-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Use cases
Alexandre Dulaunoy edited this page Jan 13, 2014
·
2 revisions
- a new CVE is published
- an analyst who was working on a sample realise it is related, he publishes the hash
- when adding the Hash in our MISP instance, we discover other events using this vulnerability
- a big list of hashes is published anonymously without context
- when added in a MISP Instance, we can link it to an attack
- the report has a lot of IOCs (hashes, ips, domains...)
- when added into MISP, we link it to multiple former events and inform the victims
- Multiple malwares are investigated at the same time by different entities
- They all contain the same highly specific mutex and can be connected and help to identify the attacker
- A analyst is reversing a malware but doesn't know the level of risk with the associated (lack of context)
- The analyst enters the indicators into MISP to check if some other events (with a proper context) are triggered