chg: [features] updated

iglocska-patch-1
Alexandre Dulaunoy 2019-04-13 15:31:32 +02:00
parent 23cb4ba403
commit 28c2d17ec5
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 11 additions and 11 deletions

View File

@ -16,7 +16,7 @@ layout: default
<h2>Features of MISP, the open source threat sharing platform.</h2> <h2>Features of MISP, the open source threat sharing platform.</h2>
<p>A threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. <p>A threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.
Discover how MISP is used today in multiple organisations. Not only to store, share, collaborate on cyber security indicators, malware analysis, but also to use the IoCs and information to detect and prevent attacks or threats against ICT infrastructures, organisations or people. </p> Discover how MISP is used today in multiple organisations. Not only to store, share, collaborate on cyber security indicators, malware analysis, but also to use the IoCs and information to detect and prevent attacks, frauds or threats against ICT infrastructures, organisations or people. </p>
</header> </header>
<span class="image featured"><img src="{{ site.baseurl }}/assets/images/banner.jpg" alt="" /></span> <span class="image featured"><img src="{{ site.baseurl }}/assets/images/banner.jpg" alt="" /></span>
@ -35,22 +35,22 @@ Discover how MISP is used today in multiple organisations. Not only to store, sh
<li> <strong>feed import</strong>: flexible tool to import and integrate MISP <a href="/feeds/">feed</a> and any threatintel or OSINT feed from third parties. Many <a href="/feeds/">default feeds</a> are included in standard MISP installation.</li> <li> <strong>feed import</strong>: flexible tool to import and integrate MISP <a href="/feeds/">feed</a> and any threatintel or OSINT feed from third parties. Many <a href="/feeds/">default feeds</a> are included in standard MISP installation.</li>
<li> <strong>delegating of sharing</strong>: allows a simple pseudo-anonymous mechanism to delegate publication of event/indicators to another organization.</li> <li> <strong>delegating of sharing</strong>: allows a simple pseudo-anonymous mechanism to delegate publication of event/indicators to another organization.</li>
<li> Flexible <strong>API</strong> to integrate MISP with your own solutions. MISP is bundled with <a href="https://github.com/MISP/PyMISP">PyMISP</a> which is a flexible Python Library to fetch, add or update events attributes, handle malware samples or search for attributes.</li> <li> Flexible <strong>API</strong> to integrate MISP with your own solutions. MISP is bundled with <a href="https://github.com/MISP/PyMISP">PyMISP</a> which is a flexible Python Library to fetch, add or update events attributes, handle malware samples or search for attributes.</li>
<li> <strong>Adjustable taxonomy</strong> to classify and tag events following your own classification schemes or <a href="https://github.com/MISP/misp-taxonomies">existing taxonomies</a>. The taxonomy can be local to your MISP but also shareable among MISP instances. MISP comes with a default set of well-known <a href="/taxonomies.html">taxonomies and classification schemes</a> to support standard classification as used by ENISA, Europol, DHS, CSIRTs or many other organisations.</li> <li> <strong>adjustable taxonomy</strong> to classify and tag events following your own classification schemes or <a href="https://github.com/MISP/misp-taxonomies">existing taxonomies</a>. The taxonomy can be local to your MISP but also shareable among MISP instances. MISP comes with a default set of well-known <a href="/taxonomies.html">taxonomies and classification schemes</a> to support standard classification as used by ENISA, Europol, DHS, CSIRTs or many other organisations.</li>
<li> <strong>Intelligence vocabularies</strong> called MISP galaxy and bundled with existing <a href="galaxy.html">threat actors, malware, RAT, ransomware or MITRE ATT&CK</a> which can be easily linked with events in MISP.</li> <li> <strong>intelligence vocabularies</strong> called MISP galaxy and bundled with existing <a href="galaxy.html">threat actors, malware, RAT, ransomware or MITRE ATT&CK</a> which can be easily linked with events in MISP.</li>
<li> <strong>Expansion modules in Python</strong> to expand MISP with your own services or activate already available <a href="https://github.com/MISP/misp-modules">misp-modules</a>. <li> <strong>expansion modules in Python</strong> to expand MISP with your own services or activate already available <a href="https://github.com/MISP/misp-modules">misp-modules</a>.
<li> <strong>Sighting support</strong> to get observations from organizations concerning shared indicators and attributes. Sighting <a href="https://www.circl.lu/doc/misp/automation/index.html#sightings-api">can be contributed</a> via MISP user-interface, API as MISP document or STIX sighting documents. Starting with MISP 2.4.66, <a href="https://www.misp.software/2017/02/16/Sighting-The-Next-Level.html">Sighting has been extended</a> to support false-negative sighting or expiration sighting.</li> <li> <strong>sighting support</strong> to get observations from organizations concerning shared indicators and attributes. Sighting <a href="https://www.circl.lu/doc/misp/automation/index.html#sightings-api">can be contributed</a> via MISP user-interface, API as MISP document or STIX sighting documents. Starting with MISP 2.4.66, <a href="https://www.misp.software/2017/02/16/Sighting-The-Next-Level.html">Sighting has been extended</a> to support false-negative sighting or expiration sighting.</li>
<li> <strong>STIX support</strong>: export data in the STIX format (XML and JSON) including export in STIX 2.0 format.</li> <li> <strong>STIX support</strong>: export data in the STIX format (XML and JSON) including export/import in STIX 2.0 format.</li>
<li> <strong>Integrated encryption and signing of the notifications</strong> via PGP and/or S/MIME depending of the user preferences.</li> <li> <strong>integrated encryption and signing of the notifications</strong> via PGP and/or S/MIME depending of the user preferences.</li>
</ul> </ul>
<h3>Sharing with humans</h3> <h3>Sharing with humans</h3>
<p>Data you store is immediately available to your <b>colleagues</b> and <b>partners</b>. Store the event id in your ticketing system or be informed by the signed and encrypted email notifications.<p> <p>Data you store is immediately available to your <b>colleagues</b> and <b>partners</b>. Store the event id in your ticketing system or be informed by the signed and encrypted email notifications.<p>
<h3>Sharing with machines</h3> <h3>Sharing with machines</h3>
<p>By generating <b>Snort/Suricata IDS rules, STIX, OpenIOC</b>, text or csv exports MISP allows you to <b>automatically</b> import data in your detection systems resulting in <b>better and faster detection</b> of intrusions.</p> <p>By generating <b>Snort/Suricata/Bro/Zeek IDS rules, STIX, OpenIOC</b>, text or csv exports MISP allows you to <b>automatically</b> import data in your detection systems resulting in <b>better and faster detection</b> of intrusions.</p>
<p>Importing data can also be done in various ways: <b>free-text import, OpenIOC, batch import</b>, sandbox result import (Joe Sandbox and GFI SandBox) or using the preconfigured or <b>custom templates</b>.</p> <p>Importing data can also be done in various ways: <b>free-text import, OpenIOC, batch import</b>, sandbox result import or using the preconfigured or <b>custom templates</b>.</p>
<p>If you run MISP internally, data can also be uploaded and downloaded automagically <b>from and to externally hosted MISP instances</b>. Thanks to this automation and the effort of others you are now in possession of valuable indicators of compromise with no additional work. </p> <p>If you run MISP internally, data can also be uploaded and downloaded automagically <b>from and to externally hosted MISP instances</b>. Thanks to this automation and the effort of others you are now in possession of valuable indicators of compromise with no additional work. </p>
<h3>Collaborative sharing of analysis and correlation</h3> <h3>Collaborative sharing of analysis and correlation</h3>
<p>How often has your team analyzed to realise at the end that a <b>colleague had already worked on another, similar, sample</b>? Or that an external report has already been made? </p> <p>How often has your team analyzed to realise at the end that a <b>colleague had already worked on another, similar, threat</b>? Or that an external report has already been made? </p>
<p> <p>
When new data is added MISP will immediately show <b>relations with other observables and indicators</b>. This results in more efficient analysis, but also allows you to have a better picture of the TTPs, related campaigns and attribution.</p> When new data is added MISP will immediately show <b>relations with other observables and indicators</b>. This results in more efficient analysis, but also allows you to have a better picture of the TTPs, related campaigns and attribution.</p>
<p>The <b>discussion</b> feature will also enable conversations between multiple analysts resulting in <b>win-win</b> for everyone.</p> <p>The <b>discussion</b> feature will also enable conversations between multiple analysts resulting in <b>win-win</b> for everyone.</p>