MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

best practices in threat intelligence updated

pull/6/head
Alexandre Dulaunoy 2018-09-22 21:22:38 +02:00
parent 77e1a62dc9
commit c92fdb5cfd
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 902 additions and 306 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
best-practices-in-threat-intelligence.html
View File

@ -446,6 +446,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<ul class="sectlevel2">
<li><a href="#_improving_analysis">Improving Analysis</a></li>
<li><a href="#_what_to_share_or_what_counts_as_valuable_information">What To Share or What Counts As Valuable Information?</a></li>
<li><a href="#_expressing_confidence_in_an_analysis">Expressing confidence in an analysis</a></li>
</ul>
</li>
<li><a href="#_authors_and_contributors">Authors and Contributors</a></li>
@ -581,6 +582,68 @@ When asking for the support of the community, using a specific taxonomy such as
</div>
<div style="page-break-after: always;"></div>
</div>
<div class="sect2">
<h3 id="_expressing_confidence_in_an_analysis">Expressing confidence in an analysis</h3>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
Expressing the confidence or the lack of in an analysis is critical step to help a partner or a third-party to check your hypotheses and conclusions.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Analysis or reports are often shared with technical details but often lack the overall confidence level associated.</p>
</div>
<div class="paragraph">
<p>Adding confidence or estimative probability have multiple advantages such as:</p>
</div>
<div class="ulist">
<ul>
<li>
<p>Allowing receiving organisations to filter, classify and score the information in an automated way</p>
</li>
<li>
<p>Information with low-confidence can still be shared and reach communities or organisations interested in such information without impacting organisations filtering out by confidence level</p>
</li>
<li>
<p>Supporting counter and competitive analyses to validate hypotheses expressed in original reporting</p>
</li>
</ul>
</div>
<div class="paragraph">
<p>Complement analysis with contrary evidences is also very welcome to ensure the original analysis and the hypotheses evaluated.</p>
</div>
<div class="admonitionblock tip">
<table>
<tr>
<td class="icon">
<i class="fa icon-tip" title="Tip"></i>
</td>
<td class="content">
MISP taxonomies contain an exhaustive list of confidence levels including words of <a href="https://www.misp-project.org/taxonomies.html#_estimative_language">estimative probability</a> or confidence in analytic judgment.
</td>
</tr>
</table>
</div>
<div class="admonitionblock tip">
<table>
<tr>
<td class="icon">
<i class="fa icon-tip" title="Tip"></i>
</td>
<td class="content">
threat-intelligence.eu includes an overview of the <a href="https://www.threat-intelligence.eu/methodologies/">methodologies and process to support threat intelligence</a>.
</td>
</tr>
</table>
</div>
<div style="page-break-after: always;"></div>
</div>
</div>
</div>
<div class="sect1">
@ -618,7 +681,7 @@ When asking for the support of the community, using a specific taxonomy such as
</div>
<div id="footer">
<div id="footer-text">
Last updated 2018-07-01 17:39:08 CEST
Last updated 2018-09-22 21:21:07 CEST
</div>
</div>
</body>

1143
best-practices-in-threat-intelligence.pdf
View File

File diff suppressed because it is too large Load Diff