Basic README added

2016-04-19 21:59:42 +02:00 · 2016-04-19 21:59:42 +02:00 · 20945ee47f
parent b5b5bffac0
commit 20945ee47f
1 changed files with 37 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,37 @@
+# misp-warninglist
+
+misp-warninglists are lists of well-known indicators that can be associated to potential false positives, errors or mistakes.
+
+The warning lists are integrated in MISP to display an info/warning box at the event and attribute level if such indicators
+are available in one of the list. The list can be globally enabled or disabled in MISP following the practices of the organization.
+
+# lists
+
+- [lists/empty-hashes](lists/empty-hashes) - hash values of empty files
+- [lists/public-dns](lists/public-dns) - IP addresses of public DNS resolver
+- [lists/rfc1918](lists/rfc1918) - RFC 1918 network subnets
+- [lists/tlds](lists/tlds) - top-level domains
+
+# Format of a warning list
+
+~~~~json
+{
+  "name": "List of known public DNS resolvers",
+  "version": 1,
+  "description": "Event contains one or more public DNS resolvers as attribute with an IDS flag set",
+  "matching_attributes": [
+    "ip-src",
+    "ip-dst"
+  ],
+  "list": [
+    "8.8.8.8",
+    "8.8.4.4",
+    "208.67.222.222",
+    "208.67.220.220",
+    "195.46.39.39",
+    "195.46.39.40"
+  ]
+}
+~~~~
+
+If matching_attributes are not set, the list is matched against any type of attributes.