MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' of github.com:MISP/misp-book

pull/124/head
Alexandre Dulaunoy 2018-07-31 10:23:22 +02:00
parent b53adf91d0 9d02f38aa5
commit 1d532adfdf
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
3 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
automation/README.md
View File

@ -2,7 +2,7 @@
# Automation API
Automation functionality is designed to automatically generate signatures for intrusion detection systems. To enable signature generation for a given attribute, Signature field of this attribute must be set to Yes. Note that not all attribute types are applicable for signature generation, currently we only support NIDS signature generation for IP, domains, host names, user agents etc., and hash list generation for MD5/SHA1 values of file artefacts. Support for more attribute types is planned. To to make this functionality available for automated tools an authentication key is used. This makes it easier for your tools to access the data without further form-based-authentication.
Automation functionality is designed to automatically generate signatures for intrusion detection systems. To enable signature generation for a given attribute, Signature field of this attribute must be set to Yes. Note that not all attribute types are applicable for signature generation, currently we only support NIDS signature generation for IP, domains, host names, user agents etc., and hash list generation for MD5/SHA1 values of file artefacts. Support for more attribute types is planned. To make this functionality available for automated tools an authentication key is used. This makes it easier for your tools to access the data without further form-based-authentication.
## General

2
general-layout/README.md
View File

@ -112,7 +112,7 @@ It may be that you have an Error Message in the page (if you enabled debug or si
![Error message](figures/pb-list-server.png)
An easy first them to make most of them go away is to use the clean cache feature on the server settings menu, diagnostics tab.
An easy first step to make most of them go away is to use the clean cache feature on the server settings menu, diagnostics tab.
![cleanscript](figures/cleanscript1.png)

2
sightings/README.md
View File

@ -12,7 +12,7 @@ As said before, Sighting is a way for a user to say that they have seen or notic
Sometimes, some attributes can be considered as false positives, even if the false positive list do not detect them (for instance, if the IDS flag is set to false) so they can also be notified. As well as concerning sighting, the same user can signal a single attribute as a false positive several times.
It also happens that some attributes are only valid a certain time (for instance, in case of a phishing campagne that is assumed to be up for only one week). In this case, people can also assign an expiration date to an attribute, but this time, there can be only one valid expiration date per *organisation*.
It also happens that some attributes are only valid a certain time (for instance, in case of a phishing campaign that is assumed to be up for only one week). In this case, people can also assign an expiration date to an attribute, but this time, there can be only one valid expiration date per *organisation*.
### Using sightings on an event (GUI)