Display timeline between multiple MISP events #28
Assignees
Labels
needs triage
This issue has been automatically labelled and needs further triage
playbook:activity=6
Playbooks for activity 6
playbook:state=proposal
A 'proposal' for a new playbook
Comments
cudeso
added
playbook:state=proposal
cudeso
added
playbook:activity=5
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The title of the playbook
Display timeline between multiple MISP events
Purpose of the playbook
This playbook queries MISP for specific event IDs, tags, a timestamp or a combination of the previous elements and builds a timeline of attributes / objects enclosed in the combined events. The timeline takes into account the timestamp, first seen and last seen value and creates a chronological overview of the occurrence of the attributes. The context of the events and attributes is included. The results are summarised in the playbook and then notified to Mattermost or Slack or added as an alert in TheHive or DFIR-IRIS (to be discussed for implementation).
External resources used by this playbook
Mattermost (or Slack), TheHive (optional), DFIR-IRIS (optional)
Target audience
CTI
Breefly list the execution steps or workflow
No response
The text was updated successfully, but these errors were encountered: