misp-galaxy/README.md

26 lines
1.8 KiB
Markdown
Raw Normal View History

2016-02-28 08:24:57 +00:00
# misp-galaxy
MISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or
attributes. A cluster can be composed of one or more elements. Elements are expressed as key-values. There
are default elements available in MISP galaxy but those can be overwritten, replaced or updated as you wish.
2016-02-28 08:24:57 +00:00
Existing clusters and elements can be used as-is or as a template. MISP distribution can be applied
to each cluster to permit a limited or broader distribution scheme.
2016-02-28 08:24:57 +00:00
# Available clusters
- [cluster/threat-actor.json](cluster/threat-actor.json) - Threat Actor
# Available Elements
2016-02-29 08:50:21 +00:00
- [elements/adversary-groups.json](elements/adversary-groups.json) - Adversary groups - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.
2016-03-01 06:48:16 +00:00
- [elements/certainty-level.json](elements/certainty-level.json) - Certainty level of an associated element or cluster.
- [elements/planning-and-operational-support-vocabulary.json](elements/planning-and-operational-support-vocabulary.json) - The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions available to a threat actor.
2016-02-29 07:41:31 +00:00
- [elements/threat-actor-motivation-vocabulary.json](elements/threat-actor-motivation-vocabulary.json) - The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor. STIX 1.2.1
2016-02-28 08:24:57 +00:00
- [elements/threat-actor-intended-effect-vocabulary.json](elements/threat-actor-intended-effect-vocabulary.json) - The IntendedEffectVocab is the default STIX vocabulary for expressing the intended effect of a threat actor. STIX 1.2.1
## How to contribute?
Fork the project, update or create elements or clusters and make a pull-request.
2016-02-28 08:24:57 +00:00