MISP
/
best-practices-in-threat-intelligence
mirror of https://github.com/MISP/best-practices-in-threat-intelligence
2
0
Fork 0
Code Issues Releases Wiki Activity

corrections and TODO

pull/6/head
Sascha Rommelfangen 2018-10-24 12:04:21 +02:00 committed by GitHub
parent 85a394a6fa
commit 9177fbae07
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
best-practices/how-to-classify-information.adoc
View File

@ -1,11 +1,11 @@
=== How to classify information
NOTE: Classifying information is something that has proven being very useful in lots of domains, including threat intelligence as it helps getting the main information very quickly. Moreover, it can help to build correlations between events or reports, allowing analysts to understand threat actors better.
NOTE: Classifying information is something that has proven being very useful in lots of domains, including Threat Intelligence as it helps assessing the main information very quickly. Moreover, it can help to build correlations between events or reports, allowing analysts to better understand threat actors.
The first tool we can use to classify information are tags and taxonomies
. Tags can be used to describe how the information can be shared, using the tlp (Traffic Light Protocol) taxonomy, in order to prevent information leak.
. They can also be used to describe the source where information come from.
. Many taxonomies allow the user to explain the kind of threat the information
. Tags can be used to describe how the information can be shared, using the tlp (Traffic Light Protocol) taxonomy, in order to prevent information leaks.
. They can also be used to describe the source where information came from.
. Many taxonomies allow the user to further explain the kind of threat [TODO: was that the meaning?]
--mapping--
- Galaxies