data/raw_reports/misp.csv : this file can be exported from MISP from following location, Export->CSV_Sig->Generate then Download.
Need to place exported files under following folders with exact name specified All 3 files mentioned in step (2) can either be manually edited or vulnerabilities & indicators file can be generated using exported MISP & Tenable Nessus scan report.indicators.csv : IOC data with attributes type, value, severity & threat type.asset_vulnerabilities.csv : Details about CVE IDs and top CVSS score value for each asset.Default file has few examples for intranet IPs & DNS servers asset_tags.csv : Information about asset ip/domain/cidr and associated tags.Folder data/formatted_reports has 3 files.Download source Zip file or checkout the code.Extends native Wireshark filter functionality to allow filtering based severity, source, asset type & CVE information for each source or destination IP address in network logs.Loads exported vulnerability scan information exported from Qualys/Nessus map IP to CVEs.filter for ‘Database Server’, ‘Employee Laptop’ etc) Loads asset classification information based on IP-Range to Asset Type mapping which enables filtering incoming/outgoing traffic from a specific type of assets (e.g.Loads malicious Indicators CSV exported from Threat Intelligence Platforms like MISP and associates it with each source/destination IP from network traffic.
0 kommentar(er)
