Skip to content
/ MISPego Public

Maltego Transform to put entities into MISP events

License

Notifications You must be signed in to change notification settings

MISP/MISPego

Repository files navigation

---------------------------------------------------------------------
---------------------------------------------------------------------
	   __  ______________              
	  /  |/  /  _/ __/ _ \___ ___ ____ 
	 / /|_/ // /_\ \/ ___/ -_) _ `/ _ \
	/_/  /_/___/___/_/   \__/\_, /\___/
	                        /___/      

	Created by: Tom King
	Adapted from: https://github.com/MISP/MISP-maltego
	Updated by: Adam McHugh
---------------------------------------------------------------------
---------------------------------------------------------------------

Maltego Transform to put entities into MISP events

Adust the following variables in mispego_util.py

BASE_URL = '<YOUR MISP BASE URL>'
API_KEY = '<YOUR API KEY>'
MISP_VERIFYCERT = False #Verify SSL Certificate or not
MISP_DEBUG = False #Set debug for PyMISP
MISP_EVENT_PUBLISH = <Publish T/F> #Publish event on creation
MISP_DISTRIBUTION = <0-3> #Distribution Level
MISP_ANALYSIS = <0-2> #Analyis Level
MISP_THREAT = <1-4> #Threat Level
MISP_TO_IDS = <IDS T/F> #Send to IDS

There is only one main file, mispego.py, which all transforms utilise.
Two command line arguments are expected as part of execution, these
have been prepopulated in the Maltego transform export.

All transforms and transform set are contained within the package "MISPego.mtz"
After importing this, you must manage the imported transforms, changing Working
Directory to the custom-transform location and Command Line (if using Windows etc.)

The following transform set will be imported: MISPego

The following transforms will be imported:

[MISPego] Create Event / Creates event and returns MISPEvent containing new Event ID
[MISPego] Select Event / Selects MISPEvent by ID as event to add attributes to
[MISPego] Add Domain to Event / Adds domain to selected MISP Event
[MISPego] Add IP to Event / Adds IP to selected MISP Event
[MISPego] Add Email Address to Event / Adds email address to MISP Event
[MISPego] Add Hash to Event / Adds md5-sha1-sha256 hash to MISP Event

Usage Notes:
  - Use 'Phrase' in Maltego to create Event, with Phrase Text => Event Description
  - When starting a new graph, ensure either Create Event, or Select, else previous EventID will be reused.
  - Use MISP_Event to select for insertion (This has one hour time-out protection)
  - Ensure folder has write-access permissions, so that event.db can be written.
  - Hash uses the VirusTotal Hash result.

Requirements:
PyMISP https://github.com/MISP/PyMISP

About

Maltego Transform to put entities into MISP events

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages