Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

47 lines
1.5KB

  1. # Install MISP-maltego remote transform as docker image.
  2. #
  3. # DO NOT USE THIS UNLESS YOU REALLY KNOW YOU NEED THIS
  4. # - Most people usually probably want to use the local transforms
  5. # - Others the 'ATT&CK - MISP' form the Transform Hub
  6. #
  7. # To build: "docker build MISP-maltego -t misp-maltego"
  8. # To run: "docker run -p 8080:8080/tcp misp-maltego" if you want to run and enable portforwarding
  9. # To stop: "docker ps" and "docker stop <instance_name>"
  10. #
  11. # Then configure your iTDS server
  12. # - to create all the transforms and seeds and point to your docker.
  13. # - export the objects, icons and machines to a mtz and associate to the seed
  14. # Paired Configurations:
  15. # - in Maltego > Export Config, and select
  16. # -- Entities > MISP
  17. # -- Icons > MISP + intelligence icons
  18. # -- Machines
  19. # Save as "paired_config.mtz", upload on TDS
  20. # TODO
  21. # - run the service with TLS, but that makes stuff more complex to automate
  22. FROM python:3
  23. RUN pip install PyMISP canari
  24. # keep this for normal install
  25. RUN pip install MISP-maltego
  26. # use this for install from your own local git repo
  27. # - first run "python setup.py sdist" to build the package
  28. # - change the version number below
  29. #COPY dist/MISP_maltego-1.4.1.tar.gz /usr/local/src/
  30. #RUN pip install /usr/local/src/MISP_maltego-1.4.1.tar.gz
  31. ENV LC_ALL='C.UTF-8'
  32. ENV LANG='C.UTF-8'
  33. ENV PLUME_ROOT='/var/plume'
  34. RUN addgroup nobody
  35. RUN canari install-plume --accept-defaults
  36. RUN canari load-plume-package MISP_maltego --plume-dir /var/plume --accept-defaults
  37. EXPOSE 8080/tcp
  38. CMD ["/etc/init.d/plume", "start-docker"]