IntelOwl
IntelOwl copied to clipboard
intelowlproject
Add support for the new TLP v2.0 standard
FIRST have changed the TLP definitions to TLP:CLEAR, TLP:GREEN, TLP:AMBER, TLP:AMBER+STRICT, TLP:RED
https://www.first.org/tlp/
Thank for pointing this out. TLP works in a particular way in IntelOwl: based on the TLP that you choose, IntelOwl would apply some filtering. See: https://intelowl.readthedocs.io/en/latest/Usage.html?highlight=tlp#tlp-support
We'll review the new TLP definitions and see how we can make them fit in the project. Meanwhile, if you have any suggestion is more than welcome.
I guess it should be enough to change "white" with "clear" and keep the rest how it is
@mlodic Apologies, I totally missed following this for any update after I raised it.
What about the handling of TLP:AMBER+STRICT, which is subtlety different to TLP:AMBER?
hey, thanks for that, I totally forgot that new TLP:AMBER+STRICT.
Please consider that in IntelOwl the concept of TLP is not straight, we tried to adapt it to how IntelOwl works. For instance, TLP:AMBER already works like TLP:AMBER+STRICT (the analysis can be seen by members of the user's organization only). See: https://intelowl.readthedocs.io/en/latest/Usage.html#tlp-support
So honestly I do not see any chance to add it to IntelOwl too right now. Please remember that if you are using the MISP connector you can still set the right TLP that will be used in the MISP without limitation. Does it make sense to you?