MISP
/
best-practices-in-threat-intelligence
mirror of https://github.com/MISP/best-practices-in-threat-intelligence
2
0
Fork 0
Code Issues Releases Wiki Activity

cleanup

pull/3/head
Sascha Rommelfangen 2018-10-24 11:10:13 +02:00 committed by GitHub
parent 85a394a6fa
commit e265a80b72
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
best-practices/building-workflow.adoc
View File

@ -1,12 +1,12 @@
=== How to track and keep the state of an analysis
NOTE: Having a workflow to follow and refer to is something useful for the analyst as well as for other people reading his analysis.
NOTE: Having a workflow to follow and be able to refer to is something useful for the analyst as well as for other people reading or relying on the analysis.
Keeping track of the advancement of an analysis, of what is done or still need to be done, is really important in order to not forget anything or not make the same work twice. So it is essential to have a clear method to keep these information clear and concise.
Keeping track of the advancement of an analysis, of what has been done or still needs to be done is important in order to not forget anything on one side or to ensure work is not performed redundantly by accident. It is essential to have a method to keep these information clear and concise.
One of the possible methodologies is to use tags to mark the information and convey the current state of an analysis.
For instance the MISP Workflow Taxonomy allows the user to describe the state of an analysis, as complete or incomplete. Moreover, it can be used to clearly specify what still need to be done using the todo tags. The workflow taxonomy is separated into two parts. One part is related to the actions to be done (`todo`) and the other part is about the current state of the analysis(`state`) such as incomplete, draft or complete.
For instance the MISP Workflow Taxonomy allows the user to describe the state of an analysis, as `complete` or `incomplete`. Moreover, it can be used to clearly specify what still needs to be done using the `todo` tags. The workflow taxonomy is separated into two parts. One part is related to the actions to be done (`todo`) and the other part is about the current state of the analysis(`state`) such as `incomplete`, `draft` or `complete`.
TIP: For more information on the MISP Workflow Taxonomy, please feel free to read https://www.misp-project.org/taxonomies.html#_workflow[Workflow taxonomy cheat sheet].