[Intelmq-dev] MISP collector and parser [SEC=UNCLASSIFIED]

L. Aaron Kaplan kaplan at cert.at
Sat Jun 11 05:00:19 CEST 2016 

Hi Andrew

I took a brief look at the MISP bot. 
This looks really great.


I'd love to test it on Sunday, 

Yes, if you manage to do a pull request I'd appreciate it!

Thanks,
a.

On 2016/06/09 22:06, "Clark, Andrew" <Andrew.Clark at cert.gov.au> wrote:
> UNCLASSIFIED
> Hi guys,
> 
> With the help of a colleague I have prepared a MISP collector and parser for IntelMQ. It requires a tag to be added to the MISP events that need to be processed. This tag is removed from the MISP event by the collector once it has been processed (and a different tag is added to the MISP event to indicate that it has been processed). Anyway, without getting too bogged down in the details, I've put the code in a forked copy of the repo on my github page:
> 
>   https://github.com/kralca/intelmq/commit/c3cdb0e
> 
> The deduplicator expert should be used to detect MISP event attributes that have been previously processed (for example following the addition of attributes to a MISP event).
> 
> I hope this is useful for the Hackathon on Sunday. Please let me know if you would prefer if I submit a pull request.
> 
> Cheers,
> Andrew
> 
> --
> 
> Andrew Clark | Senior Technical Advisor | CERT Australia
> Attorney-General's Department, Australian Government
> Phone: +61 2 6141 2538
> Online: www.cert.gov.au<http://www.cert.gov.au/>
> 
> For all CERT Australia operational matters, please call our
>                 hotline: 1300 172 499, or +61 26141 2999 or
>                 email: info at cert.gov.au<mailto:info at cert.gov.au>
> 
> 
> ---------------------------------------------------- 
> If you have received this transmission in error please
> notify us immediately by return e-mail and delete all
> copies. If this e-mail or any attachments have been sent
> to you in error, that error does not constitute waiver
> of any confidentiality, privilege or copyright in respect
> of information in the e-mail or attachments.

> _______________________________________________
> Intelmq-dev mailing list
> Intelmq-dev at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev

More information about the Intelmq-dev mailing list