MISPWarningLists#
README
MISPWarningLists#
MISPWarningLists are lists of well-known indicators that can be associated to potential false positives, errors or mistakes.
The analyzer comes in a single flavour that will check observables against MISP Warninglists to filter false positives.
Requirements#
Option 1 low performances:
- Clone the MISPWarningLists GitHub repository.
- In the analyzer parameters configure the path of WarningLists folder.
Option 2 high performances:
- Clone the MISPWarningLists GitHub repository.
- Install PostgreSQL database.
- Set conn_string and warninglists_path located inside script warninglists_create_db.py and run it in order to parse all MISPWarningLists and insert into PostgreSQL.
- In the analyzer parameters configure the conn to DB (for example: postgresql+psycopg2://user:password@localhost:5432/warninglists').
MISPWarningLists#
Author: Nils Kuhnert, CERT-Bund
License: AGPL-V3
Version: 2.0
Supported observables types:
- ip
- hash
- domain
- fqdn
- url
Registration required: False
Subscription required: False
Free subscription: False
Third party service: https://github.com/MISP/misp-warninglists
Description#
Check IoCs/Observables against MISP Warninglists to filter false positives.
Configuration#
| path | path to Warninglists folder |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | False |
| conn | sqlalchemy connection string |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
