MISP-QRadar-Integration
The Project can be used to integrate QRadar with MISP Threat Sharing Platform (by karthikkbala)
PyMISP
Python library using the MISP Rest API (by MISP)
MISP-QRadar-Integration | PyMISP | |
---|---|---|
2 | 3 | |
36 | 422 | |
- | 1.7% | |
0.0 | 9.2 | |
almost 2 years ago | 4 days ago | |
Python | Python | |
- | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
MISP-QRadar-Integration
Posts with mentions or reviews of MISP-QRadar-Integration.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-02-01.
-
Problem with execute MISP integration
Did you see this already? https://github.com/karthikkbala/MISP-QRadar-Integration/issues/5
PyMISP
Posts with mentions or reviews of PyMISP.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-11-13.
- FLaNK Stack Weekly for 13 November 2023
-
Get CrowdSec IOCs feed into MISP
You might consider misp feed https://github.com/MISP/PyMISP/tree/main/examples/feed-generator, basically it’s the best way to collect IOCs and import them into a MISP instance. These feeds help to correlate IOCs without manually launching the MISP module every time for each IOC, this also reduce the workload on your API servers as the list is cached locally on the MISP and updated every day.
-
Ingesting IOCs in to CS from MISP
If you're in Python, you can use PyMISP to login and get the new indicators, and then FalconPy to import them into your CrowdStrike tenant. (Basically the reverse of what the MISP-tools example is doing. You could start here and alter the logic.)
What are some alternatives?
When comparing MISP-QRadar-Integration and PyMISP you can also consider the following projects:
misp-galaxy - Clusters and elements to attach to MISP events or attributes (like threat actors)
yeti - Your Everyday Threat Intelligence