Skip to content

FloatingGhost/MISP-Magic-Glue

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
glue.py
glue.py
 
 
misp-glue.default.yaml
misp-glue.default.yaml
 
 

Repository files navigation

MAGIC GLUUUUEE

CURRENTLY BUGGY: Will run into an infinite loop upon updating an event

Installation

First, go install MISP-Modules, and make sure ZMQ is all switched on and stuff

cp misp-glue.default.yaml misp-glue.yaml

vim misp-glue.yaml

Modify the settings as needed.

  • zmq: The zmq server settings, needs host and port
  • misp: MISP API connection settings. Needs url, apikey
    • modules: MISP-modules connection settings. Needs host, port, run-modules
      • run-modules: This is a list of allowed modules, use the exact name as reported by curl <modules>/query. Leave as - "ALL" to enable all modules.
  • additional-config: For module-specific settings. Add an entry using the exact module name, and set as needed.

The run python3 glue.py and leave it! When an event is published, the service will pick up the event, run any allowed modules, and then add them to the misp event.

Assumptions

  • Assumes MISP-Modules server to be accessable from the script's running location

About

A glue system between ZMQ and Misp-modules

Topics

enrichment misp zmq

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages