You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
DFIR-IRIS
Uh oh!
There was an error while loading. Please reload this page.
-
Hi community,
Could you help me with the below issue?
Description
We are integrating IRIS with MISP and noticed that IOC category mapping is not preserved correctly.
Problem
IRIS IOCs with different semantic meanings are all mapped to the same category in MISP attributes.
Examples
IRIS IOC categories:
Expected MISP attribute mapping:
Category: Network activity
Type: ip-src / ip-dst (depending on context)
Category: payload delivery
Type: filename|sha256
Actual result:
This results in loss of context and makes correlation and analysis in MISP less effective (screenshots are attached).
Question
Is there:
Additional context
We are currently using a custom integration script, but we would prefer aligning with a standard or supported mapping approach if available.
Environments used
Thanks in advance,
Beta Was this translation helpful? Give feedback.
All reactions