MISP RESPONSE INTEGRATION

Overview

MISP is an open source software and it is also a large community of MISP users creating, maintaining and operating communities of users or organizations sharing information about threats or cyber security indicators worldwide.

Prerequisites

  • Logsign 6.3.37 version support this integration.

Configure On MISP

Forwarding settings are completed as follows:

 

  1. Log in to your MISP portal.
  2. Go to Global Action > My Profile > Auth Keys section.

  1. Click on + Add authentication key.
  2. As an admin go to the the Administration > List Users > View page of the user you want to create an auth key for and on the Auth keys section click on + Add authentication key.
  3. Copy the API key. 







Configure On Logsign

Forwarding settings are completed as follows:

 

  1. Click Settings > Integrations > Responses.
  2. In the ‘Search’ part, write MISP.
  3. Click ‘Configure’ and then click ‘+Device’.

  1. Define the settings as follows:
  • Device Name: Define the Device Name.
  • Api Key: Specify the api key.
  • Host: Define the host. (https://x.x.x.x)
  1. Click Create to save the changes.








Methods

SEARCH_EVENT

  • Device: Select the configuration you have configured.
  • Event Id: Specify the event id.

 

SEARCH_ATTRIBUTES

 

  • Device: Select the configuration you have configured.
  • Value: Specify the value.

 

GET_ATTRIBUTES

  • Device: Select the configuration you have configured.

 

CREATE_ATTRIBUTES

  • Device: Select the configuration you have configured.
  • Event Id: Specify the event id.
  • Category: Select the category.
  • Attribute Type: Select the attribute type.
  • Value: Specify the value.
  • Distribution: Select the distribution.











EDIT_ATTRIBUTE

  • Device: Select the configuration you have configured.
  • Attribute Id: Specify the attribute id.
  • Event Id: Specify the event id.
  • Category: Select the category.
  • Attribute Type: Select the attribute type.
  • Value: Specify the value.
  • Distribution: Select the distribution.








DELETE_ATTRIBUTE

  • Device: Select the configuration you have configured.
  • Attribute Id: Specify the attribute id.

 

GET_EVENTS

  • Device: Select the configuration you have configured.









DELETE_EVENTS

  • Device: Select the configuration you have configured.
  • Event Id: Specify the event id.


























CREATE_EVENTS

  • Device: Select the configuration you have configured.
  • Org Id: Specify the organization id.
  • Distribution: Select the distribution.
  • Info: Define the info.
  • Analysis: Select the analysis.
  • Threat Level Id: Select the threat level id.
Was this article helpful?
0 out of 1 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.