From fec5749f31ac09c85d34e1172a465d271d10a63f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arne=20=C3=98sleb=C3=B8?= <arne.oslebo@uninett.no> Date: Wed, 24 Mar 2021 09:11:28 +0000 Subject: [PATCH] Update usecase.md --- doc/usecase.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/usecase.md b/doc/usecase.md index 88f1b34..c869172 100644 --- a/doc/usecase.md +++ b/doc/usecase.md @@ -16,6 +16,6 @@ He then expands one of the events and scrolls down till he sees the field "desti <img src="images/use_case4.png" width=480> -After evaluating the information in MISP, the security analyst concludes that this is a real threat and decides to create a new case in the Hive, the tool for doing incident response. He does this by clicking on the red button "Create new Case" in the Kibana dashboard. A dialog box opens up where he can add details about the case and select source IP addresses that should be added as an observable in Kibana. When he is ready he clicks on "Create Case" and a new tab opens up showing the newly created case in the Hive. +After evaluating the information in MISP, the security analyst concludes that this is a real threat and decides to create a new case in the Hive, the tool for doing incident response. He does this by clicking on the red button "Create new Case" in the Kibana dashboard. A dialog box opens up where he can add details about the case and select the IP addresses that should be added as an observable in the Hive. When he is ready he clicks on "Create Case" and a new tab opens up showing the newly created case in the Hive. <img src="images/use_case3.png" width=640> -- GitLab