MISP importer

Some open source threat feeds have a lot of context added beside the IOCs. We wanted to have that context in MISP including tags and online/offline status. These script parse the feeds below and add the IOCs with extra context to MISP in a quick and dirty way. Not for use in production systems without some better coding.

Feeds

The following feeds are parsed:

URLhaus
- URL
- tags (Including submitter and malware family)
- online/offline
Feodotracker
- IP:port
- Last seen time
Azorult
- URL/IP
- Online/offline status
- Tags (including source and version)

Install

Note these are guidelines, proper user setup etc are not handled.

Clone the directory

mkdir /software
cd /software
git clone https://github.com/KPN-SRT/misp_importer.git

Set config file

cd etc
cp config.yaml.template config.yaml
# edit the file to add MISP information

Create a virtual env for python

python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

crontab -e

0 */3 * * * cd /software/misp_importer/ && /software/misp_importer/venv/bin/python3 /software/misp_importer/main.py

Done

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
etc		etc
AzorultHandler.py		AzorultHandler.py
FeodoHandler.py		FeodoHandler.py
MISPHandler.py		MISPHandler.py
README.md		README.md
URLhausHandler.py		URLhausHandler.py
main.py		main.py
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

MISP importer

Feeds

Install

About

Releases

Packages

Languages

ClovDev/misp_importer

Folders and files

Latest commit

History

Repository files navigation

MISP importer

Feeds

Install

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages