MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 14:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

First explanation

Browse source
This commit is contained in:
Alexandre Dulaunoy 2016-02-28 09:24:57 +01:00
parent edb1b6390c
commit dd4493d76d
1 changed files with 21 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
README.md Normal file
View file

@ -0,0 +1,21 @@
# misp-galaxy
MISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or
attributes. A cluster can be composed of one or more elements. Elements are expressed as key-values. There
are default elements available in MISP galaxy but those can overwritten, replaced or updated as you wish.
Existing clusters and elements can be used as-is or as a template.
# Available clusters
- [cluster/threat-actor.json](cluster/threat-actor.json) - Threat Actor
# Available Elements
- [elements/apt-groups.json](elements/apt-groups.json) - APT Groups - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.
- [elements/threat-actor-intended-effect-vocabulary.json](elements/threat-actor-intended-effect-vocabulary.json) - The IntendedEffectVocab is the default STIX vocabulary for expressing the intended effect of a threat actor. STIX 1.2.1
## How to contribute?
Fork the project, update elements or clusters and make a pull-request.