MISP

README

MISP

MISP A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.

The analyzer comes in a single flavour that will return MISP additional information for provided observable.

Requirements

You need a valid MISP API integration to use the analyzer.

• Provide your API key as values for the key parameter.

MISP

Author: Nils Kuhnert, CERT-Bund
License: AGPL-V3
Version: 2.1
Supported observables types:
- domain
- ip
- url
- fqdn
- uri_path
- user-agent
- hash
- mail
- mail_subject
- registry
- regexp
- other
- filename
- mail-subject
Registration required: False
Subscription required: False
Free subscription: True
Third party service: https://www.misp-project.org/

Description

Query multiple MISP instances for events containing an observable.

Configuration

name	Name of MISP servers
Default value if not configured	N/A
Type of the configuration item	string
The configuration item can contain multiple values	True
Is required	False

url	URL of MISP servers
Default value if not configured	N/A
Type of the configuration item	string
The configuration item can contain multiple values	True
Is required	True

key	API key for each server
Default value if not configured	N/A
Type of the configuration item	string
The configuration item can contain multiple values	True
Is required	True

cert_check	Verify server certificate
Default value if not configured	True
Type of the configuration item	boolean
The configuration item can contain multiple values	False
Is required	True

cert_path	Path to the CA on the system used to check server certificate
Default value if not configured	N/A
Type of the configuration item	string
The configuration item can contain multiple values	True
Is required	False

Templates samples for TheHive