PyMISP
MISP-QRadar-Integration
PyMISP | MISP-QRadar-Integration | |
---|---|---|
3 | 2 | |
422 | 36 | |
1.7% | - | |
9.2 | 0.0 | |
2 days ago | almost 2 years ago | |
Python | Python | |
GNU General Public License v3.0 or later | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
PyMISP
- FLaNK Stack Weekly for 13 November 2023
-
Get CrowdSec IOCs feed into MISP
You might consider misp feed https://github.com/MISP/PyMISP/tree/main/examples/feed-generator, basically itβs the best way to collect IOCs and import them into a MISP instance. These feeds help to correlate IOCs without manually launching the MISP module every time for each IOC, this also reduce the workload on your API servers as the list is cached locally on the MISP and updated every day.
-
Ingesting IOCs in to CS from MISP
If you're in Python, you can use PyMISP to login and get the new indicators, and then FalconPy to import them into your CrowdStrike tenant. (Basically the reverse of what the MISP-tools example is doing. You could start here and alter the logic.)
MISP-QRadar-Integration
-
Problem with execute MISP integration
Did you see this already? https://github.com/karthikkbala/MISP-QRadar-Integration/issues/5
What are some alternatives?
yeti - Your Everyday Threat Intelligence
misp-galaxy - Clusters and elements to attach to MISP events or attributes (like threat actors)
vimGPT - Browse the web with GPT-4V and Vimium
misp-warninglists - Warning lists to inform users of MISP about potential false-positives or other information in indicators
clipea - ππ’ Like Clippy but for the CLI. A blazing fast AI helper for your command line
iocextract - Defanged Indicator of Compromise (IOC) Extractor.
MISP-tools - Import CrowdStrike Threat Intelligence into your instance of MISP
cowrie - Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
PaK-Stocks - Stocks
threatbus - π Threat Bus β A threat intelligence dissemination layer for open-source security tools.
livegrep - Interactively grep source code. Source for http://livegrep.com/
ThreatIngestor - Extract and aggregate threat intelligence.