2018-11-12 13:25:53 +01:00
|
|
|
# Quick start guide
|
|
|
|
This is a Maltego MISP integration tool allowing you to view (read-only) data from a MISP instance.
|
2018-11-12 13:28:41 +01:00
|
|
|
|
2018-12-01 20:02:15 +01:00
|
|
|
Currently supported MISP elements are : Event, Attribute, Object (incl relations), Tag, Taxonomy, Galaxy (incl relations).
|
2018-11-12 13:28:41 +01:00
|
|
|
|
2018-12-11 13:59:50 +01:00
|
|
|
Once installed you can start by creating a `MISPEvent` entity, then load the Machine `EventToAll` or the transform `EventToAttributes`.
|
2018-11-12 13:28:41 +01:00
|
|
|
|
|
|
|
Alternatively initiate a transform on an existing Maltego entity.
|
|
|
|
The currently supported entities are: `AS`, `DNSName`, `Domain`, `EmailAddress`, `File`, `Hash`, `IPv4Address`, `NSRecord`, `Person`, `PhoneNumber`, `URL`, `Website`
|
|
|
|
|
2016-02-20 17:09:43 +01:00
|
|
|
|
2018-11-12 13:25:53 +01:00
|
|
|
Dependencies:
|
|
|
|
* [PyMISP](https://github.com/MISP/PyMISP)
|
|
|
|
* [Canari3](https://github.com/redcanari/canari3)
|
2016-02-20 17:09:43 +01:00
|
|
|
|
2018-11-12 13:25:53 +01:00
|
|
|
## Installation:
|
|
|
|
```
|
2018-11-12 16:21:30 +01:00
|
|
|
git clone https://github.com/MISP/MISP-maltego.git
|
2018-11-12 13:25:53 +01:00
|
|
|
cd MISP-maltego
|
|
|
|
cp src/MISP_maltego/resources/etc/MISP_maltego.conf MISP_maltego.conf
|
|
|
|
python3 setup.py install --user && canari create-profile MISP_maltego
|
|
|
|
```
|
|
|
|
Import the profile/transforms `MISP_maltego.mtz` in Maltego. (Import|Export > Import Config)
|
|
|
|
|
|
|
|
Edit `$HOME/.canari/MISP_maltego.conf` and enter your `misp_url` and `misp_key`
|
|
|
|
```
|
|
|
|
[MISP_maltego.local]
|
|
|
|
misp_url = https://a.b.c.d
|
|
|
|
misp_key = verysecretkey
|
|
|
|
misp_verify = True
|
|
|
|
misp_debug = False
|
|
|
|
```
|
2018-11-12 13:28:41 +01:00
|
|
|
## Screenshot
|
|
|
|
![Screenshot](https://github.com/MISP/MISP-maltego/blob/master/doc/screenshot.png)
|
2018-11-12 13:25:53 +01:00
|
|
|
|
|
|
|
## License
|
|
|
|
This software is licensed under [GNU Affero General Public License version 3](http://www.gnu.org/licenses/agpl-3.0.html)
|
|
|
|
|
|
|
|
* Copyright (C) 2018 Christophe Vandeplas
|
2016-02-20 17:09:43 +01:00
|
|
|
|
2018-11-12 13:25:53 +01:00
|
|
|
Note: Before being rewritten from scratch this project was maintained by Emmanuel Bouillon. The code is available in the `v1` branch.
|
2016-02-20 17:09:43 +01:00
|
|
|
|