Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an optional reference to MISP artefacts in Profile 2: Security Incident Response #794

Open
sonnyvanlingen opened this issue Oct 16, 2024 · 3 comments
Open

Add an optional reference to MISP artefacts in Profile 2: Security Incident Response #794

sonnyvanlingen opened this issue Oct 16, 2024 · 3 comments
Labels
more_info_needed Additional information is required to proceed

Comments

@sonnyvanlingen
Copy link

MISP is used by many CSIRTs and SOCs in different use-cases including to share information on security incidents.

There may be value to provide a way to optionally include a reference to relevant MISP components such as Events, Attributes,Objects, Event Reports.
@tschmidtb51
Copy link
Contributor

I guess that could be done as reference. Do you envision a specific reference sub-category or just mentioning in the profile that this might be helpful? (Might be related to #722)

@tschmidtb51 tschmidtb51 added the more_info_needed Additional information is required to proceed label Oct 16, 2024
@tschmidtb51
Copy link
Contributor

When designing this, we need to consider whether we specify a implementation (MISP, STIX, etc.) or a group IoCs and whether it should be mandatory...

@sonnyvanlingen
Copy link
Author

For now, I lean towards keeping this reference optional to allow flexibility.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
more_info_needed Additional information is required to proceed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sonnyvanlingen @tschmidtb51