[Intelmq-dev] MISP collector and parser [SEC=UNCLASSIFIED]
Clark, Andrew
Andrew.Clark at cert.gov.au
Thu Jun 9 22:09:20 CEST 2016
UNCLASSIFIED
Hi guys,
With the help of a colleague I have prepared a MISP collector and parser for IntelMQ. It requires a tag to be added to the MISP events that need to be processed. This tag is removed from the MISP event by the collector once it has been processed (and a different tag is added to the MISP event to indicate that it has been processed). Anyway, without getting too bogged down in the details, I've put the code in a forked copy of the repo on my github page:
https://github.com/kralca/intelmq/commit/c3cdb0e
The deduplicator expert should be used to detect MISP event attributes that have been previously processed (for example following the addition of attributes to a MISP event).
I hope this is useful for the Hackathon on Sunday. Please let me know if you would prefer if I submit a pull request.
Cheers,
Andrew
--
Andrew Clark | Senior Technical Advisor | CERT Australia
Attorney-General's Department, Australian Government
Phone: +61 2 6141 2538
Online: www.cert.gov.au<http://www.cert.gov.au/>
For all CERT Australia operational matters, please call our
hotline: 1300 172 499, or +61 26141 2999 or
email: info at cert.gov.au<mailto:info at cert.gov.au>
----------------------------------------------------
If you have received this transmission in error please
notify us immediately by return e-mail and delete all
copies. If this e-mail or any attachments have been sent
to you in error, that error does not constitute waiver
of any confidentiality, privilege or copyright in respect
of information in the e-mail or attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20160609/1f76a1f8/attachment.html>
More information about the Intelmq-dev
mailing list