You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please replace every line in curly brackets { like this } with appropriate answers, and remove this line.
Problem to Solve
There is a requirement to:
store detection rules of various types in OpenCTI
associate these rules to objects such as reports, threat actors, intrusion sets, malware and attack pattern (i.e. 'this rule is good to detect this threat actor / intrusion set / ATT&CK technique, malware family, etc)
Current Workaround
None
Proposed Solution
In MISP, detection rules are stored as attributes.
In CTI, there is no preferred way. They could be stored as observables (just need to create new types) or any other method that would be STIX compatible.
Additional Information
{ Any additional information, including logs or screenshots if you have any. }
The text was updated successfully, but these errors were encountered:
Please replace every line in curly brackets { like this } with appropriate answers, and remove this line.
Problem to Solve
There is a requirement to:
Current Workaround
None
Proposed Solution
In MISP, detection rules are stored as attributes.
In CTI, there is no preferred way. They could be stored as observables (just need to create new types) or any other method that would be STIX compatible.
Additional Information
{ Any additional information, including logs or screenshots if you have any. }
The text was updated successfully, but these errors were encountered: