MISP change workflow state and publish event #21
Assignees
Labels
needs triage
This issue has been automatically labelled and needs further triage
playbook:activity=4
Playbooks for activity 4
playbook:state=proposal
A 'proposal' for a new playbook
Comments
cudeso
added
playbook:state=proposal
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The title of the playbook
MISP change workflow state and publish event
Purpose of the playbook
This playbook queries the MISP events for a workflow state incomplete and verifies that there are no remaining "todo" workflow tasks attached to the event. If there are none, the workflow state is changed to complete and the event is published. The results are stored in the playbook and sent to Mattermost or Slack or as an alert in TheHive or DFIR-IRIS (to be discussed for implementation).
External resources used by this playbook
Mattermost (or Slack), TheHive (optional), DFIR-IRIS (optional)
Target audience
CTI
Breefly list the execution steps or workflow
No response
The text was updated successfully, but these errors were encountered: