MISP Integration

Since there is an integration with TheHive and Cortex it will be good to have a MISP Integration to send events directly to this service.

MISP Project: GitHub - MISP/MISP: MISP (core software) - Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)
MISP Python API: GitHub - MISP/PyMISP: Python library using the MISP Rest API

Hi @Bo_Wyatt , Would you please mention the use case you are interested in? to make sure it is covered when we create the node. Don’t forget to upvote your feature request. Thanks.

2 Likes

For example, creating events based on a list of IPs. There should be an option to create Attributes and add those attributes to the Event. Attributes could be a Network activity, Payload delivery, Antivirus detection, etc. Also there has to be a way to tag attributes and events based on a list of tags (provided by MISP and it’s API).

Basically since there is support for TheHive and Cortex Nodes, we can creates events based on the results from a Cortex analyzer for example and create attributes based on that.

1 Like