SBM Labs

Cyber Security Collaboration Project

MISP - Threat Sharing Platform. Events.
13 Jan 2017

In the article "MISP - Threat Sharing Platform. Installation." we have discussed the ways to get MISP instance. Now let's look at event creation process and integration with third party sources of IOCs.

There are three steps in event creation process.

1. Add event.

At this step you should specify distribution level, threat level, event information etc.

2. Add attributes.

At this step you should specify IOCs that were detected during incident investigation.

3. Publish event.

Final step is event publishing.

We have created our own event. But we are also interested in getting data from other sources. There are at least two ways to do it.

1. Integration with another MISP instance.

You will need instance name, base URL, authentication key etc. In this case you should request this information from its owner.

2. Integration with OSINT (Open Source Intelligence) feeds.

There are two public OSINT feeds in MISP by default.

You should enable it and fetch all events.

As result you will see events and its IOCs that were discovered by MISP members.

You can get more information about MISP Community here.

MISP - Threat Sharing Platform. API.
MISP - Threat Sharing Platform. Installation.