mirror of
https://github.com/adulau/misp-osint-collection.git
synced 2024-12-22 16:35:58 +00:00
118 lines
1.7 KiB
Markdown
118 lines
1.7 KiB
Markdown
# MISP for OSINT: create new event
|
|
|
|
## cross checking
|
|
|
|
### Is the OSINT already known?
|
|
|
|
- Is known from public sources (search in public indexer, blog posts, reports)
|
|
|
|
- yes
|
|
|
|
- no
|
|
|
|
- Is known accross communities
|
|
|
|
- yes : make a proposal for update if the event requires update
|
|
|
|
- no: create a new event
|
|
|
|
## create event
|
|
|
|
## set-up basic informations
|
|
|
|
### step 1: event info
|
|
|
|
- summary, concise
|
|
|
|
- can add "OSINT" in the text field
|
|
|
|
### step 2: event distribution
|
|
|
|
- who will see your event
|
|
|
|
- your organisation only
|
|
|
|
- this community only
|
|
|
|
- connected communities
|
|
|
|
- All communities
|
|
|
|
- A sharing group
|
|
|
|
### step 3: timeline
|
|
|
|
- activity detected, when it happened
|
|
|
|
- is there a date of publication, some mentions?
|
|
|
|
### step 4: add tags
|
|
|
|
- this step is important for correlation and classification
|
|
|
|
- use existing tag: source type, requests, certainty, etc...
|
|
|
|
- TLP: white
|
|
|
|
- requests
|
|
|
|
- collaborative intelligence
|
|
|
|
- confidence level
|
|
|
|
- osint certainty
|
|
|
|
- information credibility
|
|
|
|
- some tags are missing
|
|
|
|
- you can create your own
|
|
|
|
- or post an issue on Github
|
|
|
|
## event content
|
|
|
|
### step 5: create attributes
|
|
|
|
- object: is there an object template?
|
|
|
|
- yes
|
|
|
|
- review and complete the attributes
|
|
|
|
- no
|
|
|
|
- create an issue or proposal on Github
|
|
|
|
### step 6: create relationships
|
|
|
|
- set references between the entities
|
|
|
|
- via the correlation graph (visual)
|
|
|
|
- via the object reference
|
|
|
|
### step 7: galaxies
|
|
|
|
- explore galaxies for additional contextual informations
|
|
|
|
## review and publish
|
|
|
|
### review the event details, tags, TLP/PAP tags and distribution
|
|
|
|
### publish or download your event
|
|
|
|
## MISP community
|
|
|
|
### Ask for help
|
|
|
|
- Issues on Github
|
|
|
|
- https://github.com/MISP
|
|
|
|
### Contribute
|
|
|
|
- MISP Project
|
|
|
|
- https://www.misp-project.org
|
|
|