-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set tags within Source as well as Operator [MISP] #103
Comments
Taking this a step further might include dynamically assigning tags based on keyword matching. Using a different example, if you had a more generic Twitter list that included threat intel on a wide variety of malware strains, you could assign tags from a set of whitelisted strings i.e. Matching a string within the Tweet body from this list could be used to assign tags. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current system of setting hardcoded tags is insufficient when ingesting from variable sources such as Twitter or RSS feeds.
I propose setting tags within the source as well as the operator. This allows for both default tags assigned to all ingested events, as well as tags set specifically for the source.
A great example of this providing value is using a Twitter source to search for
emotet
and another searching fornjrat
. Separately tagging these events would significantly improve the intelligence value for operators instead of just genericOSINT
orMALWARE
tags.I will investigate the viability of this, but any suggestions would be appreciated.
Thanks.
The text was updated successfully, but these errors were encountered: