mirror of https://github.com/MISP/misp-book
new: [doc] Added a few more GLOSSARY Items
new: [doc] Added External Connector pagespull/150/head
parent
20c4e1cb0d
commit
e3aa4894b6
|
|
@ -39,6 +39,9 @@ Attributes in MISP can be network indicators (e.g. IP address), system indicator
|
||||||
◦ An IDS flag on an attribute allows to determine if an attribute can be automated (such as being exported as an IDS ruleset or used for detection). If the IDS flag is not present, the attribute
|
◦ An IDS flag on an attribute allows to determine if an attribute can be automated (such as being exported as an IDS ruleset or used for detection). If the IDS flag is not present, the attribute
|
||||||
can be useful for contextualisation only.
|
can be useful for contextualisation only.
|
||||||
|
|
||||||
|
## Observable
|
||||||
|
Some other SIEMs or formats (STIX) use the term observable. This is the same as an attribute in MISP-speak.
|
||||||
|
|
||||||
## MISP Event
|
## MISP Event
|
||||||
MISP events are encapsulations for contextually linked information
|
MISP events are encapsulations for contextually linked information
|
||||||
|
|
||||||
|
|
@ -149,6 +152,11 @@ You can add new Roles depending on your use case. The following permissions can
|
||||||
## Scheduled Tasks
|
## Scheduled Tasks
|
||||||
Certain common tasks can be scheduled for a later execution or for regular recurring executions. These tasks currently include caching all of the export formats, pulling from all eligible instances and pushing to all eligible instances.
|
Certain common tasks can be scheduled for a later execution or for regular recurring executions. These tasks currently include caching all of the export formats, pulling from all eligible instances and pushing to all eligible instances.
|
||||||
|
|
||||||
|
## Standard MISP Install
|
||||||
|
Any MISP instance install that is strongly aligned with our [official install guides](https://misp.github.io/MISP/).
|
||||||
|
This is mostly to make sure you have a similar folder structure, /var/www/MISP for an Ubuntu Server Install.
|
||||||
|
It will also be easier to debug any Web Server issues or other system related problems.
|
||||||
|
|
||||||
## Sync User
|
## Sync User
|
||||||
A user of a role that grants sync permissions, these users (and their authentication keys) are used to serve as the points of connection between instances. Events pushed to an instance are pushed to a sync user, who then creates the events on the remote instance. Events pulled are added by the sync user that is used to connect the remote instance to your instance. As an administrator, keep in mind that a sync user needs auth key and publish permissions, has to have undergone the mandatory password change and has to have accepted the Terms of Use in order for the sync to work. Please make sure that all of these steps are taken before attempting to push or pull.
|
A user of a role that grants sync permissions, these users (and their authentication keys) are used to serve as the points of connection between instances. Events pushed to an instance are pushed to a sync user, who then creates the events on the remote instance. Events pulled are added by the sync user that is used to connect the remote instance to your instance. As an administrator, keep in mind that a sync user needs auth key and publish permissions, has to have undergone the mandatory password change and has to have accepted the Terms of Use in order for the sync to work. Please make sure that all of these steps are taken before attempting to push or pull.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -20,9 +20,10 @@
|
||||||
* [Sightings](sightings/README.md) - in progress
|
* [Sightings](sightings/README.md) - in progress
|
||||||
* [Warning lists](warninglists/README.md) - in progress
|
* [Warning lists](warninglists/README.md) - in progress
|
||||||
* [Notice lists](noticelists/README.md) - in progress
|
* [Notice lists](noticelists/README.md) - in progress
|
||||||
* [Modules](modules/README.md) - in progress
|
|
||||||
* [Categories and Types](categories-and-types/README.md)
|
* [Categories and Types](categories-and-types/README.md)
|
||||||
* [Synchronisation/Sharing](sharing/README.md)
|
* [Synchronisation/Sharing](sharing/README.md)
|
||||||
|
* [External Connectors](connectors/README.md)
|
||||||
|
* [Modules](modules/README.md) - in progress
|
||||||
* [ZeroMQ - MISP publish-subscribe](misp-zmq/README.md)
|
* [ZeroMQ - MISP publish-subscribe](misp-zmq/README.md)
|
||||||
* [Translations - i18n & l10n](translation/README.md)
|
* [Translations - i18n & l10n](translation/README.md)
|
||||||
* [FAQ](faq/README.md)
|
* [FAQ](faq/README.md)
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,7 @@
|
||||||
|
# External Connectors
|
||||||
|
|
||||||
|
Below you will find various tweaks and tips when integrating 3rd party connectors.
|
||||||
|
|
||||||
|
## Microsoft Azure Sentinel
|
||||||
|
|
||||||
|
[Azure Sentinel](https://azure.microsoft.com/en-us/services/azure-sentinel/)
|
||||||
Loading…
Reference in New Issue