Add the MISP dataset to our dataset
Lhorus6 opened this issue · comments
MISP has a threat actor dataset (intrusion set in STIX senses) that would be interesting to add to OpenCTI and could be integrated into our dataset.
Resources:
- The MISP threat actor dataset : https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json
- A MISP script to convert their MISP file into STIX format (the problem is that it does not correctly manage the migration of information contained in the "cfr-..." fields): https://github.com/MISP/misp-stix/blob/main/documentation/misp_galaxies_to_stix21.md
Note:
- "cfr-suspected-state-sponsor" -> Seems to be the "Originates from" field for intrusions set
- "cfr-suspected-victims" -> Should be a country and a relationship "targets" with the intrusion set
- "cfr-target-category -> Should be a sector and a relationship "targets" with the intrusion set
- "cfr-type-of-incident" -> Seems to be the "Primary motivation" field for intrusions set