Skip to content

McHughSecurity

  • Home
  • Blog
  • Security Operations
  • DFIR
    • Reverse Engineering
      • Dynamic Analysis
      • Static Analysis
  • Vuln. Mgmt
  • Intelligence
    • Open-Source Intelligence
    • Threat Intelligence
      • AIL Framework
      • MISP – Open Source Threat Intelligence Platform
      • OpenCTI
  • Threat Modelling
    • Attack Libraries
    • Attack Trees
    • Mitigating Techniques
    • SaaS Threat Modelling
    • Threat Models
    • Tools
    • Validating Threat Mitigations
  • Toggle search form
  • Using MISP in a TraceLabs Missing Persons engagement Blog
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting Frameworks
  • Cuckoo Dynamic Malware Analysis Digital Forensics & Incident Response
  • Building Structured Threat Intelligence (STIX) from FBI notices MISP - Open Source Threat Intelligence Platform
  • [Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise Build
  • Building a parallel-analysis Cuckoo server Digital Forensics & Incident Response
  • Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks. Digital Forensics & Incident Response
  • External Analysis with VirusTotal Digital Forensics & Incident Response

Month: May 2021

Using the workflow taxonomy in MISP

Posted on May 23, 2021 By A.McHugh No Comments on Using the workflow taxonomy in MISP

In the context of MISP, intelligence handling usually requires a set of stages for that information to be handled effectively. This can be addressed procedurally through a workflow.

Understanding how a taxonomy may be implemented in MISP to assist this process is handy.

Read More “Using the workflow taxonomy in MISP” »

MISP - Open Source Threat Intelligence Platform

Using the Estimative Language Taxonomy in MISP

Posted on May 11, 2021 By A.McHugh No Comments on Using the Estimative Language Taxonomy in MISP
  1. Using the Course of Action Taxonomies in MISP
  2. Using the Data Classification Taxonomies in MISP
  3. Using the Estimative Language Taxonomy in MISP

According to the MISP taxonomies listing for Estimative Language, this taxonomy is used to descrie the quality and credibility of the underlying information sources, data, and methodologies as described under the Intelligence Community Directive 203 (ICD 203) and JP 2-0. In this article I will describe how these tags may be applied by either an intelligence originator, or when the information is polled from a known credible source to convey likelihood.

Read More “Using the Estimative Language Taxonomy in MISP” »

MISP - Open Source Threat Intelligence Platform

Using the Data Classification Taxonomies in MISP

Posted on May 11, 2021 By A.McHugh No Comments on Using the Data Classification Taxonomies in MISP
  1. Using the Course of Action Taxonomies in MISP
  2. Using the Data Classification Taxonomies in MISP
  3. Using the Estimative Language Taxonomy in MISP

Data classification is broadly defined as the process of organising data by relevant categories so that it may be used and protected more efficiently. On a basic level, the classification process makes data easier to locate and retrieve.

In this article, I will be discussing the usage of the data-classification taxonomy for MISP events and attributes within those events. The intent of this taxonomy being categorising the value of data to provide some additional context to the information or asset being affected.

Read More “Using the Data Classification Taxonomies in MISP” »

MISP - Open Source Threat Intelligence Platform

Using the Course of Action Taxonomies in MISP

Posted on May 10, 2021 By A.McHugh No Comments on Using the Course of Action Taxonomies in MISP
  1. Using the Course of Action Taxonomies in MISP
  2. Using the Data Classification Taxonomies in MISP
  3. Using the Estimative Language Taxonomy in MISP

One of the great aspects of MISP, is the use of tags to give an indication of what needs to be done with an indicator within an event. Whole events may be assigned tags, but in this article I am going to talk to marking specific indicators with a Course of Action which implies a response when / if that indicator as been encountered.

Read More “Using the Course of Action Taxonomies in MISP” »

MISP - Open Source Threat Intelligence Platform

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Search

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Archives

  • April 2022
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • September 2020
  • April 2020
  • March 2020
  • January 2020
  • May 2019
  • Exporting Maltego Graphs to MISP Intelligence
  • Building a Cuckoo Malware Analysis Server Digital Forensics & Incident Response
  • Using the workflow taxonomy in MISP MISP - Open Source Threat Intelligence Platform
  • Using the Estimative Language Taxonomy in MISP MISP - Open Source Threat Intelligence Platform
  • [Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform Build
  • TraceLabs Missing Persons 11th of April 2020 Open-Source Intelligence
  • OSINT for Missing Persons (Part 1 – Intro) Open-Source Intelligence
  • [Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise Build

Categories

  • AIL Framework
  • Blog
  • Build
  • Design
  • Digital Forensics & Incident Response
  • Frameworks
  • Intelligence
  • MISP – Open Source Threat Intelligence Platform
  • Open-Source Intelligence
  • Operate
  • Security Operations
  • Static Analysis
  • Threat Intelligence

Copyright © 2022 McHughSecurity.

Powered by PressBook News Dark theme