Skip to content
This repository has been archived by the owner on Feb 2, 2024. It is now read-only.

PaloAltoNetworks/minemeld-misp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
mmmisp
mmmisp
 
 
.gitignore
.gitignore
 
 
AUTHORS
AUTHORS
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
minemeld.json
minemeld.json
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

minemeld-misp

MineMeld nodes for MISP

Requirements

MineMeld >= 0.9.37b1

Installation

$ sudo -u minemeld mm-supervisorctl restart minemeld-web

  • refresh your browser

Miner

To use the Miner you should create a new prototype based on misp.anyEvent prototype and add the url parameter.

After COMMIT you will be able to specify the authentication key directly from the WebUI.

Prototype parameters

# source name, to identify the origin of the indicators inside MineMeld
source_name: misp.test
# URL of MISP
url: https://misp.example.com
# filters for MISP query
# default: none
# this one check for published events with tag tlp:white
# you can specify a time window of the last N days using datefrom: <N>d
# check the search_index API in PyMISP for available filter parameters
filters:
  published: 1
  tag: 'tlp:white'
  # datefrom: 180d
# select specific inidicator types, default: null (any)
# indicator_types: ['URL', 'IPv4', 'IPv6']
indicator_types: null
# honour IDS flag, if true only events with IDS set will be exported
honour_ids_flag: true
# a dictionary of event attributes to be extracted, the value
# of each in key in the dictionary is a JMESPATH expression
# default:
# event_attributes:
#   info: info
#   org: Org
#   orgc: Orgc
#   threat_level_id: threat_level_id
#   uuid: uuid
#   tags: Tag[*].name
# a dictionary of attribute attributes to be extracted, the value
# of each in key in the dictionary is a JMESPATH expression
# default:
# attribute_attributes:
#   uuid: info
#   category: Org
#   comment: Orgc
# prefix to be applied to indicator attributes, default: misp
# prefix: misp
# verify remote certificate, default true
verify_cert: true
# require a client certificate, default false
client_cert_required: false
# age out of indicators
age_out:
  sudden_death: true
  default: null
# flag indicators with share level white, if not specified
# by tag
attributes:
  confidence: 70
  # if not specified in the event, default is white for
  # this prototype
  share_leve: white

About

MineMeld nodes for MISP

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

18 stars

Watchers

15 watching

Forks

16 forks
Report repository

Releases 1

bump to version 0.1b5 Latest
Nov 9, 2017

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages