Skip to content

MISPWarningLists#

README

MISPWarningLists#

MISPWarningLists are lists of well-known indicators that can be associated to potential false positives, errors or mistakes.

The analyzer comes in a single flavour that will check observables against MISP Warninglists to filter false positives.

Requirements#

Option 1 low performances: - Clone the MISPWarningLists GitHub repository. - In the analyzer parameters configure the path of WarningLists folder.

Option 2 high performances: - Clone the MISPWarningLists GitHub repository. - Install PostgreSQL database. - Set conn_string and warninglists_path located inside script warninglists_create_db.py and run it in order to parse all MISPWarningLists and insert into PostgreSQL. - In the analyzer parameters configure the conn to DB (for example: postgresql+psycopg2://user:password@localhost:5432/warninglists').

MISPWarningLists#

Author: Nils Kuhnert, CERT-Bund
License: AGPL-V3
Version: 2.0
Supported observables types:
- ip
- hash
- domain
- fqdn
- url
Registration required: False
Subscription required: False
Free subscription: False
Third party service: https://github.com/MISP/misp-warninglists

Description#

Check IoCs/Observables against MISP Warninglists to filter false positives.

Configuration#

path path to Warninglists folder
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required False
conn sqlalchemy connection string
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

MISPWarningLists: long report


Last update: November 15, 2021 06:39:12