The project was initiated by Marion Marschalek (G-data) and Raphaël Vinot (CIRCL) for a prensentation at Troopers called THE KINGS IN YOUR CASTLE - All the lame threats that own you but will never make you famous.
The idea is to use the data stored and classified in MISP in order to derivate trends and uncover correlations between events.
This repository contains scripts to process data from MISP and help analyse the outputs.
The scripts are sorted by usage, look at the readme files in the sub-directories.
- hashes-extract.sh: Extract all the hashes from JSON dumps.
- groupping: makes groups of hashes and dump correlations.
- standalone: import all the indicators in a sqlite database