MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-book/warninglists
History
Jeroen Pinoy fa77c46402 chg: fix #141 - 404s found by old linkchecker run 2021-02-20 13:33:54 +01:00
..
figures chg: fix #141 - 404s found by old linkchecker run 2021-02-20 13:33:54 +01:00
README.md Moves Warning List information from taxonomy page. 2018-09-07 14:41:09 +02:00

README.md

MISP warninglists

MISP warninglists are lists of well-known indicators that can be associated to potential false positives, errors or mistakes. There is a Python module available to work with warninglists in a Pythonic way called PyMISPWarningLists. MISP warninglists GitHub Repo

MISP warning lists: The dilemma of false-positive

  • False-positive is a common issue in threat intelligence sharing.

  • Its often a contextual issue:

    • false-positive might be different per community of users sharing information.

    • organization might have their own view on false-positive.

  • Based on the success of the MISP taxonomy model, we build misp-warninglists. They are lists of well-known indicators that can be associated to potential false positives, errors or mistakes. They are Simple JSON files.

MISP warning lists

The warning lists are integrated in MISP to display an info/warning box at the event and attribute level. This can be enabled at MISP instance level. Default warning lists can be enabled or disabled like known public resolver, multicast IP addresses, hashes for empty values, rfc1918, TLDs or known google domains. The warning lists can be expanded or added in JSON locally or via pull requests (https://github.com/MISP/misp-warninglists). Warning lists can be also used for critical or core infrastructure warning, personally identifiable information...