Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.md
commands.conf
get-misp-ioc.py
getmispioc.py
mispconfig.py

README.md

getiocmisp

getiocmisp is a Splunk custom search command that helps to extract IOCs from a MISP instance.

alt text

getiocmisp relies on PyMISP. PyMISP requires Python 3 but only Python 2.7 is available in the Splunk environment. The script getiocmips.py is a wrapper and calls get-ioc-misp.py. This is best to keep your Splunk instance clean.

Prerequisites

  1. Install Python 3 on the Splunk server
  2. Install PyMISP (see https://github.com/MISP/PyMISP)

Installation

  1. Copy get-ioc-misp.py & mispconfig.py in /usr/local/bin

  2. Edit mispconfig.py and specify your MISP URL and authorization key

  3. Copy getiocmisp.py in /opt/splunk/etc/apps//bin/

  4. Copy the commands.conf or change the existing one in /opt/splunk/etc/apps//local/

  5. Restart Splunk

Usage

See https://blog.rootshell.be/wp-content/uploads/2017/10/

You can’t perform that action at this time.