MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

pull/200/head
Steve Clement 2020-02-16 09:45:53 +09:00
parent 6d6eabd438 f6d7b7eeca
commit 5536af3925
No known key found for this signature in database
GPG Key ID: 69A20F509BE4AEE9
3 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
appendices/README.md
View File

@ -233,6 +233,7 @@ This section lists the projects that can be found on the main [MISP GitHub](http
| Project | Description | Status | | Project | Description | Status |
| -- | -- | -- | | -- | -- | -- |
| [misp-objects](https://github.com/MISP/misp-objects) | Definition, description and relationship types of MISP objects | Core to MISP, frequently updated and tested | | [misp-objects](https://github.com/MISP/misp-objects) | Definition, description and relationship types of MISP objects | Core to MISP, frequently updated and tested |
| [Best Practices in ThreatIntel](https://github.com/MISP/best-practices-in-threat-intelligence) | Best practices in threat intelligence | Book available here: https://www.misp-project.org/best-practices-in-threat-intelligence.html |
<!-- <!--
| []() | | Core to MISP, frequently updated and tested | | []() | | Core to MISP, frequently updated and tested |
@ -305,7 +306,6 @@ This section lists some projects we know of but not officially support and rely
A brief list of online ressources that around #ThreatIntel A brief list of online ressources that around #ThreatIntel
* [Curated list of awesome cybersecurity companies and solutions.](https://github.com/Annsec/awesome-cybersecurity/blob/master/README.md) (Updated April 2017)
* [A curated list of awesome malware analysis tools and resources](https://github.com/rshipp/awesome-malware-analysis/blob/master/README.md). Inspired by [awesome-python](https://github.com/vinta/awesome-python) and [awesome-php](https://github.com/ziadoz/awesome-php). * [A curated list of awesome malware analysis tools and resources](https://github.com/rshipp/awesome-malware-analysis/blob/master/README.md). Inspired by [awesome-python](https://github.com/vinta/awesome-python) and [awesome-php](https://github.com/ziadoz/awesome-php).
* [An authoritative list of awesome devsecops tools with the help from community experiments and contributions](https://github.com/devsecops/awesome-devsecops/blob/master/README.md).[DEV.SEC.OPS](http://devsecops.org) * [An authoritative list of awesome devsecops tools with the help from community experiments and contributions](https://github.com/devsecops/awesome-devsecops/blob/master/README.md).[DEV.SEC.OPS](http://devsecops.org)
* [Advance Python IoC extractor](https://github.com/InQuest/python-iocextract) * [Advance Python IoC extractor](https://github.com/InQuest/python-iocextract)

4
categories-and-types/README.md
View File

@ -19,6 +19,7 @@
|campaign-name| | | X | | | | |campaign-name| | | X | | | |
|cc-number| | | | | X | | |cc-number| | | | | X | |
|cdhash| | X | | | | | |cdhash| | X | | | | |
|chrome-extension-id| | | | | | |
|comment| X | X | X | X | X | X | |comment| X | X | X | X | X | X |
|community-id| | | | X | | | |community-id| | | | X | | |
|cookie| | X | | | | | |cookie| | X | | | | |
@ -185,6 +186,7 @@
|campaign-name| | | | | | | |campaign-name| | | | | | |
|cc-number| | | | | | | |cc-number| | | | | | |
|cdhash| | | X | X | | | |cdhash| | | X | X | | |
|chrome-extension-id| | | X | X | | |
|comment| X | X | X | X | X | X | |comment| X | X | X | X | X | X |
|community-id| X | | | | | | |community-id| X | | | | | |
|cookie| X | | | | | | |cookie| X | | | | | |
@ -351,6 +353,7 @@
|campaign-name| | | | | |campaign-name| | | | |
|cc-number| | | | | |cc-number| | | | |
|cdhash| | | | | |cdhash| | | | |
|chrome-extension-id| | | | |
|comment| X | X | X | X | |comment| X | X | X | X |
|community-id| | | | | |community-id| | | | |
|cookie| | | | | |cookie| | | | |
@ -537,6 +540,7 @@
* **campaign-name**: Associated campaign name * **campaign-name**: Associated campaign name
* **cc-number**: Credit-Card Number * **cc-number**: Credit-Card Number
* **cdhash**: An Apple Code Directory Hash, identifying a code-signed Mach-O executable file * **cdhash**: An Apple Code Directory Hash, identifying a code-signed Mach-O executable file
* **chrome-extension-id**: Chrome extension id
* **comment**: Comment or description in a human language * **comment**: Comment or description in a human language
* **community-id**: a community ID flow hashing algorithm to map multiple traffic monitors into common flow id * **community-id**: a community ID flow hashing algorithm to map multiple traffic monitors into common flow id
* **cookie**: HTTP cookie as often stored on the user web client. This can include authentication cookie or session cookie. * **cookie**: HTTP cookie as often stored on the user web client. This can include authentication cookie or session cookie.

4
using-the-system/README.md
View File

@ -112,7 +112,7 @@ Templates are devided into sections, with each section having a title and a desc
* **Field**: The name of the field along with an indication if the field is mandatory. * **Field**: The name of the field along with an indication if the field is mandatory.
* **Description**: A short description of the field. * **Description**: A short description of the field.
* **Types**: The value(s) that are valid for the field. In the case of several types being shown here, you can enter value(s) matching any one of the types, or in the case of a batch import field, any mixture of the given types. * **Types**: The value(s) that are valid for the field. In the case of several types being shown here, you can enter value(s) matching any one of the types, or in the case of a batch import field, any mixture of the given types.
* **Text field**: This field can either be a single line textfield or a multi-line text area. For the former, enter a single value of the above indicated type, whilst for the latter you cna paste a list of values separated by line-breaks. * **Text field**: This field can either be a single line textfield or a multi-line text area. For the former, enter a single value of the above indicated type, whilst for the latter you can paste a list of values separated by line-breaks.
### Freetext Import Tool ### Freetext Import Tool
@ -175,7 +175,7 @@ The result will be a list of attributes that get added to the currently selected
### Adding IOCs from a PDF report ### Adding IOCs from a PDF report
You can You can use a generic script called [IOC parser](https://github.com/armbues/ioc_parser) or use a script published by Palo Alto to convert IOC parser output to a MISP event: [report_to_misp] (https://github.com/PaloAltoNetworks-BD/report_to_misp/). You can use a generic script called [IOC parser](https://github.com/armbues/ioc_parser) or use a script published by Palo Alto to convert IOC parser output to a MISP event: [report_to_misp] (https://github.com/PaloAltoNetworks-BD/report_to_misp/).
### Publish an event ### Publish an event