csp
csp copied to clipboard
melicertes
The Cyber Security Platform MeliCERTes is part of the European Strategy for Cyber Security. MeliCERTes is a network for establishing confidence and trust among the national Computer Security Incident...
CSP users - can they be assigned different roles through the single sign on system to assign different MISP user roles to the various different users?
There is a new csp-vulnerability MISP object: [https://github.com/melicertes/csp/blob/ca16e155ba2b0172e5a5e3e5afb6e4f681641df3/deployment/docker/base-images/misp-image/csp-misp-objects/csp-vulnerability/definition.json](https://github.com/melicertes/csp/blob/ca16e155ba2b0172e5a5e3e5afb6e4f681641df3/deployment/docker/base-images/misp-image/csp-misp-objects/csp-vulnerability/definition.json) The definition seems very close to the default MISP vulnerability object: https://github.com/MISP/misp-objects/blob/master/objects/vulnerability/definition.json A simple improvement would be to use the default one....
Show the actual versions of the modules instead of the melicertes rebranded version. We'd like to be able to ensure that we don't end up installing outdated / vulnerable versions...
https://github.com/melicertes/csp/blob/master/csp-apps/misp/misp-adapter-emitter/src/main/java/com/intrasoft/csp/misp/service/impl/MispTcSyncServiceImpl.java#L164 This is extremely worrying. Organisations that are not in the list of melicertes teams are absolutely normal and should not be flagged in any way. The comment that deletion...
The installation manual is classified as `TLP::AMBER`. https://github.com/melicertes/csp/blob/develop/documentation/CSP_Installation_Manual_v4.0.6.pdf The double colon should be replaced with a single colon. When fixed, the file should probably not TLP:AMBER at all if distributed...
As per the installation manual (v4.0.6 according to the file, v4.0.5 according to the archive name) the generated X.509 private key will have 2048 bits. 4096 bits is not only...
In a sharing environment where org A and org B are present. org B has a ticket with UUID X, which is private (not shared) org A has a ticket...
https://github.com/melicertes/csp/blob/68a050e2216dce8e7f824178c57a9b4f32b65971/csp-apps/misp/misp-tests/src/test/java/com/intrasoft/csp/misp/tests/sandbox/DistributionPolicyRectifierTest.java#L53 This is a violation of MISP's distribution model. MISP will always choose the most restrictive option in the inherited distributions. For example: Event [distribution: your organisation only] Attribute [distribution:all...
Metadata
Owner
Metadata
The Cyber Security Platform MeliCERTes is part of the European Strategy for Cyber Security. MeliCERTes is a network for establishing confidence and trust among the national Computer Security Incident...