[Marketplace Contribution] MISP - Indicator Sharing #38870
+5,155
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
content-bot
added
Contribution
content-bot
changed the base branch from
master
to
contrib/xsoar-contrib_Galp-Csirt-Team-contrib-MISP-IndicatorSharing
|
Thanks for contributing to the XSOAR marketplace. To receive credit for your generous contribution, please ask the reviewer to update your information in the pack contributors file. See more information here link |
content-bot
added
the
Contribution Form Filled
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
Contributor
@Galp-Csirt-Team
Description
MISP Indicator Sharing - Boosting Portuguese Cybersecurity - Together, we can build a Safer Digital Future
In our ongoing efforts to enhance cybersecurity across Portugal, we are excited to share our comprehensive playbook designed to enable the sharing cybersecurity indicators via MISP. This playbook is a valuable resource for organizations of all sizes, providing standardized practices and actionable insights to improve incident response and overall cybersecurity posture.
This content pack incluides:
Introduction to Cybersecurity Indicator Sharing
Understanding the importance of cybersecurity indicators and how they can help in identifying, managing, and mitigating cyber threats.
The concept of Predefinied Tags enables the default propagation of several tags that are consumed by MISP like Country, Company Sector, CSIRT-Aliance, this can be definied on the task.
Portuguese National Taxonomy: A playbook to classifiy the incident according to CNCS taxonomy
ENISA Taxonomy: A playbook to classify the incident according to the ENISA taxonomy
The previous playbooks ensure the incident classification to a format that enables a direct mapping to MISP tags via RSIT aligning with international standards to ensure consistency and interoperability.
Even though the main focus is the indicator sharing for Portuguese Companies the use of ENISA standards allows the use of this playbook for non portuguese companies.
This playbook builds from the "Phishing" content pack since it uses some of its incident fields allowing for an easier use in cases of phishing email information sharing.
We encourage all organizations to review and integrate these guidelines to strengthen our collective cybersecurity efforts.
Notes
This content pack is an update according to previous meet that we had regarding a previous submission:
[Marketplace Contribution] MISP - Indicator Sharing - PT (PR #36778)
We consolidated the 3 submissions into a single one and created the marketplace documentation as well as documentation for the contribution page.
Thanks for the support.
Auto-Generated Documentation Requiring Modification
Video Link
Short demo video of the Pack usage. Speeds up the review. Optional but recommended. Use a video sharing service such as Google Drive or YouTube.