Details
Author | Nils Kuhnert, CERT-Bund |
Version | 2.0 |
License | AGPL-V3 |
Website | https://github.com/BSI-CERT-Bund/misp-warninglists-analyzer |
Requires Registration | No |
Requires Subscription | No |
Free Subscription Available | No |
DataType Supported | ip, hash, domain, fqdn, url |
Service Homepage | MISPWarningLists |
Description
Check IoCs/Observables against MISP Warninglists to filter false positives.
Configuration
Name | Description |
path | path to Warninglists folder |
conn | sqlalchemy connection string |
Additional details from the README file:
MISPWarningLists are lists of well-known indicators that can be associated to potential false positives, errors or mistakes.
The analyzer comes in a single flavour that will check observables against MISP Warninglists to filter false positives.
Option 1 low performances:
- Clone the MISPWarningLists GitHub repository.
- In the analyzer parameters configure the
path
of WarningLists folder.
Option 2 high performances:
- Clone the MISPWarningLists GitHub repository.
- Install PostgreSQL database.
- Set
conn_string
andwarninglists_path
located inside scriptwarninglists_create_db.py
and run it in order to parse all MISPWarningLists and insert into PostgreSQL. - In the analyzer parameters configure the
conn
to DB (for example: postgresql+psycopg2://user:password@localhost:5432/warninglists').