Skip to content

Commit

Permalink
Merge pull request #4 from MISP/topic/curation
Browse files Browse the repository at this point in the history 
chg: [curation] Added various blueprints meant for curation
  • Loading branch information
@mokaddem
mokaddem committed Jul 31, 2023
2 parents 7df5462 + b97437a commit 2337bde
Show file tree
Hide file tree
Showing 10 changed files with 3,680 additions and 0 deletions.
11 changes: 11 additions & 0 deletions README.md
View file
Expand Up @@ -18,6 +18,17 @@ For more information about MISP workflows in MISP, the training materials [MISP
- [Remote `to_ids` flag if the indicator appears in known file list](https://github.com/MISP/misp-workflow-blueprints/blob/main/blueprints/blueprint_disable-to_ids-flag-for-existing-hash-in-hashlookup_1667228944.json) - Disable to_ids flag for existing hash in [hashlookup](https://www.hashlookup.io/).
- [Set tag based on BGP Ranking maliciousness level](https://github.com/MISP/misp-workflow-blueprints/blob/main/blueprints/blueprint_set-tag-based-on-bgp-ranking-maliciousness-level_1668498668.json) - Set tag based on [BGP Ranking](https://bgpranking.circl.lu) maliciousness level.

### Curation blueprints
- [Curation - Allow curation process](./blueprints/blueprint_curation---allow-curation-process.json)
- [Curation - Assign threat-level based on enriched location](./blueprints/blueprint_curation---assign-threat-level-based-on-enriched-location.json)
- [Curation - Assign a country GalaxyCluster on IPs](./blueprints/blueprint_curation---assign-a-country-galaxycluster-on-ips.json)
- [Curation - Normalize TLP & PAP Tag](./blueprints/blueprint_curation---normalize-tlp-&-pap-tag.json)
- [Curation - Remove automation flag from known non-malicious hashes](./blueprints/blueprint_curation---remove-automation-flag-from-known-non-malicious-hashes.json)
- [Curation - Remove automation flag from false-positive tripping over warninglist](./blueprints/blueprint_curation---remove-automation-flag-from-false-positive-tripping-over-warninglist.json)
- [Curation - Remove automation flag from data having correlation with predefined feed](./blueprints/blueprint_curation---remove-automation-flag-from-data-having-correlation-with-predefined-feed.json)
- [Curation - Toggle automation flag from network IoC based on AbuseIPDB](./blueprints/blueprint_curation---toggle-automation-flag-from-network-ioc-based-on-abuseipdb.json)
- [Curation - Toggle automation flag from URLs based on Google-Safe-Browsing](./blueprints/blueprint_curation---toggle-automation-flag-from-urls-based-on-google-safe-browsing.json)

## How to contribute your workflow blueprints?

It's very easy. Fork the repository, create a new JSON file with your blueprint and make a pull-request.
Expand Down
56 changes: 56 additions & 0 deletions blueprints/blueprint_curation---allow-curation-process.json
View file
@@ -0,0 +1,56 @@
{
"WorkflowBlueprint": {
"id": "30",
"uuid": "19be89c7-58ca-40c4-9e42-a4fd8aa0e6d7",
"name": "Curation - Allow curation process",
"description": "Allow running the curation process if an event is tagged with the appropriate tag",
"timestamp": "1690446130",
"data": [
{
"id": 78,
"name": "IF :: Tag",
"data": {
"indexed_params": {
"scope": "event",
"condition": "in_or",
"tags": [
"misp-workflow:run=\"allowed\""
]
},
"saved_filters": {
"selector": "",
"value": "",
"operator": "",
"path": ""
},
"node_uid": "57q277772vi0n7dp0o8ftak",
"module_type": "logic",
"id": "tag-if",
"name": "IF :: Tag",
"multiple_output_connection": false,
"previous_module_version": "?",
"module_version": "0.4"
},
"class": "block-type-if block-type-logic expect-misp-core-format",
"typenode": false,
"inputs": {
"input_1": {
"connections": []
}
},
"outputs": {
"output_1": {
"connections": []
},
"output_2": {
"connections": []
}
},
"pos_x": 2141.2864500253677,
"pos_y": 519
}
],
"default": false,
"mermaid": "flowchart LR\n"
}
}

0 comments on commit 2337bde

Please sign in to comment.