Skip to content

McHughSecurity

  • Home
  • Blog
  • Security Operations
  • DFIR
    • Reverse Engineering
      • Dynamic Analysis
      • Static Analysis
  • Vuln. Mgmt
  • Intelligence
    • Open-Source Intelligence
    • Threat Intelligence
      • AIL Framework
      • MISP – Open Source Threat Intelligence Platform
      • OpenCTI
  • Threat Modelling
    • Attack Libraries
    • Attack Trees
    • Mitigating Techniques
    • SaaS Threat Modelling
    • Threat Models
    • Tools
    • Validating Threat Mitigations
  • Toggle search form
  • [Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise Build
  • Building the Assemblyline Analyzer for TheHive’s Cortex. Digital Forensics & Incident Response
  • Building a parallel-analysis Cuckoo server Digital Forensics & Incident Response
  • Implementing Elastic Cloud and using Elastic Security Build
  • TheHive 4.1.0 Deployment and Integration with MISP Build
  • Using the Course of Action Taxonomies in MISP MISP - Open Source Threat Intelligence Platform
  • Exporting Maltego Graphs to MISP Intelligence
  • External Analysis with VirusTotal Digital Forensics & Incident Response

Tag: misp

[Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform

Posted on June 18, 2021 By A.McHugh No Comments on [Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform
  1. [Part 1] Building a Threat Integration and Testing Lab
  2. [Part 2] Building a Threat Integration and Testing Lab – Elastic Cloud Enterprise (On-Premises)
  3. [Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise
  4. [Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform

MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.

Within a well structured SIEM environment, a Threat Intelligence Platform may allow an organisation to generate new intelligence relevant to the organisation, and it may allow for the ingestion of external intelligence sources.

Read More “[Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform” »

Build

Using the Course of Action Taxonomies in MISP

Posted on May 10, 2021 By A.McHugh No Comments on Using the Course of Action Taxonomies in MISP
  1. Using the Course of Action Taxonomies in MISP
  2. Using the Data Classification Taxonomies in MISP
  3. Using the Estimative Language Taxonomy in MISP

One of the great aspects of MISP, is the use of tags to give an indication of what needs to be done with an indicator within an event. Whole events may be assigned tags, but in this article I am going to talk to marking specific indicators with a Course of Action which implies a response when / if that indicator as been encountered.

Read More “Using the Course of Action Taxonomies in MISP” »

MISP - Open Source Threat Intelligence Platform

Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.

Posted on March 3, 2021 By A.McHugh 10 Comments on Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.
  1. Deploying (and using) TheHive4 [Part 1]
  2. Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.
  3. Building the Assemblyline Analyzer for TheHive’s Cortex.
  4. TheHive 4.1.0 Deployment and Integration with MISP

Since the last write up I published on TheHive, there have been some significant changes and updates to TheHive. So for this post I will be walking through the installation and deployment of TheHive4 (4.0.5) and the connection to MISP, Cortex and enabling Webhooks.

Read More “Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.” »

Digital Forensics & Incident Response

Exporting Maltego Graphs to MISP

Posted on January 17, 2021 By A.McHugh 1 Comment on Exporting Maltego Graphs to MISP

Lately I have been playing with having MISP be the Intelligence Sharing platform for a number of business intelligence functions. However, the main issue with MISP (from a user’s perspective) is the interface, and how a less technical person would generate information for the platform.

This is where pairing MISP and Maltego together goes really well, and even results in less technical people being able to generate technical data for incorporation into intelligence operations.

Read More “Exporting Maltego Graphs to MISP” »

Intelligence

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Search

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Archives

  • April 2022
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • September 2020
  • April 2020
  • March 2020
  • January 2020
  • May 2019
  • Using the workflow taxonomy in MISP MISP - Open Source Threat Intelligence Platform
  • Building a Cuckoo Sandbox Build
  • Implementing Elastic Cloud and using Elastic Security Build
  • Cuckoo Dynamic Malware Analysis Digital Forensics & Incident Response
  • Exporting Maltego Graphs to MISP Intelligence
  • TraceLabs Missing Persons 11th of April 2020 Open-Source Intelligence
  • Using the Course of Action Taxonomies in MISP MISP - Open Source Threat Intelligence Platform
  • Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks. Digital Forensics & Incident Response

Categories

  • AIL Framework
  • Blog
  • Build
  • Design
  • Digital Forensics & Incident Response
  • Frameworks
  • Intelligence
  • MISP – Open Source Threat Intelligence Platform
  • Open-Source Intelligence
  • Operate
  • Security Operations
  • Static Analysis
  • Threat Intelligence

Copyright © 2022 McHughSecurity.

Powered by PressBook News Dark theme