tpo-anssi
commented
7 years ago Hi @adulau , by using the family creation script or the corresponding API module this is doable.
However, the galaxies are quite large and overlapping, and as Polichombr doesn't support family renaming / aliasing yet, this could cause problems down the road.
In my opinion, the more useful way would be to develop an export function between Polichombr and Misp, which could enable analysts to create events containing the samples informations into Misp.
Do you think that could interest the Misp community?
Very nice and interesting tool. We will have a look to integrate it with MISP like we did with viper.
On the side note, MISP galaxies contain machine parsable information about threat-actors and attacker tools. This could be a nifty extension for the users of your tools to get automatically potential information for classifying their analysis with existing taxonomies.
https://github.com/MISP/misp-galaxy/blob/master/elements/adversary-groups.json
or
https://github.com/MISP/misp-galaxy/blob/master/elements/threat-actor-tools.json