MISP analyse sightings #24
Assignees
Labels
needs triage
This issue has been automatically labelled and needs further triage
playbook:activity=6
Playbooks for activity 6
playbook:state=proposal
A 'proposal' for a new playbook
Comments
cudeso
added
playbook:state=proposal
cudeso
added
playbook:activity=3
cudeso
added
playbook:activity=5
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The title of the playbook
MISP analyse sightings
Purpose of the playbook
This playbook queries the MISP sightings for all the attributes with the to_ids flag set. The playbook evaluates the balance between false positives and true positives and whenever that balance is above or equal to a threshold value it will set the to_ids flag to false, and re-publish the event. The results are stored in the playbook and sent to Mattermost or Slack or added as an alert in TheHive or DFIR-IRIS (to be discussed for implementation).
External resources used by this playbook
Mattermost (or Slack), TheHive (optional), DFIR-IRIS (optional)
Target audience
CTI
Breefly list the execution steps or workflow
No response
The text was updated successfully, but these errors were encountered: