History

iglocska 671c9fabf5 new: [support for signing] added - added new class CryptographicKeys - added functions to to_feed calls to include crypto keys - added protected boolean field to misp event - updated feed generator to support signing - if the new setting is set to True signing will be attempted for protected events - protected events are now passed to the /cryptographic_keys/serverSign endpoint of misp for signing - signatures are included as a .asc file in the output directory - TODO: - currently the JSON dumping is moved from a streamed dumping to an in memory dump before saving to disk - add a check for protected events and revert to streamed dumping for non protected events - alternatively use the already saved files to request signing from MISP		2024-12-08 18:48:07 +01:00
..
output	fix: revert rename, fix mypy	2021-06-21 11:39:08 -07:00
README.md	fix: revert rename, fix mypy	2021-06-21 11:39:08 -07:00
generate.py	new: [support for signing] added	2024-12-08 18:48:07 +01:00
settings.default.py	new: [support for signing] added	2024-12-08 18:48:07 +01:00

README.md

What

This python script can be used to generate a MISP feed based on an existing MISP instance.

Installation

git clone https://github.com/MISP/PyMISP.git
cd examples/feed-generator
cp settings.default.py settings.py
vi settings.py #adjust your settings
python3 generate.py

Output

The generated feed will be stored in your outputdir. It contains the files:

manifest.json - containing the feed manifest (generic event information)
hashes.csv - listing the hashes of the attribute values
*.json - a large amount of json files

Importing in MISP

To import this feed into your MISP instance:

Sync Actions > List Feeds > Add feed
Fill in the form while ensuring the 'source format' is set to 'MISP Feed'

For more information about feeds please read: https://misp.gitbooks.io/misp-book/content/managing-feeds/