I have been playing with CIRCL's AIL Framework recently (which I will be writing about in another blog post), but I have had an interest in monitoring Telegram channels for…
An Introduction to Threat Intelligence
You will have seen the advertisements as you're browsing the Internet and will have seen the vendors at various conferences and trade shows spruiking Threat Intelligence as the way to…
Deploying MISP on DigitalOcean or Vultr Cloud Hosting
I have found myself deploying MISP on very small instances lately, mostly to function as a clearinghouse for intelligence I have been generating. So it begs the question - Does…
Using the workflow taxonomy in MISP
In the context of MISP, intelligence handling usually requires a set of stages for that information to be handled effectively. This can be addressed procedurally through a workflow. Understanding how…
Using the Estimative Language Taxonomy in MISP
According to the MISP taxonomies listing for Estimative Language, this taxonomy is used to descrie the quality and credibility of the underlying information sources, data, and methodologies as described under…
Using the Data Classification Taxonomies in MISP
Data classification is broadly defined as the process of organising data by relevant categories so that it may be used and protected more efficiently. On a basic level, the classification…
Using the Course of Action Taxonomies in MISP
One of the great aspects of MISP, is the use of tags to give an indication of what needs to be done with an indicator within an event. Whole events…
Building Structured Threat Intelligence (STIX) from FBI notices
Intelligence is pretty much everywhere in unstructured formats, and this can be in informal blog posts, tweets, and even within FBI or US Treasury documents. In this article, I am…
Using MISP in an air-gapped environment
MISP works really well in an internet connected environment in gathering and creating correlations. However, in air-gapped environments the ability to query MISP for indicators is still incredibly useful, except…
Using MISP in a TraceLabs Missing Persons engagement
MISP is certainly intended to be used like this, however, with some creativity and some technical effort, the MISP Threat Intelligence Platform could be utilized as a missing person's intelligence…