MALICIOUS PDF ATTRIBUTES ZIP FILE
zip file from GFI sandbox with the help of this tool. GFI Sandbox: It is possible to upload the exported.Keep in mind that the system will automatically replace detected text strings that match a regular expression entry set up by your server's administrator(s). This field should be as brief and concise as possible, the more detailed description happens through attributes in the next stage of the event's creation. Event Description: The info field, where the malware/incident can get a brief description starting with the internal reference.Initial: The analysis is just beginning.Analysis: Indicates the current stage of the analysis for the event, with the following possible options:.High: Sophisticated APTs and 0day attacks.Medium: Advanced Persistent Threats (APT).This field can alternatively be left as undefined. Incidents can be categorised into three different threat categories (low, medium, high). Threat Level: This field indicates the risk level of the event.For more information on sharing groups, refer to the sharing group section. The distribution can be local and cross-instance depending of the sharing group definition. This includes only the organisations defined in the sharing group. Sharing group: This will share the event to the defined sharing group.All communities: This will share the event with all MISP communities, allowing the event to be freely propagated from one server to the next.Upon pull: pull and downgrade to This Community only. Upon push: downgrade to This Community only and push. Any other organisations connected to linked servers that are 2 hops away from this own will be restricted from seeing the event. This includes all organisations on this MISP server, all organisations on MISP servers synchronising with this server and the hosting organisations of servers that connect to those afore mentioned servers (so basically any server that is 2 hops away from this one). Connected communities: Users that are part of your MISP community will be able to see the event.Upon pull: pull and downgrade to Your organization only. Any other organisations connected to such linked servers will be restricted from seeing the event. This includes your own organisation, organisations on this MISP server and organisations running MISP servers that synchronise with this server. This Community-only: Users that are part of your MISP community will be able to see the event.Events with this setting will not be synchronised. It can be pulled to another instance by one of your organisation members where only your organisation will be able to see it. Your organization only: This setting will only allow members of your organisation to see this.The distribution is inherited by attributes: the most restrictive setting wins.
Apart from being able to set which users on this server are allowed to see the event, this also controls whether the event will be synchronised to other servers or not. Distribution: This setting controls, who will be able to see this event once it becomes published and eventually when it becomes pulled.Just click this field and a date-picker will pop up where you can select the desired date. Date: The date when the incident has happened.The following fields need to be filled out: To start creating the event, click on the New Event button on the left and fill out the form you are presented with. The process of entering an event can be split into 3 phases, the creation of the event itself, populating it with attributesĪnd attachments and finally publishing it.ĭuring this first step, you will create a basic event without any actual attributes, but storing general information such as a description, time and risk level of the incident. Browsing the currently set up server connections and interacting with them.Setting up a connection to another server.Exporting search results and individual events.Export page with background jobs enabled.Export page with background jobs disabled.Updating and modifying events and attributes.Propose a change to an event that belongs to another organisation.Last modified: Tue 10:02:29 GMT+0100 (Central European Standard Time)
0 kommentar(er)
