MISP Project @MISPProject@mastodon.opencloud.lu
- MISP web site
- https://www.misp-project.org/
- BlueBird
- https://twitter.com/MISPProject
MISP - Threat Sharing. An Open Source software and standards to share, create and validate threatintel and intelligence.
#Infosec #Security #OpenSource
Joined Jan 2019
did also a good one
Cool! Do you plan to use MISP objects in your feed?
feel free to comment. The decaying indicator functionality can be already a good basis.
Are your training courses shared online? It might be interesting for other MISP users too.
This sounds super cool. Having better integration between SIGMA and MISP is always useful. If we can help at some point, let us know.
If you haven't used a TIP yet, MISP is a great open source one to check out.
An advantage is to improve your team capabilities by being contributors to open source projects instead of calling the help-desk of a proprietary vendor and wait for them to fix an issue. We have seen some organisation improving the tools while improving their SOC capabilities.
If you are a vendor in threat intelligence, don't hesitate to contribute your own module to MISP. It will help everyone and especially the integration with existing open or closed services.
Nice to see new sharing communities using MISP being created.
Hey, sure you can
You need to use the following parameters:
endpoint: /events/upload_stix
Accept: application/xml
Content-Type: application/json
Then you paste the content of your stix file as HTTP body of your query, and it should work
If you have any question, let me know
Yeah, to address this issue, now MISP has an additional field "threat actor classification" under which the "operation" value can be added.
Thank you for pointing this out. We welcome pull-request and changes.
FYI, MISP is no more called "Malware Information Sharing Platform" but MISP - Open Source Threat Intelligence Platform as the sharing is much more broad nowadays.
Thanks @rungrage. Latest thing we've done: extended the social media objects in @MISPProject so we can build better disinformation threat intelligence reports
Docker @MISPProject core-v2.4.125b is building
Fixes:
- Default to modern SSL, with secure option. Fixes other MISPs unable to connect
- Ensures submodules are updated as expected on updates
- Move SSL cert location <- NOTE THIS see #53
https://github.com/coolacid/docker-misp …
That's actually very cool, thank you @0x3c7 and @Secureworks for that! That motivated me to script (the import of @MISPProject threat-actor galaxy, 324 actors, including the targeted sector tags! On a clean @QuoLabTech instance, that looks busy :)
https://github.com/quolab/scripts
https://twitter.com/0x3c7/status/1263889007374729221 …pic.twitter.com/x33VS3HKLr
threat-actor-intelligence-server software has been updated and threat actor can now be queried by country. There is public API where you can query threat actor by name, country and uuid. #ThreatIntelligence
https://github.com/MISP/threat-actor-intelligence-server …pic.twitter.com/kNwlFTFZCB
- MISP web site
- https://www.misp-project.org/
- BlueBird
- https://twitter.com/MISPProject
MISP - Threat Sharing. An Open Source software and standards to share, create and validate threatintel and intelligence.
#Infosec #Security #OpenSource
Joined Jan 2019
