Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Is your feature request related to a problem? Please describe.
Sighting is a common techniques used in threat intelligence platform to sight specific attributes/indicators. We will release in the next version of MISP 2.4.118 a generic service where you can add custom sighting server. The query protocol is documented and there is a prototype sighting server.
Describe the solution you'd like
vast is providing a fast-lookup data-structure which could be used a source of sighting. It would be great to have a sighting functionality in vast to be able for MISP users to query the information/network flow stored such as IP addresses seen or alike.
Describe alternatives you've considered
Another alternative to have a misp-module to query vast directly but that's more intrusive than a simple sighting lookup.
This is a great idea. I read the SightingDB RFC today think VAST is good fit here. In principle, there are two modes of operating that could make sense, and maybe this could be some feedback for the RFC.