Skip to content

Commit 73c7607

Browse files
m1nk-codem1nk-code
authored
Merge pull request #107 from bpanicker13/patch-1
Create MISP
2 parents 323bec0 + 999b90b commit 73c7607

File tree

1 file changed

+34
-0
lines changed

1 file changed

+34
-0
lines changed

docs/MISP

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
# MISP
2+
3+
### API Access
4+
5+
MISP (Malware Information Sharing Platform) is a free and open source software platform for sharing cyber security indicators and threat intelligence. It can also be used as an integration point for connecting to other security solutions and platforms. Integrating MISP with Shuffle is an effective way to help automate many of the processes related to threat detection, investigation and response.
6+
7+
1. Start by logging into your MISP instance.
8+
9+
2. Create a new API Key under the “Configuration” tab.
10+
11+
3. Copy the API Key and make sure it is securely stored in a safe place.
12+
13+
4. Next, log in to your Shuffle instance and create a new integration using the MISP API.
14+
15+
5. Enter the URL for your MISP instance, as well as the API Key you just generated.
16+
17+
6. Ensure that the integration is configured correctly, including setting up any necessary filters or parameters.
18+
19+
7. Once the integration is complete, you should be able to begin using the MISP API for operations.
20+
21+
8. You may now begin querying the MISP instance for specific threat indicators or other pieces of intelligence that could be useful for analysis or incident response operations.
22+
23+
9. Finally, once you have retrieved any data from MISP, you can use Shuffle to automate tasks based on that data, such as running automated investigations or taking actions to remediate threats detected in your environment.
24+
25+
### Useful API queries:
26+
27+
* Getting all Events associated with a Tag: GET /tags/{tag_name}/events
28+
* Getting all Attributes of a given Event: GET /attributes/{event_id}
29+
* Adding new Sightings associated with an Event: POST /sightings/add
30+
* Retrieving all Sightings associated with an Event: GET /sightings/view/{event_id}
31+
* Retrieving existing Taxonomies, or creating new ones: POST /taxonomies/{taxonomy_name}
32+
* Retrieving all TTPs associated with an Event: GET /ttps/getTTPsByEventId/{event_id}
33+
* Adding a new Link between two Events: POST /links/add
34+
* Retrieving all Links between two Events: GET /links/getLinksByEventId/{event_id}

0 commit comments

Comments
 (0)