best-practices-in-threat-in.../book.adoc

= Best Practices in Threat Intelligence
:doctype: book
:sourcedir: ./best-practices/
:author: MISP Project
:toc:
:icons: font

=== Introduction

The objective of this book is to compile the best practices in Threat Intelligence Analysis with the support of the Open Source Threat Intelligence platform https://www.misp-project.org/[MISP]. The best practices described here are from Information Sharing communities (ISAC or CSIRT) which are regularly using MISP to support their work and sharing practices.

== Best Practices

include::{sourcedir}improving-analysis.adoc[]

<<<

include::{sourcedir}what-to-share.adoc[]

<<<

include::{sourcedir}expressing-confidence.adoc[]

<<<

include::{sourcedir}building-workflow.adoc[]

<<<

include::{sourcedir}intelligence-tagging.adoc[]

<<<

== Authors and Contributors

- Alexandre Dulaunoy
- Andras Iklody

[glossary]
== Glossary

[glossary]
ISAC:: Information Sharing and Analysis Center
MISP:: MISP - Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing
First version of the best practices in threat intelligence 2018-07-01 17:52:34 +02:00			`= Best Practices in Threat Intelligence`
			`:doctype: book`
			`:sourcedir: ./best-practices/`
			`:author: MISP Project`
			`:toc:`
			`:icons: font`

			`=== Introduction`

rephrased and consistency changes 2018-10-24 11:03:10 +02:00			`The objective of this book is to compile the best practices in Threat Intelligence Analysis with the support of the Open Source Threat Intelligence platform https://www.misp-project.org/[MISP]. The best practices described here are from Information Sharing communities (ISAC or CSIRT) which are regularly using MISP to support their work and sharing practices.`
First version of the best practices in threat intelligence 2018-07-01 17:52:34 +02:00
			`== Best Practices`

			`include::{sourcedir}improving-analysis.adoc[]`

			`<<<`

			`include::{sourcedir}what-to-share.adoc[]`

			`<<<`
chg: [expressing confidence] added 2018-09-22 21:21:41 +02:00
			`include::{sourcedir}expressing-confidence.adoc[]`

			`<<<`

add: building a workflow 2018-10-24 07:49:24 +02:00			`include::{sourcedir}building-workflow.adoc[]`

			`<<<`

first draft of intelligence tagging guideline 2018-12-09 15:50:19 +01:00			`include::{sourcedir}intelligence-tagging.adoc[]`

			`<<<`

First version of the best practices in threat intelligence 2018-07-01 17:52:34 +02:00			`== Authors and Contributors`

			`- Alexandre Dulaunoy`
			`- Andras Iklody`

			`[glossary]`
			`== Glossary`

			`[glossary]`
			`ISAC:: Information Sharing and Analysis Center`
			`MISP:: MISP - Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing`