Hi Sebastian/ Bernhard,

 

Thank you

 

Sent from my Windows 10 device

 

From: Sebastian Wagner
Sent: 16 April 2021 12:55
To: intelmq-dev@lists.cert.at; Drupad Soni
Subject: Re: [IntelMQ-dev] IntelMQ -> feed MISP

 

Our documentation https://intelmq.readthedocs.io/en/latest/user/bots.html#misp-feed

links to https://www.circl.lu/doc/misp/managing-feeds/ for the configuration in MISP. You may want to read it.

Sebastian

On 4/16/21 9:10 AM, Bernhard Reiter wrote:

Hi Drupad,
 
Am Donnerstag 15 April 2021 17:56:18 schrieb Soni, Drupad:
Also I want your help in setting up misp output feed as below. 
 
your image showed thatĀ  you want all events to go into MISP as well
using 
https://github.com/certtools/intelmq/blob/develop/intelmq/bots/outputs/misp/output_feed.py
 
Feed isĀ  working fine adding feed in misp doesn't show any feeds there. 
I am not sure what is the gap here.
 
Me neither, my experience with MISP is limited, there are many functions
and ways to manually use MISP. When following the documentation, I could make 
the api work, but I've not tested the feed. One possibility you have is to 
ask the MISP people about how to further analyse the situation (Please give 
them all the details.)
 
Best Regards,
Bernhard
 



_______________________________________________
IntelMQ-dev mailing list
https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev
https://intelmq.readthedocs.io/
-- 
// Sebastian Wagner <wagner@cert.at> - T: +43 1 5056416 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg