Best Practices in Threat Intelligence
@@ -85,10 +85,10 @@ code{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;
ul,ol,dl{line-height:1.6;margin-bottom:1.25em;list-style-position:outside;font-family:inherit}
ul,ol{margin-left:1.5em}
ul li ul,ul li ol{margin-left:1.25em;margin-bottom:0}
-ul.square li ul,ul.circle li ul,ul.disc li ul{list-style:inherit}
-ul.square{list-style-type:square}
ul.circle{list-style-type:circle}
ul.disc{list-style-type:disc}
+ul.square{list-style-type:square}
+ul.circle ul:not([class]),ul.disc ul:not([class]),ul.square ul:not([class]){list-style:inherit}
ol li ul,ol li ol{margin-left:1.25em;margin-bottom:0}
dl dt{margin-bottom:.3125em;font-weight:bold}
dl dd{margin-bottom:1.25em}
@@ -859,10 +859,10 @@ Having a workflow to follow, and be able to refer to, is something useful for th
One of the possible methodologies is to use tags to mark the information and convey the current state of an analysis.
-
For instance the MISP Workflow [Taxonomy] allows the user to describe the state of an analysis, as complete or incomplete. Moreover, it can be used to clearly specify what still needs to be done using the todo tags. The workflow taxonomy is separated into two parts. One part is related to the actions to be done (todo) and the other part is about the current state of the analysis(state) such as incomplete, draft or complete.
+
For instance the MISP Workflow Taxonomy allows the user to describe the state of an analysis, as complete or incomplete. Moreover, it can be used to clearly specify what still needs to be done using the todo tags. The workflow taxonomy is separated into two parts. One part is related to the actions to be done (todo) and the other part is about the current state of the analysis(state) such as incomplete, draft or complete.
-
The MISP Workflow [Taxonomy] can be expanded with local or global values. There are many existing todo such as workflow:todo="check-passive-dns-for-shared-hosting" or action related to the analysis workflow:todo="preserve-evidence".
+
The MISP Workflow Taxonomy can be expanded with local or global values. There are many existing todo such as workflow:todo="check-passive-dns-for-shared-hosting" or action related to the analysis workflow:todo="preserve-evidence".
@@ -1049,6 +1049,10 @@ In case you use any CCBYSA licensed content, or other pieces that are subject to
Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context.[1] In the intelligence community, the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources). It is not related to open-source software or public intelligence. OSINT under one name or another has been around for hundreds of years. With the advent of instant communications and rapid information transfer, a great deal of actionable and predictive intelligence can now be obtained from public, unclassified sources. Source "Open-source intelligence" - CCBYSA.
+
Taxonomy
+
+
MISP Taxonomies is a set of common classification libraries to tag, classify and organise information. Taxonomy allows to express the same vocabulary among a distributed set of users and organisations.
+
@@ -1056,7 +1060,7 @@ In case you use any CCBYSA licensed content, or other pieces that are subject to