Create a MISP event on a malware incident – without sample #4
Assignees
Labels
needs triage
This issue has been automatically labelled and needs further triage
playbook:activity=5
Playbooks for activity 5
playbook:state=proposal
A 'proposal' for a new playbook
Comments
cudeso
added
playbook:state=proposal
cudeso
added
playbook:activity=5
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The title of the playbook
Create a MISP event on a malware incident – without sample
Purpose of the playbook
This playbook is similar to the paybook on a malware incident with a sample, except that in this case the analyst has to provide the sample details manually instead of uploading the sample.
Similar as #2 but with a sample.
The attributes are then combined into one or more file objects and attached to a MISP event.
External resources used by this playbook
MWDBcore, VirusTotal, OTX, Hashlookup, Mattermost (or Slack), TheHive (optional), DFIR-IRIS (optional)
Target audience
SOC, CSIRT
Breefly list the execution steps or workflow
No response
The text was updated successfully, but these errors were encountered: