Wazuh Integration with MISP (Threat Intelligence Feed)
15 views
Skip to first unread message
3
1:55 AM (6 hours ago) 1:55 AM
to Wazuh | Mailing List
Hello Wazuh Team,
I need assistance regarding the integration of Wazuh with MISP (Threat Feed).
I am currently working on project where wazuh gets attacks data from Honeypot, then
Wazuh has to forward these logs and data to MISP so they can be displayed in the MISP dashboard.
What are the possible ways of accomplishing this integration? (Honeypot is already integrated with Wazuh, but MISP is not, so How can I integrate Wazuh with MISP?)
I need assistance regarding the integration of Wazuh with MISP (Threat Feed).
I am currently working on project where wazuh gets attacks data from Honeypot, then
Wazuh has to forward these logs and data to MISP so they can be displayed in the MISP dashboard.
What are the possible ways of accomplishing this integration? (Honeypot is already integrated with Wazuh, but MISP is not, so How can I integrate Wazuh with MISP?)
Md. Nazmur Sakib
2:37 AM (5 hours ago) 2:37 AM
to Wazuh | Mailing List
Hello,
You can integrate MISP to coress check your data from the alerts with MISP IOCs once the alerts are on the Wazuh manager, and triggers a new alert if there is a match.
You can follow this document for integrating Wazuh with MISP
External API integration
I am also sharing some reference documents to integrate Wazuh with MISP.
https://github.com/wazuh/integrations/tree/main/integrations/misp
https://opensecure.medium.com/wazuh-and-misp-integration-242dfa2f2e19
Let me know if you need further assistance on this.
Reply all
Reply to author
Forward
0 new messages