“Malware Information Sharing Platform”的意思、由来-开放百科全书

词条

Malware Information Sharing Platform

释义

History
Funding
Intelligence Integration
References
External links

{{short description|Threat intelligence platform}}{{Infobox software
| name = MISP - Malware Information Sharing Platform and Threat Sharing
| logo = Misp-logo.png
| logo alt =
| logo caption =
| screenshot =
| screenshot alt =
| caption =
| collapsible =
| author = Christophe Vandeplas
| developer = Andras Iklody (lead developer), and [https://github.com/MISP/MISP/blob/2.4/AUTHORS other contributors]
| released =
| discontinued =
| ver layout =
| latest release version =
| latest release date =
| latest preview version =
| latest preview date =
| repo = https://github.com/MISP/MISP
| programming language = PHP
| operating system =
| platform =
| size =
| language =
| language count =
| language footnote =
| genre =
| license = GNU Affero GPLv3
| alexa =
| website = https://misp-project.org
| standard =
| AsOf =
}}Malware Information Sharing Platform (MISP) is an open source threat intelligence platform. The project develops utilities and documentation for more effective threat intelligence, by sharing indicators of compromise.^[1] There are several organizations who run MISP instances, who are listed on the website.^[2]

History

This project started around June 2011 when Christophe Vandeplas had a frustration that way to many IOCs were shared by email, or in pdf documents and were not parseable by automatic machines. So at home he started to play around with CakePHP and made a proof of concept of his idea. He called it CyDefSIG: Cyber Defence Signatures.^[3]

Mid July 2011 he presented his personal project at work (Belgian Defence) where the feedback was rather positive. After giving access to CyDefSIG running on his personal server the Belgian Defence started to use CyDefSIG officially starting mid August 2011. Christophe was then allowed to spend some time on CyDefSIG during his work-hours, while still working on it at home.^[3]

At some point NATO heard about this project. On January 2012 a first presentation was done to introduce them in more depth to the project. They looked at other products that the marked offered, but it seemed they deemed the openness of CyDefSIG to be of a great advantage. Andrzej Dereszowski was the first part-time developer from NATO side.^[3]

One thing led to another and some months later NATO hired a full-time developer to improve the code and add more features. A collaborative development started from that date. As with many personal projects the license was not explicitly written yet, it was collaboratively decided that the project would be released publicly under the Affero GPL license. This to share the code with as many people as possible and to protect it from any harm.^[3]

The project was then renamed to MISP: Malware Information Sharing Project, a name invented by Alex Vandurme from NATO.^[3]

In January 2013 Andras Iklody became the main full-time developer of MISP, during the day initially hired by NATO and during the evening and week-end contributor to an open source project.^[3]

Meanwhile other organisations started to adopt the software and promoted it around the CERT world (CERT-EU, CIRCL, and many others).^[3]

Nowadays, Andras Iklody is the lead developer of the MISP project and works for CIRCL.^[3]

As the MISP project expanded, MISP is not only covering the malware indicators but also fraud or vulnerability information. The name is now MISP, threat sharing which includes the core MISP software and a myriad of tools (PyMISP) and format (core format, MISP taxonomies, warning-lists) to support MISP. MISP is now a community project lead by a team of volunteers.^[3]

Funding

The project is funded by the European Union (through the Connecting Europe Facility^[4]) and the [https://www.circl.lu/ Computer Incident Response Center Luxembourg].

Intelligence Integration

Indicators of compromise which are managed by MISP may originate from a variety of sources; including internal incident investigation teams, intelligence sharing partners or commercial intelligence sources. Commercial sources with integration to MISP include Symantec's DeepSight Intelligence, Kaspersky threat feeds and McAfee Active Response.

References

1. ^{{cite web |title=MISP threat sharing platform |url=https://media.ccc.de/v/SHA2017-23-misp_threat_sharing_platform |website=media.ccc.de |accessdate=19 February 2019}}
2. ^{{cite web |title=MISP Communities |url=https://www.misp-project.org/communities/ |website=www.misp-project.org |accessdate=19 February 2019}}
3. ^¹²³⁴⁵⁶⁷⁸{{cite web |title=Who is behind the MISP project? |url=https://www.misp-project.org/who/ |website=MISP-Project.org |accessdate=24 February 2019}} Material was copied from this source, which is available under a [https://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 Unported] license.
4. ^{{cite web |title=Digital Single Market - MISP |url=https://ec.europa.eu/digital-single-market/en/news/misp-open-source-platform-threat-intelligence |website=ec.europe.eu |accessdate=19 February 2019}}

External links

[https://tools.ietf.org/html/draft-dulaunoy-misp-taxonomy-format-06 IETF draft-dulaunoy-misp-taxonomy-format-06]
[https://www.issummit.org/2017/pdf/Day%201%20-%20Track%202.5%20-%20CIRCL.pdf Building and designing MISP: A practical information-sharing tool for cybersecurity and fraud indicators]
[https://dial.uclouvain.be/memoire/ucl/en/object/thesis%3A10600/datastream/PDF_01/view Privacy Aware Sharing of IOCs in MISP]
[https://blog.passivetotal.org/misp-sharing-done-differently/ MISP: Sharing Done Differently ]

4 : Data security|Computer security|Computer security software|Free security software

随便看

开放百科全书收录14589846条英语、德语、日语等多语种百科知识，基本涵盖了大多数领域的百科知识，是一部内容自由、开放的电子版国际百科全书。