Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MISP Sharing Improvements #366

Closed
saadkadhi opened this issue Nov 6, 2017 · 3 comments
Closed

MISP Sharing Improvements #366

saadkadhi opened this issue Nov 6, 2017 · 3 comments
Assignees
@To-om
Labels
enhancement
Milestone
3.1.0-RC1 (Cerana 1)

Comments

@saadkadhi
Copy link
Contributor

saadkadhi commented Nov 6, 2017
edited
Loading

Request Type

Feature Request

Work Environment

Question Answer
TheHive version / git hash 3.0.10

Problem Description

The current implementation of MISP sharing in TheHive can be improved in several ways.

Create an Extended Event When not Able to Export

When an analyst attempts to update a MISP event on which the account used by TheHive to connect to the MISP instance is not part of the original creator organization, the current implementation in TheHive will display a you do not have permission to do that error produced by MISP. In this case, TheHive should offer the analyst the ability to create an extended event (http://www.misp-project.org/2018/04/19/Extended-Events-Feature.html).

Add Sightings and IDS Flags During Export

Once #365 is implemented, TheHive should mark sightingsand activate the IDS flag on each attribute exported to MISP corresponding to an observable that is marked as IOC and sighted in TheHive.

Provide Context

When sharing a case to a MISP instance, provide context such as TheHive's name instance, link to the case, and other metadata.
@saadkadhi saadkadhi added this to the 3.1.0 milestone Nov 6, 2017
@saadkadhi saadkadhi modified the milestones: 3.1.0 (Cerana 1), 3.2.0 (Cerana 2) Nov 15, 2017
@saadkadhi saadkadhi mentioned this issue Jan 17, 2018
Closed
@saadkadhi
Copy link
Contributor Author

Added suggestions from #433

@saadkadhi saadkadhi mentioned this issue Jan 17, 2018
Closed
@garanews
Copy link
Contributor

Add support for MISP objects in order to do not lose useful info:

events_misp

@saadkadhi saadkadhi mentioned this issue Feb 6, 2018
Closed
To-om added a commit that referenced this issue Jul 2, 2018
@To-om
#366 Export case to MISP using extend event
6dd9c35
@To-om
Copy link
Contributor

To-om commented Jul 11, 2018

Commit 4ec4f0e uses new API of MISP to identify which event can be updated

To-om added a commit that referenced this issue Jul 11, 2018
@To-om
#366 Fix original event search
cdef0e1
To-om added a commit that referenced this issue Jul 27, 2018
@To-om
#366 If extended event API is not available on MISP, fallback to edit…
4e23e56 
… case strategy
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@To-om To-om

Labels
enhancement
Projects
None yet
Milestone
3.1.0-RC1 (Cerana 1)
Development

No branches or pull requests
4 participants
@nadouani @saadkadhi @garanews @To-om