MISP decaying models
Go to file
Alexandre Dulaunoy f1b974790f
chg: [doc] screenshots-are-cool(tm)
2020-01-07 15:52:18 +01:00
models new: [vishing-model] Simple model to rapidly decay voice scamming, vishing relying on phone-numbers. 2020-01-07 15:48:44 +01:00
LICENSE.md chg: [release] add the NIDS decaying model, clarify license and add some documentation. 2019-08-27 08:37:32 +02:00
README.md chg: [doc] screenshots-are-cool(tm) 2020-01-07 15:52:18 +01:00
jq_all_the_things.sh chg: [release] add the NIDS decaying model, clarify license and add some documentation. 2019-08-27 08:37:32 +02:00

README.md

MISP Decaying Models

Starting from MISP 2.4.114, a decaying feature is available to apply decaying on attributes in your MISP instance. MISP comes with a set of default decaying models which can be customised by the users. This repository contains all the default models.

For more information about decaying and expiring attributes/indicators in MISP, the training materials MISP and Decaying of Indicators is a good start.

Simulate decaying in MISP threat intelligence platform Overlay of decaying per model in the event/attribute view of MISP

Models

  • nids-simple-model - Simple decaying model for Network Intrusion Detection System (NIDS).
  • phishing-model - Simple model to rapidly decay phishing website.
  • vishing-model - Simple model to rapidly decay voice scamming, vishing relying on phone-numbers.

How to contribute your decaying model?

It's very easy. Fork the repository, create a new JSON file with your model and make a pull-request.

License

The MISP decaying models are dual-licensed under CC-0 and a simple 2-clause BSD license.