Feeds & Taxonomies
Feeds
Feeds are resources that contain indicators that can be imported into MISP and provide attributed information about security events. These feeds provide analysts and organisations with continuously updated information on threats and adversaries and aid in their proactive defence against attacks.
Taxonomies
A taxonomy is a means of classifying information based on standard features or attributes. On MISP, taxonomies are used to categorise events, indicators and threat actors based on tags that identify them
Taxonomies are expressed in machine tags, which comprise three vital parts:
- Namespace: Defines the tag’s property to be used.
- Predicate: Specifies the property attached to the data.
- Value: Numerical or text details to map the property.
USAGE
- Set events for further processing by external tools such as VirusTotal.
- Ensure events are classified appropriately before the Organisation Admin publishes them.
- Enrich intrusion detection systems’ export values with tags that fit specific deployments.
Tagging
Information from feeds and taxonomies, tags can be placed on events and attributes to identify them based on the indicators or threats identified correctly. Tagging allows for effective sharing of threat information between users, communities and other organisations using MISP to identify various threats.