search

MISP / misp-playbooks

MISP Playbooks
https://misp.github.io/misp-playbooks/
BSD 2-Clause "Simplified" License
167 stars 16 forks source link

Retroscan MISP warninglist #8

Closed cudeso closed 10 months ago

cudeso commented 1 year ago

The title of the playbook

Retroscan MISP warninglist

Purpose of the playbook

This playbook is similar to the playbook for creating a custom warninglist. Similar to https://github.com/MISP/misp-playbooks/issues/7 In this case the playbook queries the MISP events and OSINT feeds with matches from a predefined warninglist. It can be seen as some form of "retroscan". The playbook also queries Shodan and VirusTotal for matches with entries in the warninglist. The result is summarised at the end of the playbook and sent to Mattermost or Slack or added as an alert in TheHive or DFIR-IRIS (to be discussed for implementation).

External resources used by this playbook

Shodan, VirusTotal, Mattermost (or Slack), TheHive (optional), DFIR-IRIS (optional)

Target audience

SOC, CSIRT, CTI

Breefly list the execution steps or workflow

No response

cudeso commented 1 year ago

This is a "light' version of #7 ; without the warninglist creation