MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Update CONTRIBUTE.md

pull/1014/head
Alexandre Dulaunoy 2024-08-19 18:05:12 +02:00 committed by GitHub
parent 8b29b49593
commit 1ae59fb203
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
CONTRIBUTE.md
View File

@ -1,12 +1,27 @@
## How to contribute?
In the world of threat intelligence, there are many different models or approaches to order, classify or describe threat actors, threats or activity groups. We welcome new ways of describing threat intelligence
as the galaxy model allows to reuse the ones you use or trust for your organization or community.
In the world of threat intelligence, various models and approaches exist to categorize, classify, or describe threat actors, threats, or activity groups. We welcome new methodologies for describing threat intelligence, as the galaxy model allows you to integrate the ones you rely on or trust for your organization or community.
Fork the project, update or create elements or clusters and make a pull-request.
Feel free to fork the project, update or create new elements or clusters, and submit a pull request.
We recommend to validate the JSON file using [jq](https://stedolan.github.io/jq/) and [validate_all.sh](https://github.com/MISP/misp-galaxy/blob/master/validate_all.sh) before doing a pull-request.
### Recommendations per Galaxy Cluster
If you want to contribute to an existing galaxy cluster, we advise you to review some of the guidelines:
- If the galaxy is automatically generated from an original source (e.g., MITRE ATT&CK or similar), we recommend using the associated tools available in [./tools](https://github.com/MISP/misp-galaxy/tree/main/tools) to update and generate the galaxy.
- If the galaxy is manually maintained in this repository, such as the [threat-actor](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json) cluster, you can directly update the JSON cluster, use [jq_all_the_things](https://github.com/MISP/misp-galaxy/blob/main/jq_all_the_things.sh), and make a pull request (PR).
#### Meta and Recommendations for Specific Clusters
##### `threat-actor` MISP Galaxy
- `refs` is an array of referenced URLs. We strongly recommend using the original source for the reference cluster. If you have additional URLs (not the original reference to the threat-actor name), we recommend using `additional_refs`.
- Every meta field starting with `cfr-` must be related to information found on cfr.org.
- `attribution-confidence` is the confidence level for the threat actor's country of origin. The value ranges between `0` and `100`. By default, it's set to `50`.
### Dependencies for testing your contributions
To create your own Galaxies the following tools are needed to run the validation scripts.