MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

Clarify meaning of sighting as true positive

pull/74/head
Marcos Orallo 2017-11-29 18:11:09 +01:00 committed by GitHub
parent 274cade47e
commit 0f821e8296
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sightings/README.md
View File

@ -21,12 +21,12 @@ Sighting is applied to every attribute, under the column "Sightings", easily ide
![attribute](./figures/attributesighting.png)
These three values show respectively:
- The number of sighting on the attribute, in green.
- The number of times the attribute have been marked as false positive, in red.
- The number of true positives detected with the attribute, in green. Malicious activity as described in the event.
- The number of times the attribute has been marked as false positive, in red. Non-malicious activity or incorrect detection.
- The number of different expiration dates that have been affected on this attribute, in orange
Concerning the three icons:
- The first one (Thumb up) allows to add a sighting on an attribute.
- The first one (Thumb up) allows to add a sighting (true positive) on an attribute.
- The second one (Thumb down) allows to mark the attribute as a false positive.
- The third one (Tool) opens a popup for advanced sightings, showing sightings details and allowing different actions.
@ -60,4 +60,4 @@ Clicking on the tool will show sighting details for the whole event.
### Using sightings on an event (API)
Please have a look at the [automation API](../automation/README.md#sightings-api)
Please have a look at the [automation API](../automation/README.md#sightings-api)