MISP

by Elvis Hovor

Introduction

MISP is a threat intelligence platform for gathering, sharing, storing and correlating Indicators of

Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability

information or even counter-terrorism information.

Prerequisites

This integration requires TruSTAR users to have already set up their MISP servers. To complete the integration you will need your MISP Server URL and Authentication Key.

Configure Integration

After you have retrieved your MISP URL and Auth Keys follow these steps:

1. Log into TruSTAR Station and select Explore->Marketplace (https://station.trustar.co/browse/marketplace).
2. Select MISP by clicking on the logo and fill in the URL and Auth Keys.
3. Select save credentials and request integration.

After the integration is enabled, you should see the latest events from MISP being submitted into an enclave you control on TruSTAR.

FAQ

• What data do we currently pull from MISP?
  • Our integration currently only pulls newly created events in MISP, the whole event body is pulled down and submitted as the body of the report in TruSTAR
  • Please contact us if you would like to discuss how other reports can be pulled from Digital Shadows.

• How often is the data pulled?
  • Our integration retrieves data from MISP every 15 minutes. The initial pull will query events for the last 24h and checkpoint the timestamp to use as a basis to ingest the latest events every 15 mins.

• What about Historical Data?
  • We can use the MISP sync feature to download all historical data from the MISP server and upload that data into the user's enclave in TruSTAR.

Data Mapping

How Did We Do?

Related Articles

• How does Closed Source Intel Work?
• Marketplace
• Source Scoring