Overview
MISP is an open source software and it is also a large community of MISP users creating, maintaining and operating communities of users or organizations sharing information about threats or cyber security indicators worldwide.
Prerequisites
- Logsign 6.3.37 version support this integration.
Configure On MISP
Forwarding settings are completed as follows:
- Log in to your MISP portal.
- Go to Global Action > My Profile > Auth Keys section.
- Click on + Add authentication key.
- As an admin go to the the Administration > List Users > View page of the user you want to create an auth key for and on the Auth keys section click on + Add authentication key.
- Copy the API key.
Configure On Logsign
Forwarding settings are completed as follows:
- Click Settings > Integrations > Responses.
- In the ‘Search’ part, write MISP.
- Click ‘Configure’ and then click ‘+Device’.
- Define the settings as follows:
- Device Name: Define the Device Name.
- Api Key: Specify the api key.
- Host: Define the host. (https://x.x.x.x)
- Click Create to save the changes.
Methods
SEARCH_EVENT
- Device: Select the configuration you have configured.
- Event Id: Specify the event id.
SEARCH_ATTRIBUTES
- Device: Select the configuration you have configured.
- Value: Specify the value.
GET_ATTRIBUTES
- Device: Select the configuration you have configured.
CREATE_ATTRIBUTES
- Device: Select the configuration you have configured.
- Event Id: Specify the event id.
- Category: Select the category.
- Attribute Type: Select the attribute type.
- Value: Specify the value.
- Distribution: Select the distribution.
EDIT_ATTRIBUTE
- Device: Select the configuration you have configured.
- Attribute Id: Specify the attribute id.
- Event Id: Specify the event id.
- Category: Select the category.
- Attribute Type: Select the attribute type.
- Value: Specify the value.
- Distribution: Select the distribution.
DELETE_ATTRIBUTE
- Device: Select the configuration you have configured.
- Attribute Id: Specify the attribute id.
GET_EVENTS
- Device: Select the configuration you have configured.
DELETE_EVENTS
- Device: Select the configuration you have configured.
- Event Id: Specify the event id.
CREATE_EVENTS
- Device: Select the configuration you have configured.
- Org Id: Specify the organization id.
- Distribution: Select the distribution.
- Info: Define the info.
- Analysis: Select the analysis.
- Threat Level Id: Select the threat level id.