14b75951c2
|
||
|---|---|---|
| build/lib/MISP_maltego | ||
| doc | ||
| src/MISP_maltego | ||
| .canari | ||
| .gitignore | ||
| .mrbob.ini | ||
| LICENSE | ||
| MANIFEST.in | ||
| README.md | ||
| setup.py | ||
README.md
Quick start guide
This is a Maltego MISP integration tool allowing you to view (read-only) data from a MISP instance.
Currently supported MISP elements are : Event, Attribute, Object, Tag, Taxonomy, Galaxy and relations.
Once installed you can start by creating a MISPEvent entity, then load the transform EventToAttributes.
Alternatively initiate a transform on an existing Maltego entity.
The currently supported entities are: AS, DNSName, Domain, EmailAddress, File, Hash, IPv4Address, NSRecord, Person, PhoneNumber, URL, Website
Dependencies:
Installation:
git clone https://github.com/MISP/MISP-maltego.git
cd MISP-maltego
cp src/MISP_maltego/resources/etc/MISP_maltego.conf MISP_maltego.conf
python3 setup.py install --user && canari create-profile MISP_maltego
Import the profile/transforms MISP_maltego.mtz in Maltego. (Import|Export > Import Config)
Edit $HOME/.canari/MISP_maltego.conf and enter your misp_url and misp_key
[MISP_maltego.local]
misp_url = https://a.b.c.d
misp_key = verysecretkey
misp_verify = True
misp_debug = False
Screenshot
License
This software is licensed under GNU Affero General Public License version 3
- Copyright (C) 2018 Christophe Vandeplas
Note: Before being rewritten from scratch this project was maintained by Emmanuel Bouillon. The code is available in the v1 branch.
The Canari welcome message: # README - MISP_maltego
Welcome to Canari. You might be wondering what all these files are about. Before you can use the power of
canari create-profile you needed to create a transform package and that's exactly what you did here! I've given you a
directory structure to use in the following manner:
src/MISP_maltegodirectory is where all your stuff goes in terms of auxiliary modules that you may need for your modulessrc/MISP_maltego/transformsdirectory is where all your transform modules should be placed. An examplehelloworldtransform is there for your viewing pleasure.src/MISP_maltego/transforms/commondirectory is where you can put some common code for your transforms like result parsing, entities, etc.src/MISP_maltego/transforms/common/entities.pyis where you define your custom entities. Take a look at the examples provided if you want to play around with custom entities.maltego/is where you can store your Maltego entity exports.src/MISP_maltego/resources/maltegodirectory is where yourentities.mtzand*.machinefiles can be stored for auto install and uninstall.src/MISP_maltego/resources/externaldirectory is where you can place non-Python transforms written in other languages.
If you're going to add a new transform in the transforms directory, remember to update the __all__ variable in
src/MISP_maltego/transforms/__init__.py. Otherwise, canari install-package won't attempt to install the
transform. Alternatively, canari create-transform <transform name> can be used within the
src/MISP_maltego/transforms directory to generate a transform module and have it automatically added to the
__init__.py file, like so:
$ canari create-transform foo
To test your transform, simply cd into the src directory and run canari debug-transform, like so:
$ canari debug-transform MISP_maltego.transforms.helloworld.HelloWorld Phil
%50
D:This was pointless!
%100
`- MaltegoTransformResponseMessage:
`- Entities:
`- Entity: {'Type': 'test.MyTestEntity'}
`- Value: Hello Phil!
`- Weight: 1
`- AdditionalFields:
`- Field: 2 {'DisplayName': 'Field 1', 'Name': 'test.field1', 'MatchingRule': 'strict'}
`- Field: test {'DisplayName': 'Field N', 'Name': 'test.fieldN', 'MatchingRule': 'strict'}
Cool right? If you have any further questions don't hesitate to drop us a line;)
Have fun!