Hi Sebastian,

 

Thanks,

 

I am working on pushing all feeds of Intelmq to MISP. I am working on this since long unable to crack it. If anyone has worked on this scenario please help me out.

 

Regards,

Drupad Soni

KPMG – Cyber Security

Embassy Golf Links Business Park, Pebble Beach, 'B' Block,

1st & 2nd Floor, Off Intermediate Ring Road

Mobile : +91 8140283894

Know more about our Cyber Security Services

https://home.kpmg.com/in/en/home/services/advisory/risk-consulting/it-advisory-services/cyber-security.html

 

From: Sebastian Wagner <wagner@cert.at>
Sent: Wednesday, May 5, 2021 3:53 PM
To: Soni, Drupad <drupadsoni@kpmg.com>; intelmq-users@lists.cert.at
Subject: Re: [IntelMQ-users] MISP Expert bot

 

Hi,

 

On 5/5/21 10:33 AM, Soni, Drupad via IntelMQ-users wrote:

How misp expert bot works?

 

I want to know more on this.

https://intelmq.readthedocs.io/en/latest/user/bots.html#id13

> Queries a MISP instance for the source.ip and adds the MISP Attribute UUID and MISP Event ID of the newest attribute found.

Does that answer your question?

I have used mispfeed output bot as output to misp but I am not able to see feeds in MISP. Later I have found a expert bot of MISP. Please guide me how that can be used.

Add the bot to your configuration, set the parameters misp_key and misp_url according to your MISP setup.

Btw: If you have a use-case and you don't know how to implement it, you may also ask here for input and ideas. Probably that saves you a few round of trial-and-error.

Sebastian

-- 
// Sebastian Wagner <wagner@cert.at> - T: +43 676 898 298 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
KPMG (in India) allows reasonable personal use of the e-mail system. Views and opinions expressed in these communications do not necessarily represent those of KPMG (in India).

*******************************************************************************************************
DISCLAIMER
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you have received this communication in error, please address with the subject heading "Received in error," send to postmaster1@kpmg.com, then delete the e-mail and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing KPMG client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

KPMG, an Indian partnership and a member firm of KPMG International Cooperative ("KPMG International"), a Swiss entity that serves as a coordinating entity for a network of independent firms operating under the KPMG name. KPMG International Cooperative (“KPMG International”) provides no services to clients. Each member firm of KPMG International Cooperative (“KPMG International”) is a legally distinct and separate entity and each describes itself as such.

“Notwithstanding anything inconsistent contained in the meeting invite to which this acceptance pertains, this acceptance is restricted solely to confirming my availability for the proposed call and should not be construed in any manner as acceptance of any other terms or conditions. Specifically, nothing contained herein may be construed as an acceptance (or deemed acceptance) of any request or notification for recording of the call, which can be done only if it is based on my explicit and written consent and subject to the terms and conditions on which such consent has been granted”
*******************************************************************************************************