Details
| Author | Nils Kuhnert, CERT-Bund |
| Version | 2.1 |
| License | AGPL-V3 |
| Website | https://github.com/BSI-CERT-Bund/cortex-analyzers |
| Requires Registration | No |
| Requires Subscription | No |
| Free Subscription Available | Yes |
| DataType Supported | domain, ip, url, fqdn, uri_path, user-agent, hash, mail, mail_subject, registry, regexp, other, filename |
| Service Homepage | MISP |
Description
Query multiple MISP instances for events containing an observable.
Configuration
| Name | Description |
| name | Name of MISP servers |
| url | URL of MISP servers |
| key | API key for each server |
| cert_check | Verify server certificate |
| cert_path | Path to the CA on the system used to check server certificate |
Additional details from the README file:
MISP A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.
The analyzer comes in a single flavour that will return MISP additional information for provided observable.
You need a valid MISP API integration to use the analyzer.
- Provide your API key as values for the
keyparameter.