Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Not long ago, the MISP project announced the ability to export NIDS rules created from events/indicators.
We can leverage this functionality by quickly and easily setting up an automated mechanism to pull NIDS rules from a MISP instance and add them to our local rules for Security Onion. To do so, we just need to follow the simple steps below:
Please keep in mind we do not officially this integration, so installation is at your own risk.
Clone the repo:
git clone https://github.com/weslambert/securityonion-misp
Run the setup script:
Update rules (if desired):
Confirm rules in place:
grep -i misp /etc/nsm/rules/downloaded.rules
You should now be up and running!
MISP rules will be downloaded via cron-job at the interval specified in