Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add confidence value to indicators - create multiple feeds #22

Open
kf0jvt opened this issue Jul 25, 2012 · 1 comment
Open

Add confidence value to indicators - create multiple feeds #22

kf0jvt opened this issue Jul 25, 2012 · 1 comment
Assignees
@kf0jvt
Labels
enhancement
Milestone
Version 2

Comments

@kf0jvt
Copy link
Owner

kf0jvt commented Jul 25, 2012

CIF can apply a confidence value to a whole feed. My understanding is that it does not have the ability to apply confidence to individual items within in a feed. As it exists right now, if you have indicators of compromise that you have varying confidence in you would have to run an instance of CIFGlue for each of those confidence levels and configure CIF to pull from each of those instances. This is not ideal.

The proposed enhancement is to allow an investigator to enter an indicator of compromise into CIFGlue and also specify a confidence level. Discussion needs to be held around whether that confidence should be a % or a high/medium/low selector. CIFGlue should then produce feeds at these different levels for CIF to ingest.

So we would have feeds for malware-high.rss, malware-medium.rss, malware-low.rss, other-high.rss, other-medium.rss, other-low.rss, etc.
@ghost ghost assigned kf0jvt Jul 25, 2012
@veris-opensource
Copy link

sweet

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kf0jvt kf0jvt

Labels
enhancement
Projects
None yet
Milestone
Version 2
Development

No branches or pull requests
2 participants
@kf0jvt @veris-opensource