Skip to content
/ MISP2Sentinel Public

A Python integration that fetches Threat Intelligence from MISP and publishes it to Microsoft Sentinel SIEM.

License

Apache-2.0 license
6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hazcod/MISP2Sentinel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

103 Commits
.github
.github
 
 
src/misp_to_sentinel
src/misp_to_sentinel
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

MISP2Sentinel

A Python script that ingests alert telemetry from MISP and inserts it into Microsoft Sentinel via the Graph API.

It will use environment variables (see dev.env below) to connect to both.

Usage

Example docker run:

# dev.env is the file as specified below which contains the configuration
% docker run --name=misp2sentinel -t --rm --env-file=dev.env --read-only --tmpfs=/data ghcr.io/hazcod/sentinel2misp/sentinel2misp:latest

Build

With make and docker installed locally:

% make build

Local development

First create a local development file called dev.env:

MISP_EVENT_LIMIT=1
MISP_BASE_URL=https://
MISP_KEY=
MISP_EVENT_TIMEFRAME=7d

AZ_TENANT_ID=
AZ_MISP_CLIENT_ID=
AZ_MISP_CLIENT_SECRET=
AZ_SUBSCRIPTION=
AZ_SENTINEL_RG=
AZ_SENTINEL_WORKSPACE_NAME=
AZ_DAYS_TO_EXPIRE=

And now build & run the docker container:

% make

About

A Python integration that fetches Threat Intelligence from MISP and publishes it to Microsoft Sentinel SIEM.

Topics

azure sentinel misp

Resources

Readme

License

Apache-2.0 license
Activity

Stars

6 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 6

v1.0.4 Latest
Dec 30, 2022
+ 5 releases

Packages 1

 

Contributors 3

  •  
  •  
  •  

Languages