How misp expert bot works?

 

I want to know more on this.

https://intelmq.readthedocs.io/en/latest/user/bots.html#id13

> Queries a MISP instance for the source.ip and adds the MISP Attribute UUID and MISP Event ID of the newest attribute found.

Does that answer your question?

I have used mispfeed output bot as output to misp but I am not able to see feeds in MISP. Later I have found a expert bot of MISP. Please guide me how that can be used.

Add the bot to your configuration, set the parameters misp_key and misp_url according to your MISP setup.

Btw: If you have a use-case and you don't know how to implement it, you may also ask here for input and ideas. Probably that saves you a few round of trial-and-error.

Sebastian

-- 
// Sebastian Wagner <wagner@cert.at> - T: +43 676 898 298 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg