Integration of MISP with Splunk Cloud

[narendrahm]

Is there any way to integrate MISP with Splunk Cloud

[gregzee]

I see that a few versions are compatible for Splunk Cloud, but there isn't any documentation on this particular integration.

[remg427]

Hi,
misp42splunk is designed to be on a SH: it has custom commands and 2 alert actions. no data is ingested via forwarder
I am working on a cleaner version with a lookup to manage MISP instances.

[gregzee]

@remg427

I was under the impression we can pull IOC/Threat Intel from MISP into Splunk/Splunk Cloud. If it is still on the SH, is it still possible?

I am assuming with the custom commands we can pull from MISP, but would like to verify. Thank you for the reply.

Thanks!

[remg427]

version 4 should pass cloud vetting process.
to pull data from MISP you can use custom commands and alert actions to push data
in version4 there is also a wrapper for MISP API misprest. provided you build a valid JSON request.

[remg427]

version 4.0.0 has been vetted for deployment on Splunk Cloud
Products: Splunk Enterprise, Splunk Cloud
Splunk Versions: 8.1, 8.0

[narendrahm]

That the great work, Thank you Regards Narendra

…

On Mon, Nov 23, 2020 at 6:31 PM Rémi Séguy ***@***.***> wrote: Closed #169 <#169>. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#169 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACHKNKCCQHQXEH5DIINCEJLSRJMMNANCNFSM4SEIDBSQ> .