datasets icon indicating copy to clipboard operation
datasets copied to clipboard
verified publisher icon OpenCTI-Platform

Add the MISP dataset to our dataset

Open Lhorus6 opened this issue 2 years ago • 0 comments

MISP has a threat actor dataset (intrusion set in STIX senses) that would be interesting to add to OpenCTI and could be integrated into our dataset.

Resources:

  • The MISP threat actor dataset : https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json
  • A MISP script to convert their MISP file into STIX format (the problem is that it does not correctly manage the migration of information contained in the "cfr-..." fields): https://github.com/MISP/misp-stix/blob/main/documentation/misp_galaxies_to_stix21.md

Note:

  • "cfr-suspected-state-sponsor" -> Seems to be the "Originates from" field for intrusions set
  • "cfr-suspected-victims" -> Should be a country and a relationship "targets" with the intrusion set
  • "cfr-target-category -> Should be a sector and a relationship "targets" with the intrusion set
  • "cfr-type-of-incident" -> Seems to be the "Primary motivation" field for intrusions set

Lhorus6 avatar Feb 02 '24 11:02 Lhorus6