MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Features updated (MISP is not only for IOC)

pull/2/head
Alexandre Dulaunoy 2017-11-05 11:56:51 +01:00
parent 5759b00bbd
commit 40474e83fe
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
features.html
View File

@ -14,20 +14,20 @@ layout: default
<article>
<header>
<h2>Features of MISP, the open source threat sharing platform.</h2>
<p>A platform for sharing, storing and correlating Indicators of Compromises of targeted attacks.
<p>A threat intelligence platform for sharing, storing and correlating Indicators of Compromises of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.
Discover how MISP is used today in multiple organisations. Not only to store, share, collaborate on malware, but also to use the IOCs to detect and prevent attacks. </p>
Discover how MISP is used today in multiple organisations. Not only to store, share, collaborate on cyber security indicators, malware analysis, but also to use the IOCs and information to detect and prevent attacks or threats against ICT infrastructures, organisations or people. </p>
</header>
<span class="image featured"><img src="{{ site.baseurl }}/assets/images/banner.jpg" alt="" /></span>
<ul>
<li> An <strong>efficient IOC and indicators</strong> database allowing to store technical and non-technical information about malware samples, incidents, attackers and intelligence.
<li> Automatic <strong>correlation</strong> finding relationships between attributes and indicators from malware, attacks campaigns or analysis.
<li> A flexible data model where complex <a href="/objects.html">objects</a> can be expressed and linked together to express threat intelligence, incidents or connected elements.
<li> A flexible data model where complex <a href="/objects.html">objects</a> can be expressed and <a href="/objects.html#_relationships">linked together</a> to express threat intelligence, incidents or connected elements.
<li> Built-in <strong>sharing functionality</strong> to ease data sharing using different model of distributions. MISP can synchronize automatically events and attributes among different MISP. Advanced filtering functionalities can be used to meet each organization sharing policy including a <strong>flexible sharing group</strong> capacity and an attribute level distribution mechanisms.
<li> An <strong>intuitive user-interface</strong> for end-users to create, update and collaborate on events and attributes/indicators. A <strong>graphical interface</strong> to navigate seamlessly between events and their correlations. Advanced filtering functionalities and <a href="https://github.com/MISP/misp-warninglists">warning list</a> to help the analysts to contribute events and attributes.
<li> <strong>storing data</strong> in a structured format (allowing automated use of the database for various purposes) with an extensive support of cyber security indicators along fraud indicators as in the financial sector.
<li> <strong>export</strong>: generating IDS, OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools)
<li> <strong>export</strong>: generating IDS (Suricata, Snort and Bro are supported by default), OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools)
<li> <strong>import</strong>: bulk-import, batch-import, free-text import, import from OpenIOC, GFI sandbox, ThreatConnect CSV or MISP format.
<li> Flexible <strong>free text import</strong> tool to ease the integration of unstructured reports into MISP.
<li> A gentle system to <strong>collaborate</strong> on events and attributes allowing MISP users to propose changes or updates to attributes/indicators.