MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

new: [doc] Added a few more GLOSSARY Items 

new: [doc] Added External Connector pages
pull/150/head
Steve Clement 2019-04-12 18:58:42 +09:00
parent 20c4e1cb0d
commit e3aa4894b6
3 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
GLOSSARY.md
View File

@ -39,6 +39,9 @@ Attributes in MISP can be network indicators (e.g. IP address), system indicator
◦ An IDS flag on an attribute allows to determine if an attribute can be automated (such as being exported as an IDS ruleset or used for detection). If the IDS flag is not present, the attribute
can be useful for contextualisation only.
## Observable
Some other SIEMs or formats (STIX) use the term observable. This is the same as an attribute in MISP-speak.
## MISP Event
MISP events are encapsulations for contextually linked information
@ -149,6 +152,11 @@ You can add new Roles depending on your use case. The following permissions can
## Scheduled Tasks
Certain common tasks can be scheduled for a later execution or for regular recurring executions. These tasks currently include caching all of the export formats, pulling from all eligible instances and pushing to all eligible instances.
## Standard MISP Install
Any MISP instance install that is strongly aligned with our [official install guides](https://misp.github.io/MISP/).
This is mostly to make sure you have a similar folder structure, /var/www/MISP for an Ubuntu Server Install.
It will also be easier to debug any Web Server issues or other system related problems.
## Sync User
A user of a role that grants sync permissions, these users (and their authentication keys) are used to serve as the points of connection between instances. Events pushed to an instance are pushed to a sync user, who then creates the events on the remote instance. Events pulled are added by the sync user that is used to connect the remote instance to your instance. As an administrator, keep in mind that a sync user needs auth key and publish permissions, has to have undergone the mandatory password change and has to have accepted the Terms of Use in order for the sync to work. Please make sure that all of these steps are taken before attempting to push or pull.

3
SUMMARY.md
View File

@ -20,9 +20,10 @@
* [Sightings](sightings/README.md) - in progress
* [Warning lists](warninglists/README.md) - in progress
* [Notice lists](noticelists/README.md) - in progress
* [Modules](modules/README.md) - in progress
* [Categories and Types](categories-and-types/README.md)
* [Synchronisation/Sharing](sharing/README.md)
* [External Connectors](connectors/README.md)
* [Modules](modules/README.md) - in progress
* [ZeroMQ - MISP publish-subscribe](misp-zmq/README.md)
* [Translations - i18n & l10n](translation/README.md)
* [FAQ](faq/README.md)

7
connectors/README.md Normal file
View File

@ -0,0 +1,7 @@
# External Connectors
Below you will find various tweaks and tips when integrating 3rd party connectors.
## Microsoft Azure Sentinel
[Azure Sentinel](https://azure.microsoft.com/en-us/services/azure-sentinel/)