Giters

MISP / misp-playbooks

MISP Playbooks

Home Page:https://misp.github.io/misp-playbooks/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Query CVE information

cudeso opened this issue · comments

commented

The title of the playbook

Query CVE information

Purpose of the playbook

This playbook queries the MISP events and enabled OSINT caches for the use of a specific CVE. It lists the found events in a chronological order with the context (taxonomies, galaxies) that was attached to the event. The playbook then queries public sources (CVE search, vulners, Shodan, ...) for additional CVE information. The results are stored in the playbook and sent to Mattermost or Slack or added as an alert in TheHive or DFIR-IRIS (to be discussed for implementation).

External resources used by this playbook

cvesearch, vulners, Shodan, Mattermost (or Slack), TheHive (optional), DFIR-IRIS (optional)

Target audience

CSIRT, CTI

Breefly list the execution steps or workflow

No response