MISP
This document explains how to set up and use the MISP intel feed with TruSTAR Station.
MISP is a threat intelligence platform for gathering, sharing, storing and correlating IOCs from targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.
- Source Type: Premium Intel
- Update Type: Feed-based
- Update Frequency: 15 minutes
- Time to Install: 10 minutes
Data Types
The integration pulls all observables supported by TruSTAR.
Requirements
- Your MISP Server URL
- MISP Authentication Key
- Versions supported: 2.4.93 - 2.4.127
Getting Started
After you have retrieved your MISP URL and Auth Keys follow these steps:
- Sign into TruSTAR.
- Click the Marketplace tab.
- Choose Premium Intel.
- Click Subscribe on the MISP box.
- Enter your MISP API key and click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
Report Mapping
TruSTAR | MISP |
Report External Id | Event UUID |
Report Body | Entire Event Content |
Report Tags | Event Tags |
Report Update | If an event with the same UUID is observed, the existing report is updated by replacing it with the updated content. |
Known Issues
No reported issues.