MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

features page fixes

pull/5/head
Alexandre Dulaunoy 2018-04-25 07:34:43 +02:00
parent 1071f05ac1
commit 8e42998509
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
features.html
View File

@ -21,22 +21,22 @@ Discover how MISP is used today in multiple organisations. Not only to store, sh
<span class="image featured"><img src="{{ site.baseurl }}/assets/images/banner.jpg" alt="" /></span>
<ul>
<li> An <strong>efficient IoC and indicators</strong> database allowing to store technical and non-technical information about malware samples, incidents, attackers and intelligence.
<li> Automatic <strong>correlation</strong> finding relationships between attributes and indicators from malware, attacks campaigns or analysis.
<li> A flexible data model where complex <a href="/objects.html">objects</a> can be expressed and <a href="/objects.html#_relationships">linked together</a> to express threat intelligence, incidents or connected elements.
<li> Built-in <strong>sharing functionality</strong> to ease data sharing using different model of distributions. MISP can synchronize automatically events and attributes among different MISP. Advanced filtering functionalities can be used to meet each organization sharing policy including a <strong>flexible sharing group</strong> capacity and an attribute level distribution mechanisms.
<li> An <strong>intuitive user-interface</strong> for end-users to create, update and collaborate on events and attributes/indicators. A <strong>graphical interface</strong> to navigate seamlessly between events and their correlations. Advanced filtering functionalities and <a href="https://github.com/MISP/misp-warninglists">warning list</a> to help the analysts to contribute events and attributes.
<li> <strong>storing data</strong> in a structured format (allowing automated use of the database for various purposes) with an extensive support of cyber security indicators along fraud indicators as in the financial sector.
<li> <strong>export</strong>: generating IDS (Suricata, Snort and Bro are supported by default), OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools)
<li> <strong>import</strong>: bulk-import, batch-import, free-text import, import from OpenIOC, GFI sandbox, ThreatConnect CSV or MISP format.
<li> Flexible <strong>free text import</strong> tool to ease the integration of unstructured reports into MISP.
<li> A gentle system to <strong>collaborate</strong> on events and attributes allowing MISP users to propose changes or updates to attributes/indicators.
<li> <strong>data-sharing</strong>: automatically exchange and synchronization with other parties and trust-groups using MISP.
<li> An <strong>efficient IoC and indicators</strong> database allowing to store technical and non-technical information about malware samples, incidents, attackers and intelligence.</li>
<li> Automatic <strong>correlation</strong> finding relationships between attributes and indicators from malware, attacks campaigns or analysis.</li>
<li> A flexible data model where complex <a href="/objects.html">objects</a> can be expressed and <a href="/objects.html#_relationships">linked together</a> to express threat intelligence, incidents or connected elements.</li>
<li> Built-in <strong>sharing functionality</strong> to ease data sharing using different model of distributions. MISP can synchronize automatically events and attributes among different MISP. Advanced filtering functionalities can be used to meet each organization sharing policy including a <strong>flexible sharing group</strong> capacity and an attribute level distribution mechanisms.</li>
<li> An <strong>intuitive user-interface</strong> for end-users to create, update and collaborate on events and attributes/indicators. A <strong>graphical interface</strong> to navigate seamlessly between events and their correlations. Advanced filtering functionalities and <a href="https://github.com/MISP/misp-warninglists">warning list</a> to help the analysts to contribute events and attributes.</li>
<li> <strong>storing data</strong> in a structured format (allowing automated use of the database for various purposes) with an extensive support of cyber security indicators along fraud indicators as in the financial sector.</li>
<li> <strong>export</strong>: generating IDS (Suricata, Snort and Bro are supported by default), OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools)</li>
<li> <strong>import</strong>: bulk-import, batch-import, free-text import, import from OpenIOC, GFI sandbox, ThreatConnect CSV or MISP format.</li>
<li> Flexible <strong>free text import</strong> tool to ease the integration of unstructured reports into MISP.</li>
<li> A gentle system to <strong>collaborate</strong> on events and attributes allowing MISP users to propose changes or updates to attributes/indicators.</li>
<li> <strong>data-sharing</strong>: automatically exchange and synchronization with other parties and trust-groups using MISP.</li>
<li> <strong>feed import</strong>: flexible tool to import and integrate MISP <a href="/feeds/">feed</a> and any threatintel or OSINT feed from third parties. Many <a href="/feeds/">default feeds</a> are included in standard MISP installation.</li>
<li> <strong>delegating of sharing</strong>: allows a simple pseudo-anonymous mechanism to delegate publication of event/indicators to another organization.
<li> Flexible <strong>API</strong> to integrate MISP with your own solutions. MISP is bundled with <a href="https://github.com/MISP/PyMISP">PyMISP</a> which is a flexible Python Library to fetch, add or update events attributes, handle malware samples or search for attributes.
<li> <strong>Adjustable taxonomy</strong> to classify and tag events following your own classification schemes or <a href="https://github.com/MISP/misp-taxonomies">existing taxonomies</a>. The taxonomy can be local to your MISP but also shareable among MISP instances. MISP comes with a default set of well-known <a href="/taxonomies.html">taxonomies and classification schemes</a> to support standard classification as used by ENISA, Europol, DHS, CSIRTs or many other organisations.
<li> <strong>Intelligence vocabularies</strong> called MISP galaxy and bundled with existing <a href="galaxy.html">threat actors, malware, RAT, ransomware or MITRE ATT&CK</a> which can be easily linked with events in MISP.
<li> <strong>delegating of sharing</strong>: allows a simple pseudo-anonymous mechanism to delegate publication of event/indicators to another organization.</li>
<li> Flexible <strong>API</strong> to integrate MISP with your own solutions. MISP is bundled with <a href="https://github.com/MISP/PyMISP">PyMISP</a> which is a flexible Python Library to fetch, add or update events attributes, handle malware samples or search for attributes.</li>
<li> <strong>Adjustable taxonomy</strong> to classify and tag events following your own classification schemes or <a href="https://github.com/MISP/misp-taxonomies">existing taxonomies</a>. The taxonomy can be local to your MISP but also shareable among MISP instances. MISP comes with a default set of well-known <a href="/taxonomies.html">taxonomies and classification schemes</a> to support standard classification as used by ENISA, Europol, DHS, CSIRTs or many other organisations.</li>
<li> <strong>Intelligence vocabularies</strong> called MISP galaxy and bundled with existing <a href="galaxy.html">threat actors, malware, RAT, ransomware or MITRE ATT&CK</a> which can be easily linked with events in MISP.</li>
<li> <strong>Expansion modules in Python</strong> to expand MISP with your own services or activate already available <a href="https://github.com/MISP/misp-modules">misp-modules</a>.
<li> <strong>Sighting support</strong> to get observations from organizations concerning shared indicators and attributes. Sighting <a href="https://www.circl.lu/doc/misp/automation/index.html#sightings-api">can be contributed</a> via MISP user-interface, API as MISP document or STIX sighting documents. Starting with MISP 2.4.66, <a href="https://www.misp.software/2017/02/16/Sighting-The-Next-Level.html">Sighting has been extended</a> to support false-negative sighting or expiration sighting.</li>
<li> <strong>STIX support</strong>: export data in the STIX format (XML and JSON) including export in STIX 2.0 format.</li>