MISP 2.4.27 and new feed feature
68 views
Skip to first unread message
David André
Mar 14, 2016, 3:45:15 AM3/14/16
to MISP users, MISP developers, in...@misp-project.org
---------- Forwarded message ----------
From: Alexandre Dulaunoy <Alexandre...@circl.lu>
Date: Fri, Mar 11, 2016 at 5:51 PM
Subject: MISP 2.4.27 and new feed feature
Hi Everyone,
We released a new version of MISP 2.4.27 which includes a feature that might be
useful for organization sharing feeds (OSINT or private ones). In addition to
the standard synchronisation feature among MISP instance, you can now
add raw HTTP
feeds in MISP which use a simple format.
The feed format is a simple MISP JSON event with a manifest file. You can
generate such feeds from any existing MISP instance. There is a sample script[1]
included in PyMISP.
Then anyone knowing the URL can fetch the feed in MISP just like any MISP
instance (or using tools). Feeds can be even browsed before synchronization
and tagged following the specific feed source. As these are standard events,
you can benefit from non-duplicate events and multiple source synchronisation
and automatically merging attributes from existing events.
In the current MISP version 2.4.26, you have a default feed available
from CIRCL:
https://www.circl.lu/doc/misp/feed-osint/
But we can add other default feeds from organizations willing to share publicly
available feeds in MISP format.
Don't hesitate to contact us or open a pull request on GitHub[2], if you have
any ideas or comments or requests.
We hope this helps.
Cheers.
[1] https://github.com/MISP/PyMISP/tree/master/examples/feed-generator
[2] https://github.com/MISP/MISP
--
Alexandre Dulaunoy
CIRCL - Computer Incident Response Center Luxembourg
41, avenue de la gare L-1611 Luxembourg
in...@circl.lu - www.circl.lu
From: Alexandre Dulaunoy <Alexandre...@circl.lu>
Date: Fri, Mar 11, 2016 at 5:51 PM
Subject: MISP 2.4.27 and new feed feature
Hi Everyone,
We released a new version of MISP 2.4.27 which includes a feature that might be
useful for organization sharing feeds (OSINT or private ones). In addition to
the standard synchronisation feature among MISP instance, you can now
add raw HTTP
feeds in MISP which use a simple format.
The feed format is a simple MISP JSON event with a manifest file. You can
generate such feeds from any existing MISP instance. There is a sample script[1]
included in PyMISP.
Then anyone knowing the URL can fetch the feed in MISP just like any MISP
instance (or using tools). Feeds can be even browsed before synchronization
and tagged following the specific feed source. As these are standard events,
you can benefit from non-duplicate events and multiple source synchronisation
and automatically merging attributes from existing events.
In the current MISP version 2.4.26, you have a default feed available
from CIRCL:
https://www.circl.lu/doc/misp/feed-osint/
But we can add other default feeds from organizations willing to share publicly
available feeds in MISP format.
Don't hesitate to contact us or open a pull request on GitHub[2], if you have
any ideas or comments or requests.
We hope this helps.
Cheers.
[1] https://github.com/MISP/PyMISP/tree/master/examples/feed-generator
[2] https://github.com/MISP/MISP
--
Alexandre Dulaunoy
CIRCL - Computer Incident Response Center Luxembourg
41, avenue de la gare L-1611 Luxembourg
in...@circl.lu - www.circl.lu
Reply all
Reply to author
Forward
0 new messages