mirror of https://github.com/MISP/MISP
Page:
Use cases
Pages
3rd party modules
AddNewAttributes
AuthenticationProject
Categories & Types changes CheckList
CommitMessageBestPractices
Contributing to MISP Project
CortexIntegration
Critical aspects or features
DeploymentTools
EnhancedSighting
Frequently Asked Questions
Hackathon
Hardening
Home
Max and min value for first_seen last_seen
NewAttributes
Notes: MISP STIX2
Planned features and functionalities
Presentations about MISP or mentioning MISP
Project dependencies
Proxy
RedisAllocation
ReleaseCheckList
Rename default branches master to main
STIX2.0 to STIX2.1 changes
Sharing guidelines
TaxonomiesResearch
Use cases
UserInterface
2
Use cases
Alexandre Dulaunoy edited this page 2014-01-13 07:16:18 -08:00
New Exploit
- a new CVE is published
- an analyst who was working on a sample realise it is related, he publishes the hash
- when adding the Hash in our MISP instance, we discover other events using this vulnerability
Messy list of hashes
- a big list of hashes is published anonymously without context
- when added in a MISP Instance, we can link it to an attack
OSINT
- the report has a lot of IOCs (hashes, ips, domains...)
- when added into MISP, we link it to multiple former events and inform the victims
Attribution
- Multiple malwares are investigated at the same time by different entities
- They all contain the same highly specific mutex and can be connected and help to identify the attacker
Malware analysis and critical classification
- A analyst is reversing a malware but doesn't know the level of risk with the associated (lack of context)
- The analyst enters the indicators into MISP to check if some other events (with a proper context) are triggered