You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Nice idea! This can also be useful for bulk verification cases, e.g. you hash all the files of a machine and you throw them at MISP to see if they are known.
The idea is to do fast lookup of attributes and check if these are known by MISP. If yes, you'll get back the UUID and can do an URL to MISP for the user having an access.
After a quick discussion about the correlation table with @Rafiot
The table can be easily expressed in a series of sets in a key-value store that could be used a cache engine. Here is a potential representation:
set hash(value) => set of (uuid)
set uuid => set of hash(value)
k/v hash(value) => value of (value)
hash uuid => info => value of (info)
=> org => value of (org)
set distribution => set of (uuid)
(for each group of distribution / private) - a check of correlation visibility can be done with SDIFF
The text was updated successfully, but these errors were encountered: