Make MISP IOC centric
#8066
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
-
Is your feature request related to a problem? Please describe.
The challenge with misp today is that misp is event centric, thats great for dealing with events, but dealing with the indicators fron an IOC centric view its a bit harder. Using misp as an IOC database works, kind of, but it could be improved greatly.
Describe the solution you'd like
MISP could benefit from an IOC centric view in addition to the event view that exists today, by this i mean that the indicators themselves are in focus, comments follow the indicator, the indicator as a whole can be enabled or disabled for IDS, regardless of existing in multiple events or not, and the different events the IOC exists in are viewed as context. one is able to comment the indicator freely of the events the indicator might or might not exist in. Indicators could even exist not in an event but in the IOC database. Maybe some of this is doable, maybe some of this is completely crazy and not possible to achive but im thinking aloud here from my own experience with misp. It would make it possible to further use misp as a tool for analysts.
Describe alternatives you've considered
No response
Additional context
No response
Code of Conduct
Beta Was this translation helpful? Give feedback.
All reactions