MISP
/
best-practices-in-threat-intelligence
mirror of https://github.com/MISP/best-practices-in-threat-intelligence
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #5 from rommelfs/patch-4 

correction run
pull/8/head
Alexandre Dulaunoy 2018-12-09 22:22:16 +01:00 committed by GitHub
parent de835bea72 a1735c3f01
commit efc9bf909a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
best-practices/what-to-share.adoc
View File

@ -4,15 +4,15 @@ NOTE: Valuable information is a moving concept and highly depending of the goal
Contribution comes in various shapes and sizes.
Information which are often distributed within sharing communities are the following:
Information which is often distributed within sharing communities are the following:
- Analysis report of a specific threat (such as security vendor report, blog post) which can be open source intelligence or limited distribution
- Analysis report of a specific threat (such as security vendor report, blog post) which can be Open Source intelligence or come as limited distribution
- Enhanced analysis of an existing report (such as data qualification, competitive or counter analysis)
- A post-mortem analysis of an incident
- Additional information about existing or known threats (such as adversary techniques, new malware samples or complementary discoveries)
- False-positive or false-negative reporting
- Asking for contribution or support from the community (such as "have you seen this threat?" or "do you have more samples?")
TIP: By having a look at https://www.misp-project.org/objects.html[the object templates] or the https://www.misp-project.org/datamodels/#misp-core-format[MISP attribute types], this can help you to discover what it's actively shared within other communities. If a type or an object template is not matching your data model, you can easily create new ones.
TIP: By having a look at https://www.misp-project.org/objects.html[the object templates] or the https://www.misp-project.org/datamodels/#misp-core-format[MISP attribute types], this can help you to discover what is actively shared within other communities. If a type or an object template is not matching your data model, you can easily create new ones.
TIP: When asking for the support of the community, using a specific taxonomy such as https://www.misp-project.org/taxonomies.html#_collaborative_intelligence[collaborative intelligence] to express your needs might help everyone and improve automation.