Hi Andrew
I took a brief look at the MISP bot. This looks really great.
I'd love to test it on Sunday,
Yes, if you manage to do a pull request I'd appreciate it!
Thanks, a.
On 2016/06/09 22:06, "Clark, Andrew" Andrew.Clark@cert.gov.au wrote:
UNCLASSIFIED Hi guys,
With the help of a colleague I have prepared a MISP collector and parser for IntelMQ. It requires a tag to be added to the MISP events that need to be processed. This tag is removed from the MISP event by the collector once it has been processed (and a different tag is added to the MISP event to indicate that it has been processed). Anyway, without getting too bogged down in the details, I've put the code in a forked copy of the repo on my github page:
https://github.com/kralca/intelmq/commit/c3cdb0e
The deduplicator expert should be used to detect MISP event attributes that have been previously processed (for example following the addition of attributes to a MISP event).
I hope this is useful for the Hackathon on Sunday. Please let me know if you would prefer if I submit a pull request.
Cheers, Andrew
--
Andrew Clark | Senior Technical Advisor | CERT Australia Attorney-General's Department, Australian Government Phone: +61 2 6141 2538 Online: www.cert.gov.auhttp://www.cert.gov.au/
For all CERT Australia operational matters, please call our hotline: 1300 172 499, or +61 26141 2999 or email: info@cert.gov.aumailto:info@cert.gov.au
If you have received this transmission in error please notify us immediately by return e-mail and delete all copies. If this e-mail or any attachments have been sent to you in error, that error does not constitute waiver of any confidentiality, privilege or copyright in respect of information in the e-mail or attachments.
Intelmq-dev mailing list Intelmq-dev@lists.cert.at http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev