A curses-style interface for automatic takedown notification based on MISP events.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
templates
.gitignore
LICENSE
README.md
ascii.py
asciiconfig.py-sample
keys.py-sample

README.md

misp-takedown

A curses-style interface for generating automatic takedown notifications through RT/RTIR using MISP events as input.

Disclaimer

This code is a surprisingly well working result of an experiment. However, the code needs improvements here and there. Also, the installation process regarding urlabuse, uwhoisd, MISP and RT/RTIR is not the most straight forward. We'd be happy to find contributors for code improvements and installation documentation. Both could be part of an internship at CIRCL. Reach out if you are interested.

Requirements

misp-takedown requires a MISP instance (API access) and:

Templates included

A series of notification templates are included, such as:

It can be easily extended to match your abuse notification processes and/or templates.

Demo

What it looks like: video screencast

License

This software is licensed under GNU Affero General Public License version 3

  • Copyright (C) 2017, 2018 Sascha Rommelfangen
  • Copyright (C) 2017, 2018 CIRCL - Computer Incident Response Center Luxembourg