.webp)
Have you tried the Bookmarks feature in MISP yet?
It’s much more powerful than you might think.
Bookmarks are incredibly useful because within a team, we need to know what to take action on from all the new MISP events that come in over the last 24 hours.
MISP bookmarks give us a way to save searches that help us isolate the signal from the noise.
Here's how to access and use this feature to save events from a high-value feed:
Combining MISP Bookmarks with Workflow Tags
How can we make sure that events that are high quality and need review, decision, or further action are seen by the team?
Tags will work well for this, and they’re something MISP excels at.
We can auto-apply tags using feed rules and MISP workflows.
(By the way–are you using MISP workflows yet? Here’s why you should be using them, along with 6 other great features in MISP.)
For example, we can automatically tag high value feeds with workflow:todo=”review”.
Next, we can search on those tags.
We just need the entire team to have a convenient way to access these tag filtered views…
MISP Bookmarks to the rescue!
We can bookmark the search on that tag, and then make the bookmark available to the entire team.
Now first thing in the morning, your team can all use a shared bookmark in MISP to follow the same workflow and triage view.
Give it a try–and let us know what you think!
Here's a walkthrough of how to set up automatic workflow tagging of events coupled with the Bookmarks feature:
If you enjoyed this tip and want to get started with MISP, but don't have a reliable MISP instance, we can help. We offer CloudMISP, a fully hosted and configured MISP for teams that want to harness the power of MISP without the setup and maintenance headaches.