Comments (3)
Fred-certeu
commented on June 2, 2024
1
One important use case for us:
- be able to import all MISP events (from a given MISP instance), independently of whether they have a tag or not
- from a certain date (typically the date of activation of the connector - but it could be an earlier date)
- specify a report type to transform MISP event into reports (e.g. report type = ''event'')
- associate automatically threat actors / intrusion sets, malware families, attack patterns (especially ATT&CK techniques), based on MISP tags
from connectors.
SamuelHassine
commented on June 2, 2024
@Fred-certeu: all your points will be took into account.
from connectors.
Fred-certeu
commented on June 2, 2024
Hello @SamuelHassine ,
another topic to address with the MISP connector : the question of UUIDs.
I'm not sure if openCTI uses UUID, but MISP does, and it's very useful :
- when observables (attributes) transit in different platforms (MISP or non MISP).
- to query observables from platforms
On the other hand, I understand that openCTI will not duplicate observables with the same value (which is a major progress and which should be maintained).
Then the question is:
- do you have a use case with UUID in openCTI ?
- how should it be handled (for example, two MISP attributes with the same value and distinct UUIDs will be handled in openCTI as one observables. So should there be two UUID for the same observables ???)
from connectors.
Related Issues (20)
- layout problem when generating a report HOT 3
- Update templates for Community to have proper guidelines to create/update connectors
- Add useful Filters into the import-external-reference connector
- [Question] How to make PDF,MD,HTML data
- Qradar connector error in script HOT 8
- Remove confidence level from The Hive connector
- Export PDF of lists HOT 1
- Create connector for Tanium Asset Management
- Flashpoint - tackle issues HOT 3
- [VirusTotal] OpenCTI API is not reachable and AUTH_REQUIRED errors HOT 1
- Improve malware bazar
- Be able to enrich Indicator with VirusTotal connector
- UnpacMe docker-compose incorrect connector name
- AlienVault Connector doesn't pull any data . HOT 2
- Hygiene is breaking HOT 2
- [Hybrid Analysis] Unable to enrich TLP:CLEAR file observable HOT 2
- [Hygiene] Implement multi-threading / parallelism capabilities
- Issues uploading Threat Indicators to Sentinel/Defender ATP HOT 13
- Take ownership of the XSOAR connector HOT 1
- Crowdstrike Reports not being pulled in
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from connectors.