added version 5

version-5/misp_osint_create_event_f.md

@@ -0,0 +1,118 @@
+# MISP for OSINT: create new event
+
+## cross checking
+
+### Is the OSINT already known?
+
+- Is known from public sources (search in public indexer, blog posts, reports)
+
+	- yes
+
+	- no
+
+- Is known accross communities
+
+	- yes : make a proposal for update if the event requires update
+
+	- no: create a new event
+
+## create event
+
+## set-up basic informations
+
+### step 1: event info
+
+- summary, concise
+
+- can add "OSINT" in the text field
+
+### step 2: event distribution
+
+- who will see your event
+
+	- your organisation only
+
+	- this community only
+
+	- connected communities
+
+	- All communities
+
+	- A sharing group
+
+### step 3: timeline
+
+- activity detected, when it happened
+
+- is there a date of publication, some mentions?
+
+### step 4: add tags
+
+- this step is important for correlation and classification
+
+- use existing tag: source type, requests, certainty, etc...
+
+	- TLP: white
+
+	- requests
+
+		- collaborative intelligence
+
+	- confidence level
+
+		- osint certainty
+
+		- information credibility
+
+- some tags are missing
+
+	- you can create your own
+
+	- or post an issue on Github
+
+## event content
+
+### step 5: create attributes
+
+- object: is there an object template?
+
+	- yes
+
+		- review and complete the attributes
+
+	- no
+
+		- create an issue or proposal on Github
+
+### step 6: create relationships
+
+- set references between the entities
+
+	- via the correlation graph (visual)
+
+	- via the object reference
+
+### step 7: galaxies
+
+- explore galaxies for additional contextual informations
+
+## review and publish
+
+### review the event details, tags, TLP/PAP tags and distribution
+
+### publish or download your event
+
+## MISP community
+
+### Ask for help
+
+- Issues on Github
+
+	- https://github.com/MISP
+
+### Contribute
+
+- MISP Project
+
+	- https://www.misp-project.org
+