Skip to content

MISP#

README

MISP#

MISP A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.

The analyzer comes in a single flavour that will return MISP additional information for provided observable.

Requirements#

You need a valid MISP API integration to use the analyzer.

  • Provide your API key as values for the key parameter.

MISP#

Author: Nils Kuhnert, CERT-Bund
License: AGPL-V3
Version: 2.1
Supported observables types:
- domain
- ip
- url
- fqdn
- uri_path
- user-agent
- hash
- mail
- mail_subject
- registry
- regexp
- other
- filename
Registration required: False
Subscription required: False
Free subscription: True
Third party service: https://www.misp-project.org/

Description#

Query multiple MISP instances for events containing an observable.

Configuration#

name Name of MISP servers
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values True
Is required False
url URL of MISP servers
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values True
Is required True
key API key for each server
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values True
Is required True
cert_check Verify server certificate
Default value if not configured True
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True
cert_path Path to the CA on the system used to check server certificate
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values True
Is required False

Templates samples for TheHive#

MISP: long report


Last update: November 15, 2021 06:39:12