Ingesting IOCs in to CS from MISP

This page summarizes the projects mentioned and recommended in the original post on /r/crowdstrike
crowdstrike misp crowdstrike-falcon crowdstrike-apis crowdstrike-falcon-api

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • MISP-tools

    Import CrowdStrike Threat Intelligence into your instance of MISP

    • I'd start with intel_client.py (most CS interactions happen here) and indicators.py (the logic for the handling of indicators, a lot of this is PyMISP-specific but it will help you identify data elements you want to bring over).

  • PyMISP

    Python library using the MISP Rest API

    • If you're in Python, you can use PyMISP to login and get the new indicators, and then FalconPy to import them into your CrowdStrike tenant. (Basically the reverse of what the MISP-tools example is doing. You could start here and alter the logic.)

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • falconpy

    The CrowdStrike Falcon SDK for Python

    • If you're in Python, you can use PyMISP to login and get the new indicators, and then FalconPy to import them into your CrowdStrike tenant. (Basically the reverse of what the MISP-tools example is doing. You could start here and alter the logic.)

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Collection of Queries

    5 projects | /r/crowdstrike | 6 Jun 2023

  • 2023-03-23 - Cool Query Friday - LogScale: The Basics Part I

    1 project | /r/crowdstrike | 23 Mar 2023

  • Logscale Dashboards

    1 project | /r/crowdstrike | 2 Dec 2022

  • RTR API for files download

    5 projects | /r/crowdstrike | 4 Apr 2022

  • FalconPy RTR Multiple Hosts

    1 project | /r/crowdstrike | 22 Feb 2022