Details
| Author | Nils Kuhnert, CERT-Bund |
| Version | 2.0 |
| License | AGPL-V3 |
| Website | https://github.com/BSI-CERT-Bund/misp-warninglists-analyzer |
| Requires Registration | No |
| Requires Subscription | No |
| Free Subscription Available | No |
| DataType Supported | ip, hash, domain, fqdn, url |
| Service Homepage | MISPWarningLists |
Description
Check IoCs/Observables against MISP Warninglists to filter false positives.
Configuration
| Name | Description |
| path | path to Warninglists folder |
| conn | sqlalchemy connection string |
Additional details from the README file:
MISPWarningLists are lists of well-known indicators that can be associated to potential false positives, errors or mistakes.
The analyzer comes in a single flavour that will check observables against MISP Warninglists to filter false positives.
Option 1 low performances:
- Clone the MISPWarningLists GitHub repository.
- In the analyzer parameters configure the
pathof WarningLists folder.
Option 2 high performances:
- Clone the MISPWarningLists GitHub repository.
- Install PostgreSQL database.
- Set
conn_stringandwarninglists_pathlocated inside scriptwarninglists_create_db.pyand run it in order to parse all MISPWarningLists and insert into PostgreSQL. - In the analyzer parameters configure the
connto DB (for example: postgresql+psycopg2://user:password@localhost:5432/warninglists').