benjaminxscott / mockingjay Goto Github PK

From c9 build error

instead of hardcoded mysql garbage

derive from Confidence, Handling, Breach_Time
i.e. if recent and sensitive and high confidence, add high pri label

using select query

Build a method for people to 'propose themselves' as an assignee

• ability for creator to say "anyone can take it" or "I want to vet each potential person"
  • they choose a role, can be multiple
    with status
• i.e. capture who has taken action
  • captured in STIX as 'responder', etc depending on role

list show up on incident display

• Jim, Bob, and Jeffhave all said they want to respond
  Up to them to hash or

i.e. hitting /breach/$id would return more deets on that one, if your user has the creds

• implement login cookie
• check cookie on privileged events

drop some jquery

Goal is to allow people to comment on / update breaches

• ability to assign breaches using email address as username
• refactor DB to handle storing history of events (linked list?)
• allow updating limited # of fields of a breach after the fact via web interface /breach/$id/edit
• allow comments as an 'event', displayed on /breach/$id

Relate CVE, etc (if known)

Should store the "first generated" stix ID, and emit the same one for future exports.

i.e. if (db.ID doesn't exist, generate a new one and store it)
stamp (db.ID)

Use EDH2 headers as vocab

to capture followup actions from the agent

• i.e. "we called them", or "they said it wasn't accurate"

Use cybox to build from SockObject

• Accept list of 'target IPs' related to incident as victim
• Accept hostile IPs / ports related to incident as hostile
  ? how to characterize the IPs

Hit DB of Fortune 500 and Global 500

implement a taxii service that accepts incoming requests and returns the breach data

• read http://libtaxii.readthedocs.org/en/latest/getting_started.html
• generate a placeholder taxii reply
• build the actual taxii output for a given breach

Include one-click links:

• 'I want to be assigned' which sends an approve/deny request to the creator (shown as a potential assignee)
• 'I want to follow this' which lets you get further updates (shown as sum total on ticket like stars in GH)
• 'I want to report this as sensitive or have them check with my equities before releasing' which starts a dialogue with the creator and possibly changes visibility (not shown to others)

Capturing if they're a proxy for malicious actors, complicit, or innocent victim

based on impact, timeliness, etc

• add to web form
• accept POST data for asset
• adjust schema
• generate to stix

currently have to manually run mockingjay.init_db() from command line to create the DB schema

Perhaps generate a blank DB as part of the build process?
( i.e. check a .db into git)

• Use CIQ Identity rather than 'SimpleIdentity'
• Store the Reporter PoC and Victim PoC

To capture the person's phone number, name for later