mirror of https://github.com/MISP/MISP
updated README.md
parent
964d39143b
commit
6de28c60d6
60
README.md
60
README.md
|
@ -1,25 +1,51 @@
|
|||
MISP - Malware Information Sharing Platform
|
||||
===========================================
|
||||
--------------------------------------------
|
||||
The problem that we experienced in the past was the difficulty to exchange information about (targeted) malwares and attacks within a group of trusted partners, or a bilateral agreement.
|
||||
Even today much of the information exchange happens in unstructured reports where you have to copy-paste the information in your own text-files that you then have to parse to export to (N)IDS and systems like log-searches, etc...
|
||||
|
||||
Copyright: The copyright holders are the Belgian Defence and NATO / NCIRC.
|
||||
License: Affero General Public License v3
|
||||
|
||||
Goal
|
||||
----
|
||||
A huge challenge in the Cyber Security domain is the information sharing inside and between organizations.
|
||||
A huge challenge in the Cyber Security domain is the information sharing inside and between organizations.
|
||||
This platform has as goal to facilitate:
|
||||
* storing technical and non-technical information about seen malwares and attacks
|
||||
* automatically creating relations between malwares and events
|
||||
* storing data in a structured format (allowing automated use of the database for various purposes)
|
||||
* generating IDS rules that can be imported on IDS systems (network, host)
|
||||
* sharing the information with other parties and trust-groups
|
||||
* storing locally all information from other instances
|
||||
- **central IOC database**: storing technical and non-technical information about malwares and attacks, ... Data from external instances is also imported into your local instance
|
||||
- **correlation**: automatically creating relations between malwares, events and attributes
|
||||
- **storing data** in a structured format (allowing automated use of the database for various purposes)
|
||||
- **export**: generating IDS, OpenIOC, plain text, xml output to integrate with other systems (network IDS, host IDS, custom tools, …)
|
||||
- **import**: batch-import, import from OpenIOC, GFI sandbox, ThreatConnect CSV, ...
|
||||
- **data-sharing**: automatically exchange and synchronization with other parties and trust-groups
|
||||
|
||||
To have a better idea what the platform does have a look at the PDF files in the INSTALL directory.
|
||||
Exchanging info results in *faster detection* of targeted attacks and improves the detection ratio while reducing the false positives. We also avoid reversing similar malware as we know very fast that others already worked on this malware.
|
||||
The Red October malware for example gives a similar view:
|
||||
|
||||
![red october](http://3.bp.blogspot.com/-B3h0xbX7RjI/Uftvmq05rHI/AAAAAAAAApo/I0OEYOAFUI4/s1600/red-oct-1.jpg)
|
||||
|
||||
![red october](http://1.bp.blogspot.com/-LnMVhq4Rpyk/UftvmguodBI/AAAAAAAAAps/e22fomGL2MU/s1600/red-oct-2.jpg)
|
||||
|
||||
|
||||
Some people might think about CIF, the collective intelligence framework, however both tools are different. Perhaps integration might be provided between those two in the future.
|
||||
|
||||
Changelog
|
||||
---------
|
||||
- v2.1 implements important changes in the database format.
|
||||
- A complete redesign of the UI
|
||||
- Added a lot more import/exports formats
|
||||
- Serious code cleanup
|
||||
|
||||
Documentation
|
||||
-------------
|
||||
Make sure you read the documentation in the INSTALL directory.
|
||||
We are currently consolidating the documentation, so it will be updated often.
|
||||
Feel free to have a look at the (pdf) documentation in the INSTALL directory.
|
||||
|
||||
This part of the code is a major rewrite of a first version of the codebase.
|
||||
We are actively developing this tool and many (code, documentation, export formats,...) improvements are coming.
|
||||
|
||||
Feel free to fork the code, play with it, make some patches and send us the pull requests.
|
||||
|
||||
Feel free to contact us, create issues, if you have questions, remarks or bug reports.
|
||||
|
||||
There are 2 branches:
|
||||
- develop: (very active development) new features and improvements
|
||||
- main: what we consider as stable
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
This software is licensed under GNU Affero General Public License version 3
|
||||
|
||||
Copyright (c) 2012, 2013 Belgian Defence, NATO / NCIRC.
|
Loading…
Reference in New Issue