This document explains how to set up and use the MISP intel feed with TruSTAR Station.
MISP is a threat intelligence platform for gathering, sharing, storing and correlating IOCs from targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.
- Source Type: Premium Intel
- Update Type: Feed-based
- Update Frequency: 15 minutes
- Time to Install: 10 minutes
The integration pulls all observables supported by TruSTAR.
- Your MISP Server URL
- MISP Authentication Key
After you have retrieved your MISP URL and Auth Keys follow these steps:
- Sign into TruSTAR.
- Click the Marketplace tab.
- Choose Closed Sources.
- Click Subscribe on the MISP box.
- Enter your MISP API key and click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
Report External Id
Entire Event Content
If an event with the same UUID is observed, the existing report is updated by replacing it with the updated content.
No reported issues.