├── .github ├── ISSUE_TEMPLATE │ └── new-playbook-proposal.yml └── workflows │ ├── convert-notebooks.yml │ ├── deploy-gh-pages.yml │ └── update-readme.yml ├── .gitignore ├── LICENSE ├── README.md ├── config ├── azureuser-misp-modules.service ├── azureuser-misp-playbook-jupyter.py ├── azureuser-misp-playbook-jupyter.service ├── misp-playbook-jupyter.py ├── misp-playbook-jupyter.service └── nginx-notebook.conf ├── documentation ├── FIRST-SIG - MISP Playbooks-20230601.pdf ├── MISP playbook FAQ.md ├── MISP playbook guidelines.md ├── MISP playbook on Kali.md ├── MISP playbook structure.md ├── MISP playbook technical documentation.md ├── MISP playbook.ipynb ├── MISP_CACAO.md ├── README.md ├── assets │ ├── browser-start-1.png │ ├── browser-start-2.png │ ├── cacao_roaster-command.png │ ├── cacao_roaster.png │ ├── doc-guidelines-addimage.png │ ├── doc-guidelines-debugcode.png │ ├── doc-guidelines-delimage.png │ ├── doc-guidelines-duplicatenotebook.png │ ├── doc-guidelines-editcell.png │ ├── doc-guidelines-newnotebook.png │ ├── doc-guidelines-runcell.png │ ├── doc-guidelines-switchcelltype.png │ ├── doc-guidelines-toc.png │ ├── doc-interface.png │ ├── doc-tips-exportpdf.png │ ├── kali-architecture.png │ ├── kali-vm-1.png │ ├── kali-vm-2.png │ ├── kali-vm-2b.png │ ├── kali-vm-3.png │ ├── kali-vm-4.png │ ├── kali-vm-5.png │ ├── kali-vm-6.png │ ├── kali-vm-7.png │ ├── playbook-actor_profiling.drawio │ ├── playbook-actor_profiling.png │ ├── playbook-create_MISP_objects_and_relationships.drawio │ ├── playbook-create_MISP_objects_and_relationships.png │ ├── playbook-create_custom_MISP_warninglist.drawio │ ├── playbook-create_custom_MISP_warninglist.png │ ├── playbook-create_custom_MISP_warninglist_mattermost.png │ ├── playbook-create_custom_MISP_warninglist_newlist.png │ ├── playbook-create_custom_MISP_warninglist_thehive.png │ ├── playbook-create_update_misp_event_on_phishing_with_link.drawio │ ├── playbook-create_update_misp_event_on_phishing_with_link.png │ ├── playbook-documentation-techdoc-components.png │ ├── playbook-documentation.drawio │ ├── playbook-provision_users_organisations.drawio │ ├── playbook-provision_users_organisations.png │ ├── playbook-query_cve_information.drawio │ ├── playbook-query_cve_information.png │ ├── playbook-query_domain_reputation.drawio │ ├── playbook-query_domain_reputation.png │ ├── playbook-query_domain_reputation_correlationgraph.png │ ├── playbook-query_domain_reputation_eventgraph.png │ ├── playbook-query_domain_reputation_mattermost.png │ ├── playbook-query_domain_reputation_thehive.png │ ├── playbook-structure-graphical-workflow.drawio.png │ ├── playbook-structure-playbook-structure.drawio.png │ ├── playbook-structure.drawio │ └── security-playbook-object.png ├── requirements.txt └── sample_misp_playbook_to_cacao_malware_triage.json ├── misp-playbooks ├── Jupyterthon2024-MISP_playbooks.ipynb ├── helpers │ ├── helpers.py │ ├── jupyterthon-commits.png │ ├── jupyterthon-misp.png │ ├── jupyterthon-structure.png │ ├── jupyterthon-whatdoyouneed.png │ ├── playbook-actor_profiling.png │ ├── playbook-create_MISP_objects_and_relationships.png │ ├── playbook-create_MISP_objects_and_relationships_customobject.png │ ├── playbook-create_MISP_objects_and_relationships_eventgraph.png │ ├── playbook-create_MISP_objects_and_relationships_objects-definition.png │ ├── playbook-create_MISP_objects_and_relationships_objects.png │ ├── playbook-create_MISP_objects_and_relationships_objectscreated.png │ ├── playbook-create_custom_MISP_warninglist.png │ ├── playbook-create_custom_MISP_warninglist_mattermost.png │ ├── playbook-create_custom_MISP_warninglist_newlist.png │ ├── playbook-create_custom_MISP_warninglist_thehive.png │ ├── playbook-create_update_misp_event_on_phishing_with_link.png │ ├── playbook-create_update_misp_event_on_phishing_with_link_eventags.png │ ├── playbook-create_update_misp_event_on_phishing_with_link_eventgraph1.png │ ├── playbook-create_update_misp_event_on_phishing_with_link_eventgraph2.png │ ├── playbook-create_update_misp_event_on_phishing_with_link_eventgraph3.png │ ├── playbook-create_update_misp_event_on_phishing_with_link_lookyloo.png │ ├── playbook-create_update_misp_event_on_phishing_with_link_mattermost.png │ ├── playbook-create_update_misp_event_on_phishing_with_link_thehive.png │ ├── playbook-decayindicators1.png │ ├── playbook-decayindicators2.png │ ├── playbook-decayindicators3.png │ ├── playbook-documentation-techdoc-components.png │ ├── playbook-provision_users_organisations.png │ ├── playbook-query_cve_information.png │ ├── playbook-query_domain_reputation.png │ ├── playbook-query_domain_reputation_correlationgraph.png │ ├── playbook-query_domain_reputation_eventgraph.png │ ├── playbook-query_domain_reputation_mattermost.png │ ├── playbook-query_domain_reputation_thehive.png │ ├── playbook-structure-graphical-workflow.drawio.png │ ├── playbook-structure-playbook-structure.drawio.png │ ├── playbook_actorprofile_customcluster1.png │ ├── playbook_actorprofile_customcluster2.png │ ├── playbook_actorprofile_galaxy_cluster_t1568001.png │ ├── playbook_actorprofile_hive1.png │ ├── playbook_actorprofile_hive2.png │ ├── playbook_actorprofile_mattermost1.png │ ├── playbook_actorprofile_mattermost2.png │ ├── playbook_query_cve_information_mattermost1.png │ ├── playbook_query_cve_information_mattermost2.png │ ├── playbook_query_cve_information_thehive.png │ ├── timestamp_add.png │ ├── timestamp_add_attribute.png │ ├── timestamp_attribute_1.png │ ├── timestamp_attribute_seen.png │ ├── timestamp_date.png │ ├── timestamp_firstchange.png │ ├── timestamp_lastchange.png │ ├── timestamp_published.png │ └── timestamp_publishing.png ├── pb_bulk_delete_events-with_output.ipynb ├── pb_bulk_delete_events.ipynb ├── pb_check_misp_server_connection.ipynb ├── pb_create_MISP_objects_and_relationship-with_output.ipynb ├── pb_create_MISP_objects_and_relationship.ipynb ├── pb_create_custom_MISP_warninglist-with_output.ipynb ├── pb_create_custom_MISP_warninglist.ipynb ├── pb_create_or_update_a_MISP_event_with_information_from_a_phishing_incident_with_a_link-with_output.ipynb ├── pb_create_or_update_a_MISP_event_with_information_from_a_phishing_incident_with_a_link.ipynb ├── pb_curate_disable_decayed_indicators-with_output.ipynb ├── pb_curate_disable_decayed_indicators.ipynb ├── pb_curate_misp_events-with_output.ipynb ├── pb_curate_misp_events.ipynb ├── pb_elasticsearch_matches_sightings-with_output.ipynb ├── pb_elasticsearch_matches_sightings.ipynb ├── pb_event_from_sentinel_incidents-with_output.ipynb ├── pb_event_from_sentinel_incidents.ipynb ├── pb_geolocate_ip_and_calc_distance-with_output.ipynb ├── pb_geolocate_ip_and_calc_distance.ipynb ├── pb_investigating_phishing_websites-with_output.ipynb ├── pb_investigating_phishing_websites.ipynb ├── pb_jarm_verification-with_output.ipynb ├── pb_jarm_verification.ipynb ├── pb_malware_triage-with_output.ipynb ├── pb_malware_triage.ipynb ├── pb_malware_triage_upload_sample-with_output.ipynb ├── pb_malware_triage_upload_sample.ipynb ├── pb_provision_users_organisations-with_output.ipynb ├── pb_provision_users_organisations.ipynb ├── pb_query_cve_information-with_output.ipynb ├── pb_query_cve_information.ipynb ├── pb_query_domain_reputation-with_output.ipynb ├── pb_query_domain_reputation.ipynb ├── pb_query_for_inconsistencies_misp_events-with_output.ipynb ├── pb_query_for_inconsistencies_misp_events.ipynb ├── pb_query_hash_information-with_output.ipynb ├── pb_query_hash_information.ipynb ├── pb_query_ip_reputation-with_output.ipynb ├── pb_query_ip_reputation.ipynb ├── pb_query_url_reputation-with_output.ipynb ├── pb_query_url_reputation.ipynb ├── pb_retroscan_with_MISP_warninglist-with_output.ipynb ├── pb_retroscan_with_MISP_warninglist.ipynb ├── pb_skeleton.ipynb ├── pb_threat_actor_profiling-with_output.ipynb ├── pb_threat_actor_profiling.ipynb ├── pb_timesketch_search_query_sightings-with_output.ipynb ├── pb_timesketch_search_query_sightings.ipynb ├── pb_url_remediation-with_output.ipynb ├── pb_url_remediation.ipynb ├── pb_using_timestamps_in_MISP-with_output.ipynb └── pb_using_timestamps_in_MISP.ipynb ├── playbook.json ├── playbook_JupyterUniverse.json └── tools ├── cacao_playbook_to_misp_playbook.py ├── create-json-list-playbooks.py ├── misp_playbook_to_cacao_playbook.py └── set_notebook_password.py /.github/ISSUE_TEMPLATE/new-playbook-proposal.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/.github/ISSUE_TEMPLATE/new-playbook-proposal.yml -------------------------------------------------------------------------------- /.github/workflows/convert-notebooks.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/.github/workflows/convert-notebooks.yml -------------------------------------------------------------------------------- /.github/workflows/deploy-gh-pages.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/.github/workflows/deploy-gh-pages.yml -------------------------------------------------------------------------------- /.github/workflows/update-readme.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/.github/workflows/update-readme.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | playbook/* 2 | ~$* -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/README.md -------------------------------------------------------------------------------- /config/azureuser-misp-modules.service: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/config/azureuser-misp-modules.service -------------------------------------------------------------------------------- /config/azureuser-misp-playbook-jupyter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/config/azureuser-misp-playbook-jupyter.py -------------------------------------------------------------------------------- /config/azureuser-misp-playbook-jupyter.service: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/config/azureuser-misp-playbook-jupyter.service -------------------------------------------------------------------------------- /config/misp-playbook-jupyter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/config/misp-playbook-jupyter.py -------------------------------------------------------------------------------- /config/misp-playbook-jupyter.service: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/config/misp-playbook-jupyter.service -------------------------------------------------------------------------------- /config/nginx-notebook.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/config/nginx-notebook.conf -------------------------------------------------------------------------------- /documentation/FIRST-SIG - MISP Playbooks-20230601.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/FIRST-SIG - MISP Playbooks-20230601.pdf -------------------------------------------------------------------------------- /documentation/MISP playbook FAQ.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/MISP playbook FAQ.md -------------------------------------------------------------------------------- /documentation/MISP playbook guidelines.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/MISP playbook guidelines.md -------------------------------------------------------------------------------- /documentation/MISP playbook on Kali.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/MISP playbook on Kali.md -------------------------------------------------------------------------------- /documentation/MISP playbook structure.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/MISP playbook structure.md -------------------------------------------------------------------------------- /documentation/MISP playbook technical documentation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/MISP playbook technical documentation.md -------------------------------------------------------------------------------- /documentation/MISP playbook.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/MISP playbook.ipynb -------------------------------------------------------------------------------- /documentation/MISP_CACAO.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/MISP_CACAO.md -------------------------------------------------------------------------------- /documentation/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/README.md -------------------------------------------------------------------------------- /documentation/assets/browser-start-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/browser-start-1.png -------------------------------------------------------------------------------- /documentation/assets/browser-start-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/browser-start-2.png -------------------------------------------------------------------------------- /documentation/assets/cacao_roaster-command.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/cacao_roaster-command.png -------------------------------------------------------------------------------- /documentation/assets/cacao_roaster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/cacao_roaster.png -------------------------------------------------------------------------------- /documentation/assets/doc-guidelines-addimage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/doc-guidelines-addimage.png -------------------------------------------------------------------------------- /documentation/assets/doc-guidelines-debugcode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/doc-guidelines-debugcode.png -------------------------------------------------------------------------------- /documentation/assets/doc-guidelines-delimage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/doc-guidelines-delimage.png -------------------------------------------------------------------------------- /documentation/assets/doc-guidelines-duplicatenotebook.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/doc-guidelines-duplicatenotebook.png -------------------------------------------------------------------------------- /documentation/assets/doc-guidelines-editcell.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/doc-guidelines-editcell.png -------------------------------------------------------------------------------- /documentation/assets/doc-guidelines-newnotebook.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/doc-guidelines-newnotebook.png -------------------------------------------------------------------------------- /documentation/assets/doc-guidelines-runcell.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/doc-guidelines-runcell.png -------------------------------------------------------------------------------- /documentation/assets/doc-guidelines-switchcelltype.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/doc-guidelines-switchcelltype.png -------------------------------------------------------------------------------- /documentation/assets/doc-guidelines-toc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/doc-guidelines-toc.png -------------------------------------------------------------------------------- /documentation/assets/doc-interface.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/doc-interface.png -------------------------------------------------------------------------------- /documentation/assets/doc-tips-exportpdf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/doc-tips-exportpdf.png -------------------------------------------------------------------------------- /documentation/assets/kali-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/kali-architecture.png -------------------------------------------------------------------------------- /documentation/assets/kali-vm-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/kali-vm-1.png -------------------------------------------------------------------------------- /documentation/assets/kali-vm-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/kali-vm-2.png -------------------------------------------------------------------------------- /documentation/assets/kali-vm-2b.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/kali-vm-2b.png -------------------------------------------------------------------------------- /documentation/assets/kali-vm-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/kali-vm-3.png -------------------------------------------------------------------------------- /documentation/assets/kali-vm-4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/kali-vm-4.png -------------------------------------------------------------------------------- /documentation/assets/kali-vm-5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/kali-vm-5.png -------------------------------------------------------------------------------- /documentation/assets/kali-vm-6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/kali-vm-6.png -------------------------------------------------------------------------------- /documentation/assets/kali-vm-7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/kali-vm-7.png -------------------------------------------------------------------------------- /documentation/assets/playbook-actor_profiling.drawio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-actor_profiling.drawio -------------------------------------------------------------------------------- /documentation/assets/playbook-actor_profiling.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-actor_profiling.png -------------------------------------------------------------------------------- /documentation/assets/playbook-create_MISP_objects_and_relationships.drawio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-create_MISP_objects_and_relationships.drawio -------------------------------------------------------------------------------- /documentation/assets/playbook-create_MISP_objects_and_relationships.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-create_MISP_objects_and_relationships.png -------------------------------------------------------------------------------- /documentation/assets/playbook-create_custom_MISP_warninglist.drawio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-create_custom_MISP_warninglist.drawio -------------------------------------------------------------------------------- /documentation/assets/playbook-create_custom_MISP_warninglist.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-create_custom_MISP_warninglist.png -------------------------------------------------------------------------------- /documentation/assets/playbook-create_custom_MISP_warninglist_mattermost.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-create_custom_MISP_warninglist_mattermost.png -------------------------------------------------------------------------------- /documentation/assets/playbook-create_custom_MISP_warninglist_newlist.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-create_custom_MISP_warninglist_newlist.png -------------------------------------------------------------------------------- /documentation/assets/playbook-create_custom_MISP_warninglist_thehive.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-create_custom_MISP_warninglist_thehive.png -------------------------------------------------------------------------------- /documentation/assets/playbook-create_update_misp_event_on_phishing_with_link.drawio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-create_update_misp_event_on_phishing_with_link.drawio -------------------------------------------------------------------------------- /documentation/assets/playbook-create_update_misp_event_on_phishing_with_link.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-create_update_misp_event_on_phishing_with_link.png -------------------------------------------------------------------------------- /documentation/assets/playbook-documentation-techdoc-components.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-documentation-techdoc-components.png -------------------------------------------------------------------------------- /documentation/assets/playbook-documentation.drawio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-documentation.drawio -------------------------------------------------------------------------------- /documentation/assets/playbook-provision_users_organisations.drawio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-provision_users_organisations.drawio -------------------------------------------------------------------------------- /documentation/assets/playbook-provision_users_organisations.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-provision_users_organisations.png -------------------------------------------------------------------------------- /documentation/assets/playbook-query_cve_information.drawio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-query_cve_information.drawio -------------------------------------------------------------------------------- /documentation/assets/playbook-query_cve_information.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-query_cve_information.png -------------------------------------------------------------------------------- /documentation/assets/playbook-query_domain_reputation.drawio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-query_domain_reputation.drawio -------------------------------------------------------------------------------- /documentation/assets/playbook-query_domain_reputation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-query_domain_reputation.png -------------------------------------------------------------------------------- /documentation/assets/playbook-query_domain_reputation_correlationgraph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-query_domain_reputation_correlationgraph.png -------------------------------------------------------------------------------- /documentation/assets/playbook-query_domain_reputation_eventgraph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-query_domain_reputation_eventgraph.png -------------------------------------------------------------------------------- /documentation/assets/playbook-query_domain_reputation_mattermost.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-query_domain_reputation_mattermost.png -------------------------------------------------------------------------------- /documentation/assets/playbook-query_domain_reputation_thehive.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-query_domain_reputation_thehive.png -------------------------------------------------------------------------------- /documentation/assets/playbook-structure-graphical-workflow.drawio.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-structure-graphical-workflow.drawio.png -------------------------------------------------------------------------------- /documentation/assets/playbook-structure-playbook-structure.drawio.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-structure-playbook-structure.drawio.png -------------------------------------------------------------------------------- /documentation/assets/playbook-structure.drawio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/playbook-structure.drawio -------------------------------------------------------------------------------- /documentation/assets/security-playbook-object.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/assets/security-playbook-object.png -------------------------------------------------------------------------------- /documentation/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/requirements.txt -------------------------------------------------------------------------------- /documentation/sample_misp_playbook_to_cacao_malware_triage.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/documentation/sample_misp_playbook_to_cacao_malware_triage.json -------------------------------------------------------------------------------- /misp-playbooks/Jupyterthon2024-MISP_playbooks.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/Jupyterthon2024-MISP_playbooks.ipynb -------------------------------------------------------------------------------- /misp-playbooks/helpers/helpers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/helpers.py -------------------------------------------------------------------------------- /misp-playbooks/helpers/jupyterthon-commits.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/jupyterthon-commits.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/jupyterthon-misp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/jupyterthon-misp.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/jupyterthon-structure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/jupyterthon-structure.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/jupyterthon-whatdoyouneed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/jupyterthon-whatdoyouneed.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-actor_profiling.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-actor_profiling.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_MISP_objects_and_relationships.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_MISP_objects_and_relationships.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_MISP_objects_and_relationships_customobject.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_MISP_objects_and_relationships_customobject.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_MISP_objects_and_relationships_eventgraph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_MISP_objects_and_relationships_eventgraph.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_MISP_objects_and_relationships_objects-definition.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_MISP_objects_and_relationships_objects-definition.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_MISP_objects_and_relationships_objects.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_MISP_objects_and_relationships_objects.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_MISP_objects_and_relationships_objectscreated.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_MISP_objects_and_relationships_objectscreated.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_custom_MISP_warninglist.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_custom_MISP_warninglist.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_custom_MISP_warninglist_mattermost.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_custom_MISP_warninglist_mattermost.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_custom_MISP_warninglist_newlist.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_custom_MISP_warninglist_newlist.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_custom_MISP_warninglist_thehive.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_custom_MISP_warninglist_thehive.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_update_misp_event_on_phishing_with_link.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_update_misp_event_on_phishing_with_link.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_update_misp_event_on_phishing_with_link_eventags.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_update_misp_event_on_phishing_with_link_eventags.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_update_misp_event_on_phishing_with_link_eventgraph1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_update_misp_event_on_phishing_with_link_eventgraph1.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_update_misp_event_on_phishing_with_link_eventgraph2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_update_misp_event_on_phishing_with_link_eventgraph2.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_update_misp_event_on_phishing_with_link_eventgraph3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_update_misp_event_on_phishing_with_link_eventgraph3.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_update_misp_event_on_phishing_with_link_lookyloo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_update_misp_event_on_phishing_with_link_lookyloo.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_update_misp_event_on_phishing_with_link_mattermost.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_update_misp_event_on_phishing_with_link_mattermost.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-create_update_misp_event_on_phishing_with_link_thehive.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-create_update_misp_event_on_phishing_with_link_thehive.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-decayindicators1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-decayindicators1.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-decayindicators2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-decayindicators2.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-decayindicators3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-decayindicators3.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-documentation-techdoc-components.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-documentation-techdoc-components.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-provision_users_organisations.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-provision_users_organisations.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-query_cve_information.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-query_cve_information.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-query_domain_reputation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-query_domain_reputation.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-query_domain_reputation_correlationgraph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-query_domain_reputation_correlationgraph.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-query_domain_reputation_eventgraph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-query_domain_reputation_eventgraph.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-query_domain_reputation_mattermost.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-query_domain_reputation_mattermost.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-query_domain_reputation_thehive.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-query_domain_reputation_thehive.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-structure-graphical-workflow.drawio.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-structure-graphical-workflow.drawio.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook-structure-playbook-structure.drawio.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook-structure-playbook-structure.drawio.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook_actorprofile_customcluster1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook_actorprofile_customcluster1.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook_actorprofile_customcluster2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook_actorprofile_customcluster2.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook_actorprofile_galaxy_cluster_t1568001.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook_actorprofile_galaxy_cluster_t1568001.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook_actorprofile_hive1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook_actorprofile_hive1.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook_actorprofile_hive2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook_actorprofile_hive2.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook_actorprofile_mattermost1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook_actorprofile_mattermost1.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook_actorprofile_mattermost2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook_actorprofile_mattermost2.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook_query_cve_information_mattermost1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook_query_cve_information_mattermost1.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook_query_cve_information_mattermost2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook_query_cve_information_mattermost2.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/playbook_query_cve_information_thehive.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/playbook_query_cve_information_thehive.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/timestamp_add.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/timestamp_add.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/timestamp_add_attribute.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/timestamp_add_attribute.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/timestamp_attribute_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/timestamp_attribute_1.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/timestamp_attribute_seen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/timestamp_attribute_seen.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/timestamp_date.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/timestamp_date.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/timestamp_firstchange.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/timestamp_firstchange.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/timestamp_lastchange.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/timestamp_lastchange.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/timestamp_published.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/timestamp_published.png -------------------------------------------------------------------------------- /misp-playbooks/helpers/timestamp_publishing.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/helpers/timestamp_publishing.png -------------------------------------------------------------------------------- /misp-playbooks/pb_bulk_delete_events-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_bulk_delete_events-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_bulk_delete_events.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_bulk_delete_events.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_check_misp_server_connection.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_check_misp_server_connection.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_create_MISP_objects_and_relationship-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_create_MISP_objects_and_relationship-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_create_MISP_objects_and_relationship.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_create_MISP_objects_and_relationship.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_create_custom_MISP_warninglist-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_create_custom_MISP_warninglist-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_create_custom_MISP_warninglist.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_create_custom_MISP_warninglist.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_create_or_update_a_MISP_event_with_information_from_a_phishing_incident_with_a_link-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_create_or_update_a_MISP_event_with_information_from_a_phishing_incident_with_a_link-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_create_or_update_a_MISP_event_with_information_from_a_phishing_incident_with_a_link.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_create_or_update_a_MISP_event_with_information_from_a_phishing_incident_with_a_link.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_curate_disable_decayed_indicators-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_curate_disable_decayed_indicators-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_curate_disable_decayed_indicators.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_curate_disable_decayed_indicators.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_curate_misp_events-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_curate_misp_events-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_curate_misp_events.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_curate_misp_events.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_elasticsearch_matches_sightings-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_elasticsearch_matches_sightings-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_elasticsearch_matches_sightings.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_elasticsearch_matches_sightings.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_event_from_sentinel_incidents-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_event_from_sentinel_incidents-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_event_from_sentinel_incidents.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_event_from_sentinel_incidents.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_geolocate_ip_and_calc_distance-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_geolocate_ip_and_calc_distance-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_geolocate_ip_and_calc_distance.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_geolocate_ip_and_calc_distance.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_investigating_phishing_websites-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_investigating_phishing_websites-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_investigating_phishing_websites.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_investigating_phishing_websites.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_jarm_verification-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_jarm_verification-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_jarm_verification.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_jarm_verification.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_malware_triage-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_malware_triage-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_malware_triage.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_malware_triage.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_malware_triage_upload_sample-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_malware_triage_upload_sample-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_malware_triage_upload_sample.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_malware_triage_upload_sample.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_provision_users_organisations-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_provision_users_organisations-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_provision_users_organisations.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_provision_users_organisations.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_query_cve_information-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_query_cve_information-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_query_cve_information.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_query_cve_information.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_query_domain_reputation-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_query_domain_reputation-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_query_domain_reputation.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_query_domain_reputation.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_query_for_inconsistencies_misp_events-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_query_for_inconsistencies_misp_events-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_query_for_inconsistencies_misp_events.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_query_for_inconsistencies_misp_events.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_query_hash_information-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_query_hash_information-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_query_hash_information.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_query_hash_information.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_query_ip_reputation-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_query_ip_reputation-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_query_ip_reputation.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_query_ip_reputation.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_query_url_reputation-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_query_url_reputation-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_query_url_reputation.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_query_url_reputation.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_retroscan_with_MISP_warninglist-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_retroscan_with_MISP_warninglist-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_retroscan_with_MISP_warninglist.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_retroscan_with_MISP_warninglist.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_skeleton.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_skeleton.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_threat_actor_profiling-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_threat_actor_profiling-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_threat_actor_profiling.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_threat_actor_profiling.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_timesketch_search_query_sightings-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_timesketch_search_query_sightings-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_timesketch_search_query_sightings.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_timesketch_search_query_sightings.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_url_remediation-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_url_remediation-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_url_remediation.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_url_remediation.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_using_timestamps_in_MISP-with_output.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_using_timestamps_in_MISP-with_output.ipynb -------------------------------------------------------------------------------- /misp-playbooks/pb_using_timestamps_in_MISP.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/misp-playbooks/pb_using_timestamps_in_MISP.ipynb -------------------------------------------------------------------------------- /playbook.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/playbook.json -------------------------------------------------------------------------------- /playbook_JupyterUniverse.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/playbook_JupyterUniverse.json -------------------------------------------------------------------------------- /tools/cacao_playbook_to_misp_playbook.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/tools/cacao_playbook_to_misp_playbook.py -------------------------------------------------------------------------------- /tools/create-json-list-playbooks.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/tools/create-json-list-playbooks.py -------------------------------------------------------------------------------- /tools/misp_playbook_to_cacao_playbook.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/tools/misp_playbook_to_cacao_playbook.py -------------------------------------------------------------------------------- /tools/set_notebook_password.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-playbooks/HEAD/tools/set_notebook_password.py --------------------------------------------------------------------------------