From dd4493d76d3a2a70574f0f678ea28660ee9b19fc Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sun, 28 Feb 2016 09:24:57 +0100
Subject: [PATCH] First explanation

---
 README.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..438bb60
--- /dev/null
+++ b/README.md
@@ -0,0 +1,21 @@
+# misp-galaxy
+
+MISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or
+attributes. A cluster can be composed of one or more elements. Elements are expressed as key-values. There
+are default elements available in MISP galaxy but those can overwritten, replaced or updated as you wish.
+
+Existing clusters and elements can be used as-is or as a template.
+
+# Available clusters
+
+- [cluster/threat-actor.json](cluster/threat-actor.json) - Threat Actor
+
+# Available Elements
+
+- [elements/apt-groups.json](elements/apt-groups.json) - APT Groups - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.
+- [elements/threat-actor-intended-effect-vocabulary.json](elements/threat-actor-intended-effect-vocabulary.json) - The IntendedEffectVocab is the default STIX vocabulary for expressing the intended effect of a threat actor. STIX 1.2.1
+
+## How to contribute?
+
+Fork the project, update elements or clusters and make a pull-request.
+