UNCLASSIFIED

Hi guys,

 

With the help of a colleague I have prepared a MISP collector and parser for IntelMQ. It requires a tag to be added to the MISP events that need to be processed. This tag is removed from the MISP event by the collector once it has been processed (and a different tag is added to the MISP event to indicate that it has been processed). Anyway, without getting too bogged down in the details, I’ve put the code in a forked copy of the repo on my github page:

 

  https://github.com/kralca/intelmq/commit/c3cdb0e

 

The deduplicator expert should be used to detect MISP event attributes that have been previously processed (for example following the addition of attributes to a MISP event).

 

I hope this is useful for the Hackathon on Sunday. Please let me know if you would prefer if I submit a pull request.

 

Cheers,

Andrew

 

--

 

Andrew Clark | Senior Technical Advisor | CERT Australia

Attorney-General's Department, Australian Government

Phone: +61 2 6141 2538

Online: www.cert.gov.au

 

For all CERT Australia operational matters, please call our

                hotline: 1300 172 499, or +61 26141 2999 or

                email: info@cert.gov.au

 


If you have received this transmission in error please
notify us immediately by return e-mail and delete all
copies. If this e-mail or any attachments have been sent
to you in error, that error does not constitute waiver
of any confidentiality, privilege or copyright in respect
of information in the e-mail or attachments.