A quick-and-dirty test to deduce the appropriate SimHash distance to use with a MISP dataset (per type).
Find a file
2018-06-10 21:04:50 +02:00
build_similarities.py Initial import of my dirty script/test to calculate SimHash from MISP 2018-06-10 21:04:50 +02:00
keys.py.sample Initial import of my dirty script/test to calculate SimHash from MISP 2018-06-10 21:04:50 +02:00
README.md Initial import of my dirty script/test to calculate SimHash from MISP 2018-06-10 21:04:50 +02:00

threatintel-attributes-compare

A quick-and-dirty test to deduce the appropriate SimHash distance to use with a MISP dataset (per type). The idea is to analyse existing types and defines a specific SimHash distance depending of the attribute type (such as sigma, yara, text, comment or what ever type supported) in MISP when the correlation engine will support it.

Usage

python3 build_similarities.py  --quiet --type=yara --distance=10

Requirements

  • Redis
  • SimHash Python library
  • PyMISP