MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [personas] minor fixes + some links added

pull/257/head
Alexandre Dulaunoy 2021-03-27 11:09:43 +01:00
parent 620a6a55c5
commit d1ccce593d
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
user-personas/README.md
View File

@ -261,17 +261,17 @@ Disinformation researcher and journalist
#### She uses MISP to:
- Write/read event reports, create misinformation events using relevant techniques found in a report or sighting.
- Join sharing groups and communities (e.g Cogsec Collab) that connect misinformation researchers and responders, share incident data with organizations focusing on response and counter-campaigns.
- Join sharing groups and communities (e.g [Cogsec Collab](https://www.misp-project.org/2020/03/26/cogsec-collab-misp-community.html)) that connect misinformation researchers and responders, share incident data with organizations focusing on response and counter-campaigns.
- Integrate with the AM!TT Framework (as a galaxy) in order to describe misinformation tactics/techniques, break an incident into techniques that can be analyzed/countered, and check for disinformation through mapping.
- Monitor feeds, investigate disinformation using shared indicators in feeds, generate structured intelligence using the automated correlation engine, and decide if there are any falsehoods in data.
- Enrich threat data by adding object types, new relationship types (to make the graphs that users can traverse in MISP richer), and taxonomies to cover things like types of threat actors.
- Monitor feeds, investigate disinformation using shared indicators in feeds, generate structured intelligence using the automated correlation engine, and decide if there are any falsehoods in data.
- Enrich threat data by adding object types, new relationship types (to make the graphs that users can traverse in MISP richer), and taxonomies to cover things like types of threat actors.
- Classify events, indicators, and threats using taxonomies (such as the Admiralty Scale taxonomy), which ranks the reliability of a source and the credibility of the information.
#### Her objectives are to:
- Distill essential information from a large piece of data, making it clear to the reader what really matters.
- Integrate MISP with TheHive for enhanced disinformation investigation and reporting.
- Verify that an article (or image, video, etc) doesnt contain disinformation and verify that a source (publisher, domain, etc) doesnt distribute disinformation.
- Extend MISP for disinformation, adding object types for incidents and narratives, and using AMITT for attack patterns.
- Extend MISP for disinformation, adding object types for incidents and narratives, and using [AMITT](https://www.misp-project.org/galaxy.html#_misinformation_pattern) for attack patterns.
## Other personas
Malcolm represents users that we care about but aren't so important to us.
@ -293,7 +293,7 @@ Data Scientist
#### His primary goals are to:
- Develop tools to help businesses detect threats so they can develop solid plans of action and better protect themselves.
- Make predictions, perform data analysis, and detect patterns in data.
- Support the threat analysis team with the development of new and innovative ways of extracting insight from large sets of structured and unstructured data.
- Support the threat analysis team with the development of new and innovative ways of extracting insight from large sets of structured and unstructured data.
- Translate complex data into relevant insights and visualize information.
#### He uses MISP to: