[IntelMQ-users] MISP Expert bot

Sebastian Wagner wagner at cert.at
Wed May 5 12:23:16 CEST 2021


Hi,

On 5/5/21 10:33 AM, Soni, Drupad via IntelMQ-users wrote:
>
> How misp expert bot works?
>
>  
>
> I want to know more on this.
>
https://intelmq.readthedocs.io/en/latest/user/bots.html#id13

> Queries a MISP instance for the source.ip and adds the MISP Attribute
UUID and MISP Event ID of the newest attribute found.

Does that answer your question?

> I have used mispfeed output bot as output to misp but I am not able to
> see feeds in MISP. Later I have found a expert bot of MISP. Please
> guide me how that can be used.

Add the bot to your configuration, set the parameters misp_key
andmisp_url according to your MISP setup.

Btw: If you have a use-case and you don't know how to implement it, you
may also ask here for input and ideas. Probably that saves you a few
round of trial-and-error.

Sebastian

-- 
// Sebastian Wagner <wagner at cert.at> - T: +43 676 898 298 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20210505/a4083ac6/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20210505/a4083ac6/attachment.sig>


More information about the IntelMQ-users mailing list