MISP Integration [GOT CREATED]

Since there is an integration with TheHive and Cortex it will be good to have a MISP Integration to send events directly to this service.

MISP Project: GitHub - MISP/MISP: MISP (core software) - Open Source Threat Intelligence and Sharing Platform
MISP Python API: GitHub - MISP/PyMISP: Python library using the MISP Rest API

Hi @Bo_Wyatt , Would you please mention the use case you are interested in? to make sure it is covered when we create the node. Don’t forget to upvote your feature request. Thanks.

2 Likes

For example, creating events based on a list of IPs. There should be an option to create Attributes and add those attributes to the Event. Attributes could be a Network activity, Payload delivery, Antivirus detection, etc. Also there has to be a way to tag attributes and events based on a list of tags (provided by MISP and it’s API).

Basically since there is support for TheHive and Cortex Nodes, we can creates events based on the results from a Cortex analyzer for example and create attributes based on that.

1 Like

Got released with [email protected]

That’s so awesome! I forgot that I requested this integration, i’ll look into it. Great job folks!

1 Like

@Bo_Wyatt would be great to hear whether it covers your use cases.

Hello. My apologies for not testing out this integration.

I’m currently creating a Workflow using this Node so I’ll be reporting any issues if found.

Thanks.

1 Like

Hello,

I’ve been using the integration and I have some issues.

I can only create attributes with this 3 types Text, URL or Comment but I need more types in order to MISP to clearly identify the attribute.
For example, the MISP documentation lists more types: MISP data models - MISP core format - MISP taxonomies

Useful ones for case uses would be:

  • ip-src
  • ip-dst
  • email-src
  • email-subject
  • email-attachment
  • filename
  • filename|md5