You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I use MISP in correlation with an incident response architecture such as TheHive, Cortex tools, etc.
Now that MISP is installed and working well, I have a few questions about how it works.
I would like to have an internal MISP on my server, which is not accessible by anyone other than my internal network.
Next, I want to have an external MISP, which I would have access to on my network and which certain people or organizations could have access to.
Then, the idea would be to be able to push some IOCs from internal MISP to external MISP, when I have IOCs to publish.
On the external MISP, so I want certain organizations to be able to access certain IOCs but with particular restrictions, you see?
I therefore want to know if it is possible to set up this kind of structure and if you have any ideas of the functions to use, I am interested.
There is a lot of documentation for MISP, but I admit that I have a little trouble getting to grips with the tool.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello !
I use MISP in correlation with an incident response architecture such as TheHive, Cortex tools, etc.
Now that MISP is installed and working well, I have a few questions about how it works.
I would like to have an internal MISP on my server, which is not accessible by anyone other than my internal network.
Next, I want to have an external MISP, which I would have access to on my network and which certain people or organizations could have access to.
Then, the idea would be to be able to push some IOCs from internal MISP to external MISP, when I have IOCs to publish.
On the external MISP, so I want certain organizations to be able to access certain IOCs but with particular restrictions, you see?
I therefore want to know if it is possible to set up this kind of structure and if you have any ideas of the functions to use, I am interested.
There is a lot of documentation for MISP, but I admit that I have a little trouble getting to grips with the tool.
Beta Was this translation helpful? Give feedback.
All reactions