Use the full content of the MISP MySQL database and helps the analyst to group the events by adversaries, tools, and any other caracteristics the analyst wants.
- sudo apt-get install python-dev libfuzzy-dev
- access to the redis database created by
backend/make_snapshot.py
- python packages:
pip install -r requirements.txt
- Configure the connection to redis in
config.py
:
redis_socket = '<path to the redis socket>'
- Run a redis server listening on the socket you defined in the config file
- Run
update_thirdparty.sh
- Run
website.py
In order to pre-group the events, you'll need to go the following:
- Fetch the misp-galaxy
- git submodule init
- git submodule update
- Index MISP database:
fti.py
- Group the event:
auto_group.py