MISP download Issues to SO.

[njaravelil]

My MISP instance has a lot of events/attribites since year 2010 onwards and For some reasosn so-misp-download never finishes and always fails. I am referring the link https://github.com/weslambert/securityonion-misp.

Insted ohow can I download just selecet inel ( say domain/ip) for a period of last 30 days && with a tag:TLP:Amber only to be downloaded to the intel insted of download/all in bash script? My attempt to play on tis fails and any inputs is appreciated.

wget -q --no-check-certificate --header="Authorization: $APIKEY" $MISP/attributes/bro/download/all -O $INTEL_PATH. My MISP version is 2.4.169,any further input is appreciable.

[weslambert]

You could customize the download script to filter based on whatever you prefer. It is unoptimized at the moment.

https://www.circl.lu/doc/misp/automation/#get-eventsnids-nids-rules-export

Keep in mind, this is not fully supported by the Security Onion Solutions team, so it is preferred that any issues with the integration be posed on the Github repository.

Pull requests are always welcome!
https://github.com/weslambert/securityonion-misp