Skip to content

MISP Sharing Improvements #366

New issue
New issue
Closed
Closed
MISP Sharing Improvements#366
Assignees
To-om
Labels
enhancement
Milestone
 
3.1.0-RC1 (Cerana 1)
@saadkadhi

Description

@saadkadhi
saadkadhi
opened on Nov 6, 2017

Request Type

Feature Request

Work Environment

Question Answer
TheHive version / git hash 3.0.10

Problem Description

The current implementation of MISP sharing in TheHive can be improved in several ways.

Create an Extended Event When not Able to Export

When an analyst attempts to update a MISP event on which the account used by TheHive to connect to the MISP instance is not part of the original creator organization, the current implementation in TheHive will display a you do not have permission to do that error produced by MISP. In this case, TheHive should offer the analyst the ability to create an extended event (http://www.misp-project.org/2018/04/19/Extended-Events-Feature.html).

Add Sightings and IDS Flags During Export

Once #365 is implemented, TheHive should mark sightingsand activate the IDS flag on each attribute exported to MISP corresponding to an observable that is marked as IOC and sighted in TheHive.

Provide Context

When sharing a case to a MISP instance, provide context such as TheHive's name instance, link to the case, and other metadata.

Metadata

Metadata

Assignees

Labels

enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions