MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Automation added (original text to be fixed)

pull/1/head
Alexandre Dulaunoy 2016-07-23 21:39:17 +02:00
parent 222b766166
commit ca04848219
2 changed files with 63 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/images/misp/automation-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 78 KiB

13
features.html
View File

@ -39,6 +39,19 @@ Discover how MISP is used today in multiple organisations. Not only to store, sh
<li> <strong>STIX support</strong>: export data in the STIX format (XML and JSON).</li>
<li> <strong>Integrated encryption and signing of the notifications</strong> via PGP and/or S/MIME depending of the user preferences.</li>
</ul>
<h3>Sharing with humans</h3>
<p>Data you store is immediately available to your <b>colleagues</b> and <b>partners</b>. Store the event id in your ticketing system or be informed by the signed and encrypted email notifications.<p>
<h3>Sharing with machines</h3>
<p>By generating <b>Snort/Suricata IDS rules, STIX, OpenIOC</b>, text or csv exports MISP allows you to <b>automatically</b> import data in your detection systems resulting in <b>better and faster detection</b> of intrusions.</p>
<p>Importing data can also be done in various ways: <b>free-text import, OpenIOC, batch import</b>, sandbox result import (Joe Sandbox and GFI SandBox) or using the preconfigured or <b>custom templates</b>.</p>
<p>If you run MISP internally, data can also be uploaded and downloaded automagically <b>from and to externally hosted MISP instances</b>. Thanks to this automation and the effort of others you are now in possession of valuable indicators of compromise with no additional work. </p>
<h3>Collaborative sharing of analysis and correlation</h3>
<p>How often has your team analyzed to realise at the end that a <b>colleague had already worked on another, similar, sample</b>? Or that an external report has already been made? </p>
<p>
When new data is added MISP will immediately show <b>relations with other observables and indicators</b>. This results in more efficient analysis, but also allows you to have a better picture of the TTPs, related campaigns and attribution.</p>
<p>The <b>discussion</b> feature will also enable conversations between multiple analysts resulting in <b>win-win</b> for everyone.</p>
<span class="image featured"><img src="{{ site.baseurl }}/assets/images/misp/automation-icon.png" alt="" /></span>
</article>
</div>
</div>