A curses-style interface for generating automatic takedown notifications through RT/RTIR using MISP events as input.
This code is a surprisingly well working result of an experiment. However, the code needs improvements here and there. Also, the installation process regarding urlabuse, uwhoisd, MISP and RT/RTIR is not the most straight forward. We'd be happy to find contributors for code improvements and installation documentation. Both could be part of an internship at CIRCL. Reach out if you are interested.
misp-takedown requires a MISP instance (API access) and:
A series of notification templates are included, such as:
It can be easily extended to match your abuse notification processes and/or templates.
What it looks like: video screencast
This software is licensed under GNU Affero General Public License version 3
- Copyright (C) 2017, 2018 Sascha Rommelfangen
- Copyright (C) 2017, 2018 CIRCL - Computer Incident Response Center Luxembourg