Back to Details

analyzing-threat-landscape-with-misp

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Instructions

操作说明

  1. Install dependencies: 
    pip install pymisp
  2. Configure MISP URL and API key.
  3. Run the agent to generate threat landscape analysis:
    • Pull event statistics by threat level and date range
    • Analyze attribute type distributions (IP, domain, hash, URL)
    • Identify top MITRE ATT&CK techniques from event tags
    • Track threat actor activity via galaxy clusters
    • Generate temporal trend analysis of IOC submissions
bash
python scripts/agent.py --misp-url https://misp.local --api-key YOUR_KEY --days 90 --output landscape_report.json
  1. 安装依赖:
    pip install pymisp
  2. 配置MISP URL和API密钥。
  3. 运行agent生成威胁态势分析:
    • 按威胁级别和日期范围拉取事件统计数据
    • 分析属性类型分布(IP、域名、哈希值、URL)
    • 从事件标签中识别顶级MITRE ATT&CK技术
    • 通过星系集群追踪威胁参与者活动
    • 生成IOC提交的时间趋势分析
bash
python scripts/agent.py --misp-url https://misp.local --api-key YOUR_KEY --days 90 --output landscape_report.json

Examples

示例

Threat Landscape Summary

威胁态势摘要

Period: Last 90 days
Events analyzed: 1,247
Top threat level: High (43%)
Top attribute type: ip-dst (31%), domain (22%), sha256 (18%)
Top MITRE technique: T1566 Phishing (89 events)
Top threat actor: APT28 (34 events)
Period: Last 90 days
Events analyzed: 1,247
Top threat level: High (43%)
Top attribute type: ip-dst (31%), domain (22%), sha256 (18%)
Top MITRE technique: T1566 Phishing (89 events)
Top threat actor: APT28 (34 events)