h3 class="topic">
|
||||
<a name="40d15obs8kk00vv7eqeu840mub"> Update the JSON and create a pull-request</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_2 2.png"></p>
|
||||
<h3 class="topic">
|
||||
<a href="https://github.com/MISP/misp-objects/issues" name="4cblda2a65tlv8s86990i0lc0j"> Open an issue</a>
|
||||
</h3>
|
||||
<p class="labelsAndMarkers">
|
||||
<img class="marker" src="Collecting_and_analysing_OSINT_into_MISP_threat_intelligence_platform_files/images/priority_3 2.png"></p>
|
||||
</body>
|
||||
</html>
|
||||
|
|
Binary file not shown.
Binary file not shown.
Before Width: | Height: | Size: 385 KiB After Width: | Height: | Size: 459 KiB |
Binary file not shown.
Loading…
Reference in a new issue