mirror of https://github.com/MISP/misp-book
misp galaxy new clusters added
parent
2c8098db10
commit
b3770656bd
|
|
@ -24,7 +24,7 @@ For this example, we will try to add a cluster to an existing event. This cluste
|
|||
|
||||
|
||||
|
||||
Here on the event view, we notice a blue frame under the metadatas with the title "Galaxies" and a button "Add new cluster". Let's click on the latter to begin.
|
||||
Here on the event view, we notice a blue frame under the metadatas with the title "Galaxies" and a button "Add new cluster". Let's click on the latter to begin.
|
||||
|
||||
|
||||
|
||||
|
|
@ -32,7 +32,7 @@ A popup will appear proposising to explore a particular galaxy or all at the sam
|
|||
|
||||
|
||||
|
||||
Wait. No Sneaky Panda? Hm that's strange. Or maybe it is only registred as a alias. Let's have a look! To do so we will use the search field which stay on top of the list. So what do we get? Beijing Group, is it an alias of our threat actor.
|
||||
Wait. No Sneaky Panda? Hm that's strange. Or maybe it is only registred as a alias. Let's have a look! To do so we will use the search field which stay on top of the list. So what do we get? Beijing Group, is it an alias of our threat actor.
|
||||
|
||||
|
||||
|
||||
|
|
@ -52,18 +52,22 @@ Clicking on the addition symbole on the left of Beijing Group extends the module
|
|||
|
||||
#### Clusters
|
||||
|
||||
[Microsoft Activity Group](https://github.com/MISP/misp-galaxy/blob/master/clusters/microsoft-activity-group.json) - Activity groups as described by Microsoft
|
||||
[Exploit-kit](https://github.com/MISP/misp-galaxy/blob/master/clusters/exploit-kit.json) - Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits. It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years.
|
||||
|
||||
[Microsoft Activity Group](https://github.com/MISP/misp-galaxy/blob/master/clusters/microsoft-activity-group.json) - Activity groups as described by Microsoft.
|
||||
|
||||
[TDS - Traffic Direction System](clusters/tds.json) - TDS is a list of Traffic Direction System used by adversaries.
|
||||
|
||||
[Threats Actors](https://github.com/MISP/misp-galaxy/blob/master/clusters/threat-actor.json) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. Threat actors are characteristics of malicious actors (or adversaries) representing a cyber attack threat including presumed intent and historically observed behaviour.
|
||||
|
||||
[Tools](https://github.com/MISP/misp-galaxy/blob/master/clusters/tool.json) - Enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.
|
||||
[Tools](https://github.com/MISP/misp-galaxy/blob/master/clusters/tool.json) - Enumeration of software tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.
|
||||
|
||||
|
||||
#### Vocabularies
|
||||
|
||||
##### Common
|
||||
##### Common
|
||||
[certainty-level]
|
||||
(https://github.com/MISP/misp-galaxy/blob/master/vocabularies/common/certainty-level.json) -
|
||||
(https://github.com/MISP/misp-galaxy/blob/master/vocabularies/common/certainty-level.json) -
|
||||
Certainty level of an associated element or cluster
|
||||
|
||||
##### threat-actor
|
||||
|
|
@ -77,5 +81,3 @@ Certainty level of an associated element or cluster
|
|||
(https://github.com/MISP/misp-galaxy/blob/master/vocabularies/threat-actor/sophistication.json) - default STIX vocabulary for expressing the subjective level of sophistication of a threat actor.
|
||||
[type]
|
||||
(https://github.com/MISP/misp-galaxy/blob/master/vocabularies/threat-actor/type.json) - default STIX vocabulary for expressing the subjective type of a threat actor.
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue