Skip to content

Commit

Permalink
Merge pull request #1995 from SEKOIA-IO/gaelmuller-patch-1
Browse files Browse the repository at this point in the history
Update misp.md
  • Loading branch information
gaelmuller authored Sep 12, 2024
2 parents 37235af + bf1d501 commit cafdfce
Showing 1 changed file with 2 additions and 10 deletions.
12 changes: 2 additions & 10 deletions _shared_content/intelligence_center/integrations/misp.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ To fetch Sekoia.io’s MISP feed, you’ll have to generate an API key with the
The following field values are required for the feed to work properly:

- Input Source: Network
- URL: `https://api.sekoia.io/api/v2/inthreat/misp`
- URL: `https://api.sekoia.io/v1/misp-gateway/misp`
- Source Format: MISP Feed
- Headers: `Authorization: Bearer <APIKEY>` (please replace `<APIKEY>` with the secret API key)
- Enabled: `True`
Expand All @@ -20,16 +20,8 @@ You then need to make sure you have a scheduled task in place to regularly fetch

!!! note

MISP adds automatically the suffix `/manifest.json` to the feed URL. If you want to try the connection to the feed outside MISP or make a custom script, you need to use the following URL: `https://api.sekoia.io/api/v2/inthreat/misp/manifest.json`

## Beta Version of Sekoia.io’s MISP Feed

!!! warning

This feed is still considered as beta and should be used carefuly. If you find any regression or issue with this new feed, please contact your support.
MISP adds automatically the suffix `/manifest.json` to the feed URL. If you want to try the connection to the feed outside MISP or make a custom script, you need to use the following URL: `https://api.sekoia.io/v1/misp-gateway/misp/manifest.json`

The new MISP feed contains all non-expired Sekoia.io intelligence material and is constantly kept in sync with SEKOIA.IO’s intelligence feed. This way, when an indicator is updated in SEKOIA.IO, that latter will be also updated in the MISP feed. This will ensure that the indicator is not duplicated each time an indicator is updated.

The MISP feed is organized by data “source” per creation date of the indicator. Hence, if an indicator has several sources, it will be included in several MISP events.

You can configure your MISP instance to read Sekoia.io’s MISP feed by using this URL: `https://api.sekoia.io/v1/misp-gateway/misp`.

0 comments on commit cafdfce

Please sign in to comment.