Hi! The author of Cradle here. Internally, we use misp and opencti during our research process a lot as well. They are invaluable when you have to look up certain IOCs and get results from many data sources.
However, our analysts frequently felt the need to add some additional context to their findings / take notes with their observations and screenshot. This methodology came with the following problems:
1. Analysts had to (often did not) manually enter the IOCs into misp once they were done writing their note.
2. Transferring/sharing cases between two analysts was a problem mainly because they had to communicate not only case related information but also how their (very disorganized) note system worked and share large files.
3. It was not easy to reflect the semantics of a relation between two entities as misp handles things using very well defined types that are not super flexible.
With cradle we tried to address these issues. It is by no means a replacement for MISP, but rather they are two products that complement each other. Especially with the external data source integration support we have planned ahead for cradle.
CRADLE is a collaborative platform for Cyber Threat Intelligence analysts. It streamlines threat investigations with integrated note-taking, automated data linking, interactive visualizations, and robust access control.
Batteries included collaborative knowledge management solution for threat intelligence researchers.
How does this compare to MISP?
https://www.misp-project.org/
https://en.wikipedia.org/wiki/MISP_Threat_Sharing
Hi! The author of Cradle here. Internally, we use misp and opencti during our research process a lot as well. They are invaluable when you have to look up certain IOCs and get results from many data sources.
However, our analysts frequently felt the need to add some additional context to their findings / take notes with their observations and screenshot. This methodology came with the following problems: 1. Analysts had to (often did not) manually enter the IOCs into misp once they were done writing their note. 2. Transferring/sharing cases between two analysts was a problem mainly because they had to communicate not only case related information but also how their (very disorganized) note system worked and share large files. 3. It was not easy to reflect the semantics of a relation between two entities as misp handles things using very well defined types that are not super flexible.
With cradle we tried to address these issues. It is by no means a replacement for MISP, but rather they are two products that complement each other. Especially with the external data source integration support we have planned ahead for cradle.
CRADLE is a collaborative platform for Cyber Threat Intelligence analysts. It streamlines threat investigations with integrated note-taking, automated data linking, interactive visualizations, and robust access control.
Batteries included collaborative knowledge management solution for threat intelligence researchers.
Your docs are borked but I guess anyone that really wanted to read the backend developer guide should be reading it from the repo anyway, huh? https://github.com/prodaft/cradle/blob/main/docs/content/doc...
Oops! We will fix that broken link. Until then, here is the real backend developer docs :)
https://cradle.sh/docs/developer-guide/backend/