MISP decaying models
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Alexandre Dulaunoy f1b974790f
chg: [doc] screenshots-are-cool(tm)
2 years ago
models new: [vishing-model] Simple model to rapidly decay voice scamming, vishing relying on phone-numbers. 2 years ago
LICENSE.md chg: [release] add the NIDS decaying model, clarify license and add some documentation. 2 years ago
README.md chg: [doc] screenshots-are-cool(tm) 2 years ago
jq_all_the_things.sh chg: [release] add the NIDS decaying model, clarify license and add some documentation. 2 years ago

README.md

MISP Decaying Models

Starting from MISP 2.4.114, a decaying feature is available to apply decaying on attributes in your MISP instance. MISP comes with a set of default decaying models which can be customised by the users. This repository contains all the default models.

For more information about decaying and expiring attributes/indicators in MISP, the training materials MISP and Decaying of Indicators is a good start.

Simulate decaying in MISP threat intelligence platform Overlay of decaying per model in the event/attribute view of MISP

Models

  • nids-simple-model - Simple decaying model for Network Intrusion Detection System (NIDS).
  • phishing-model - Simple model to rapidly decay phishing website.
  • vishing-model - Simple model to rapidly decay voice scamming, vishing relying on phone-numbers.

How to contribute your decaying model?

It's very easy. Fork the repository, create a new JSON file with your model and make a pull-request.

License

The MISP decaying models are dual-licensed under CC-0 and a simple 2-clause BSD license.