MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [glossary] clarification of the observable definition

pull/152/head
Alexandre Dulaunoy 2019-04-12 12:05:05 +02:00
parent 5bbf040162
commit 2d04d60354
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
GLOSSARY.md
View File

@ -40,10 +40,10 @@ Attributes in MISP can be network indicators (e.g. IP address), system indicator
can be useful for contextualisation only.
## Observable
Some other SIEMs or formats (STIX) use the term observable. This is the same as an attribute in MISP-speak.
Some other SIEMs or formats (STIX) use the term observable. This is the same as an attribute in MISP-speak. Usually an observable is a MISP attribute without the IDS flag set.
## MISP Event
MISP events are encapsulations for contextually linked information
MISP events are encapsulations for contextually related information represented as attribute and object.
## MISP Extended Events
MISP can now extend an event (starting from version 2.4.90). This allows users to build full blown events that extend an existing event, giving way to a combined event view that includes a sum total of the event along with all extending events.