MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [glossary] clarification of the observable definition

pull/152/head
Alexandre Dulaunoy 2019-04-12 12:05:05 +02:00
parent 5bbf040162
commit 2d04d60354
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
GLOSSARY.md
View File

@ -40,10 +40,10 @@ Attributes in MISP can be network indicators (e.g. IP address), system indicator
can be useful for contextualisation only. can be useful for contextualisation only.
## Observable ## Observable
Some other SIEMs or formats (STIX) use the term observable. This is the same as an attribute in MISP-speak. Some other SIEMs or formats (STIX) use the term observable. This is the same as an attribute in MISP-speak. Usually an observable is a MISP attribute without the IDS flag set.
## MISP Event ## MISP Event
MISP events are encapsulations for contextually linked information MISP events are encapsulations for contextually related information represented as attribute and object.
## MISP Extended Events ## MISP Extended Events
MISP can now extend an event (starting from version 2.4.90). This allows users to build full blown events that extend an existing event, giving way to a combined event view that includes a sum total of the event along with all extending events. MISP can now extend an event (starting from version 2.4.90). This allows users to build full blown events that extend an existing event, giving way to a combined event view that includes a sum total of the event along with all extending events.