-
-
Notifications
You must be signed in to change notification settings - Fork 79
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #107 from bpanicker13/patch-1
Create MISP
- Loading branch information
Showing
1 changed file
with
34 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| # MISP | ||
|
|
||
| ### API Access | ||
|
|
||
| MISP (Malware Information Sharing Platform) is a free and open source software platform for sharing cyber security indicators and threat intelligence. It can also be used as an integration point for connecting to other security solutions and platforms. Integrating MISP with Shuffle is an effective way to help automate many of the processes related to threat detection, investigation and response. | ||
|
|
||
| 1. Start by logging into your MISP instance. | ||
|
|
||
| 2. Create a new API Key under the “Configuration” tab. | ||
|
|
||
| 3. Copy the API Key and make sure it is securely stored in a safe place. | ||
|
|
||
| 4. Next, log in to your Shuffle instance and create a new integration using the MISP API. | ||
|
|
||
| 5. Enter the URL for your MISP instance, as well as the API Key you just generated. | ||
|
|
||
| 6. Ensure that the integration is configured correctly, including setting up any necessary filters or parameters. | ||
|
|
||
| 7. Once the integration is complete, you should be able to begin using the MISP API for operations. | ||
|
|
||
| 8. You may now begin querying the MISP instance for specific threat indicators or other pieces of intelligence that could be useful for analysis or incident response operations. | ||
|
|
||
| 9. Finally, once you have retrieved any data from MISP, you can use Shuffle to automate tasks based on that data, such as running automated investigations or taking actions to remediate threats detected in your environment. | ||
|
|
||
| ### Useful API queries: | ||
|
|
||
| * Getting all Events associated with a Tag: GET /tags/{tag_name}/events | ||
| * Getting all Attributes of a given Event: GET /attributes/{event_id} | ||
| * Adding new Sightings associated with an Event: POST /sightings/add | ||
| * Retrieving all Sightings associated with an Event: GET /sightings/view/{event_id} | ||
| * Retrieving existing Taxonomies, or creating new ones: POST /taxonomies/{taxonomy_name} | ||
| * Retrieving all TTPs associated with an Event: GET /ttps/getTTPsByEventId/{event_id} | ||
| * Adding a new Link between two Events: POST /links/add | ||
| * Retrieving all Links between two Events: GET /links/getLinksByEventId/{event_id} |