MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-30 02:37:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

adversary tools added + some clarification

Browse source
This commit is contained in:
Alexandre Dulaunoy 2016-03-17 07:47:39 +01:00
parent 5c49e626b5
commit e952576252
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -7,19 +7,25 @@ are default elements available in MISP galaxy but those can be overwritten, repl
Existing clusters and elements can be used as-is or as a template. MISP distribution can be applied Existing clusters and elements can be used as-is or as a template. MISP distribution can be applied
to each cluster to permit a limited or broader distribution scheme. to each cluster to permit a limited or broader distribution scheme.
Elements are from existing standards (like STIX, Veris, MISP and so on) or custom ones.
The objective is to have a comment set of clusters for organizations starting analysis but that can be expanded
to localized information (which is not shared) or additional information (that can be shared).
# Available clusters # Available clusters
- [cluster/threat-actor.json](cluster/threat-actor.json) - Threat Actor - [cluster/threat-actor.json](cluster/threat-actor.json) - Threat Actor. MISP
# Available Elements # Available Elements
- [elements/adversary-groups.json](elements/adversary-groups.json) - Adversary groups - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. - [elements/adversary-groups.json](elements/adversary-groups.json) - Adversary groups - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. MISP
- [elements/certainty-level.json](elements/certainty-level.json) - Certainty level of an associated element or cluster. - [elements/certainty-level.json](elements/certainty-level.json) - Certainty level of an associated element or cluster.
- [elements/planning-and-operational-support-vocabulary.json](elements/planning-and-operational-support-vocabulary.json) - The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions available to a threat actor. - [elements/planning-and-operational-support-vocabulary.json](elements/planning-and-operational-support-vocabulary.json) - The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions available to a threat actor.
- [elements/threat-actor-motivation-vocabulary.json](elements/threat-actor-motivation-vocabulary.json) - The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor. STIX 1.2.1 - [elements/threat-actor-motivation-vocabulary.json](elements/threat-actor-motivation-vocabulary.json) - The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor. STIX 1.2.1
- [elements/threat-actor-sophistication-vocabulary.json](elements/threat-actor-sophistication-vocabulary.json) - The ThreatActorSophisticationVocab enumeration is used to define the default STIX vocabulary for expressing the subjective level of sophistication of a threat actor. - [elements/threat-actor-sophistication-vocabulary.json](elements/threat-actor-sophistication-vocabulary.json) - The ThreatActorSophisticationVocab enumeration is used to define the default STIX vocabulary for expressing the subjective level of sophistication of a threat actor.
- [elements/threat-actor-type-vocabulary.json](elements/threat-actor-type-vocabulary.json) - The ThreatActorTypeVocab enumeration is used to define the default STIX vocabulary for expressing the subjective type of a threat actor. - [elements/threat-actor-type-vocabulary.json](elements/threat-actor-type-vocabulary.json) - The ThreatActorTypeVocab enumeration is used to define the default STIX vocabulary for expressing the subjective type of a threat actor.
- [elements/threat-actor-intended-effect-vocabulary.json](elements/threat-actor-intended-effect-vocabulary.json) - The IntendedEffectVocab is the default STIX vocabulary for expressing the intended effect of a threat actor. STIX 1.2.1 - [elements/threat-actor-intended-effect-vocabulary.json](elements/threat-actor-intended-effect-vocabulary.json) - The IntendedEffectVocab is the default STIX vocabulary for expressing the intended effect of a threat actor. STIX 1.2.1
- [elements/threat-actor-tools.json](elements/threat-actor-tools.json) - threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries. MISP
## How to contribute? ## How to contribute?