You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PAP (for Permissible Actions Protocol) aims to indicate to analyst the posture to adopt: how much we accept that the attacker detect the current analysis.
As for TLP, PAP is declined in 4 values:
RED (3): Non-detectable actions only. Recipients may not use PAP:RED information on the network. Only passive actions on logs, that are not detectable from the outside.
AMBER (2): Passive cross check. Recipients may use PAP:AMBER information for conducting online checks, like using services provided by third parties (e.g. VirusTotal), or set up a monitoring honeypot.
GREEN (1): Active actions allowed. Recipients may use PAP:GREEN information to ping the target, block incoming/outgoing traffic from/to the target or specifically configure honeypots to interact with the target.
WHITE (0): No restrictions in using this information.
Tasks
Add pap attribute to case class
Add pap attribute to case template class
Add corresponding mapping migration
Update case template UI
Update case details page
Update case creation dialog
Update template of case items in search page
Update template of case items in flow
The text was updated successfully, but these errors were encountered:
Is someone currently working on this feature? If I am not mistaken, this feature seems to already exist in TheHive when creating a new case. Please advise.
@AzureFlameGod this feature does not exist yet and will be implemented in 3.1. It must not be confounded with the TLP safeguards that analyzers implement (a.k.a max TLP).
While the colors in the PAP taxonomy are similar to those of the TLP, they serve a different purpose and are actions that will be applicable to actions you could or could not do during your incident response process depending on the stance you have defined wrt the threat actor you are dealing with.
Request Type
Feature Request
Description
PAP (for Permissible Actions Protocol) aims to indicate to analyst the posture to adopt: how much we accept that the attacker detect the current analysis.
As for TLP, PAP is declined in 4 values:
Tasks
pap
attribute to case classpap
attribute to case template classThe text was updated successfully, but these errors were encountered: