mirror of https://github.com/MISP/misp-book
Merge pull request #74 from morallo/patch-1
Clarify meaning of sighting as true positivepull/77/head
commit
cb8d25444d
|
@ -21,12 +21,12 @@ Sighting is applied to every attribute, under the column "Sightings", easily ide
|
||||||
![attribute](./figures/attributesighting.png)
|
![attribute](./figures/attributesighting.png)
|
||||||
|
|
||||||
These three values show respectively:
|
These three values show respectively:
|
||||||
- The number of sighting on the attribute, in green.
|
- The number of true positives detected with the attribute, in green. Malicious activity as described in the event.
|
||||||
- The number of times the attribute have been marked as false positive, in red.
|
- The number of times the attribute has been marked as false positive, in red. Non-malicious activity or incorrect detection.
|
||||||
- The number of different expiration dates that have been affected on this attribute, in orange
|
- The number of different expiration dates that have been affected on this attribute, in orange
|
||||||
|
|
||||||
Concerning the three icons:
|
Concerning the three icons:
|
||||||
- The first one (Thumb up) allows to add a sighting on an attribute.
|
- The first one (Thumb up) allows to add a sighting (true positive) on an attribute.
|
||||||
- The second one (Thumb down) allows to mark the attribute as a false positive.
|
- The second one (Thumb down) allows to mark the attribute as a false positive.
|
||||||
- The third one (Tool) opens a popup for advanced sightings, showing sightings details and allowing different actions.
|
- The third one (Tool) opens a popup for advanced sightings, showing sightings details and allowing different actions.
|
||||||
|
|
||||||
|
@ -60,4 +60,4 @@ Clicking on the tool will show sighting details for the whole event.
|
||||||
|
|
||||||
### Using sightings on an event (API)
|
### Using sightings on an event (API)
|
||||||
|
|
||||||
Please have a look at the [automation API](../automation/README.md#sightings-api)
|
Please have a look at the [automation API](../automation/README.md#sightings-api)
|
||||||
|
|
Loading…
Reference in New Issue