MISP
/
MISP-maltego
mirror of https://github.com/MISP/MISP-maltego
2
0
Fork 0
Code Issues Releases Wiki Activity
Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset.
22 Commits
2 Branches
7 Tags
5 MiB
Python 97.6%
Dockerfile 2.3%
Shell 0.1%
 
 
 
Go to file
Christophe Vandeplas 757368fba7 new: [machine] EventToAll expanding to everything direct relations 2018-12-11 13:59:50 +01:00
doc redevelopment from scratch using canari3 2018-11-12 13:25:53 +01:00
src/MISP_maltego new: [machine] EventToAll expanding to everything direct relations 2018-12-11 13:59:50 +01:00
.canari redevelopment from scratch using canari3 2018-11-12 13:25:53 +01:00
.gitignore cleanup noise 2018-11-20 11:35:18 +02:00
.mrbob.ini redevelopment from scratch using canari3 2018-11-12 13:25:53 +01:00
LICENSE redevelopment from scratch using canari3 2018-11-12 13:25:53 +01:00
MANIFEST.in redevelopment from scratch using canari3 2018-11-12 13:25:53 +01:00
README.md new: [machine] EventToAll expanding to everything direct relations 2018-12-11 13:59:50 +01:00
setup.py redevelopment from scratch using canari3 2018-11-12 13:25:53 +01:00

README.md

Quick start guide

This is a Maltego MISP integration tool allowing you to view (read-only) data from a MISP instance.

Currently supported MISP elements are : Event, Attribute, Object (incl relations), Tag, Taxonomy, Galaxy (incl relations).

Once installed you can start by creating a MISPEvent entity, then load the Machine EventToAll or the transform EventToAttributes.

Alternatively initiate a transform on an existing Maltego entity. The currently supported entities are: AS, DNSName, Domain, EmailAddress, File, Hash, IPv4Address, NSRecord, Person, PhoneNumber, URL, Website

Dependencies:

Installation:

git clone https://github.com/MISP/MISP-maltego.git
cd MISP-maltego
cp  src/MISP_maltego/resources/etc/MISP_maltego.conf MISP_maltego.conf
python3 setup.py install --user && canari create-profile MISP_maltego

Import the profile/transforms MISP_maltego.mtz in Maltego. (Import|Export > Import Config)

Edit $HOME/.canari/MISP_maltego.conf and enter your misp_url and misp_key

[MISP_maltego.local]
misp_url = https://a.b.c.d
misp_key = verysecretkey
misp_verify = True
misp_debug = False

Screenshot

Screenshot

License

This software is licensed under GNU Affero General Public License version 3

  • Copyright (C) 2018 Christophe Vandeplas

Note: Before being rewritten from scratch this project was maintained by Emmanuel Bouillon. The code is available in the v1 branch.