Skip to content
/ misp-sighting-server Public

MISP sighting server is a fast sighting server to store and look-up sightings on attributes (network indicators, file hashes, system indicators) in a space efficient way.

misp.github.io/misp-sighting-server/
15 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MISP/misp-sighting-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
back-end
back-end
 
 
bin
bin
 
 
cfg
cfg
 
 
.gitmodules
.gitmodules
 
 
README.md
README.md
 
 
REQUIREMENTS
REQUIREMENTS
 
 

Repository files navigation

misp-sighting-server

MISP sighting server is a fast sighting server to store and look-up sightings on attributes (network indicators, file hashes, system indicators) in a space efficient way.

Features

  • Simple ReST API to get or set sighting
  • TODO - fast DNS server to allow lookup of sighting via DNS queries
  • TODO - fast import of sighting via pub-sub channel like ZMQ

Back-end database

MISP sighting server rely on kvrocks using RocksDB at the current stage.

The back-end database might change following the evolution of the requirements or capabilities but the objective is to keep a compatibility layer to ensure use of the sighting database have the same API on the long-term.

Install

git submodule init
git submodule update
cd back-end/kvrocks
./x.py build
cd ../..
pip3 install -r REQUIREMENTS

Starting the servers

Starting the back-end

cd back-end/kvrocks
./build/kvrocks -c kvrocks.conf&

Starting the ReST API server

cd cfg
cp server.cfg.sample server.cfg
cd ..
cd ./bin/
python3 sighting-server.py

Testing

Add a sighting

field description
value Value of the sighting or UUID reference to the sighting
type Type of sighting (default is 0)
org_uuid UUID of the organisation recording the sighting 
curl --header 'X-API-Key: afdef83f9cc7c87b801c36e4af632ef06af2f2ef' -X PUT  http://127.0.0.1:5000/add -d "value=127.0.0.1&type=0&org_uuid=0acdaad8-b305-482f-a904-78330640636b"  -d "source=honeypot"

Get the sighting of a value

curl -X GET http://127.0.0.1:5000/get -d "value=127.0.0.1"
{
    "1676925347": "honeypot:0:0acdaad8-b305-482f-a904-78330640636b",
    "1676925348": "honeypot:0:0acdaad8-b305-482f-a904-78330640636b",
    "1676925349": "honeypot:0:0acdaad8-b305-482f-a904-78330640636b",
    "1676925350": "honeypot:0:0acdaad8-b305-482f-a904-78330640636b",
    "1676925351": "honeypot:0:0acdaad8-b305-482f-a904-78330640636b",
    "1676925352": "honeypot:0:0acdaad8-b305-482f-a904-78330640636b",
    "1676925353": "honeypot:0:0acdaad8-b305-482f-a904-78330640636b",
    "1676925354": "honeypot:0:0acdaad8-b305-482f-a904-78330640636b",
    "1676925355": "honeypot:0:0acdaad8-b305-482f-a904-78330640636b",
    "1676925356": "honeypot:0:0acdaad8-b305-482f-a904-78330640636b",
    "1676925358": "honeypot:0:0acdaad8-b305-482f-a904-78330640636b",
    "1676925618": "blackhole:0:0acdaad8-b305-482f-a904-78330640636b",
    "1676925619": "blackhole:0:0acdaad8-b305-482f-a904-78330640636b",
    "1676925623": "siem:0:0acdaad8-b305-482f-a904-78330640636b",
    "1676925627": "edr_234:0:0acdaad8-b305-482f-a904-78330640636b"
}

About

MISP sighting server is a fast sighting server to store and look-up sightings on attributes (network indicators, file hashes, system indicators) in a space efficient way.

misp.github.io/misp-sighting-server/

Topics

misp cti information-security sightings threat-intelligence sighting

Resources

Readme
Activity
Custom properties

Stars

15 stars

Watchers

15 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages