Comments (3)
One important use case for us:
- be able to import all MISP events (from a given MISP instance), independently of whether they have a tag or not
- from a certain date (typically the date of activation of the connector - but it could be an earlier date)
- specify a report type to transform MISP event into reports (e.g. report type = ''event'')
- associate automatically threat actors / intrusion sets, malware families, attack patterns (especially ATT&CK techniques), based on MISP tags
from connectors.
@Fred-certeu: all your points will be took into account.
from connectors.
Hello @SamuelHassine ,
another topic to address with the MISP connector : the question of UUIDs.
I'm not sure if openCTI uses UUID, but MISP does, and it's very useful :
- when observables (attributes) transit in different platforms (MISP or non MISP).
- to query observables from platforms
On the other hand, I understand that openCTI will not duplicate observables with the same value (which is a major progress and which should be maintained).
Then the question is:
- do you have a use case with UUID in openCTI ?
- how should it be handled (for example, two MISP attributes with the same value and distinct UUIDs will be handled in openCTI as one observables. So should there be two UUID for the same observables ???)
from connectors.
Related Issues (20)
- [Malpedia] ERROR: User effective max confidence level is insufficient to update this element HOT 6
- Stream Connector goes to "Inactive" status, does not "StreamAlive" HOT 2
- [Export CSV] Export both FROM NAME and TO NAME
- External reference not (re)created when using bundle and OpenCTIStix2.put_attribute_in_extension HOT 1
- Add new sources to Recorded Future external-import HOT 1
- Add additional debugging statements to the Recorded Future connectors
- [Import] Validating a workbench within a report can import a random file into it. HOT 5
- MISP AUTH Key variable appears to be missing for the misp-feed connector HOT 2
- Virus Total connector fails to enrich observables with an empty score HOT 1
- connector-diode-import - Container Issue - python3: can't open file '//diode-import.py': HOT 5
- [Intel471] List of bug and improvement HOT 6
- MISP integration is not working HOT 4
- [Mandiant] Remove empty report imported with Indicator
- New Connectors not showing up - Please help :)
- [diode-import] Question about creator and update of existing data HOT 1
- Taxii2 none authentication HOT 2
- [Hygiene] error when enriching obs with indicator having equal valid from and valid until HOT 5
- MISP Imported Events Display Only Indicators in Knowledge, Omitting Intrusion Sets, Threat Actors, and Attack Patterns. These entities appear only under Entities Distribution in the Overview page and do not show up in the Entities section. HOT 2
- [Qradar] Adding an environment variable
- [VirusTotal] Change method vt_score is generated HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from connectors.