MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity
PyMISP/examples/feed-generator
History
Sami Mokaddem 820eb77cff
fix: [feed-generator] Revert back the event initial search to use the index endpoint instead of RestSearch 
Relying on RestSearch was offering more flexibility than index in terms of filtering options,
however, it might introduce a significant overhead potentially leading to timeout.
 		2021-11-17 12:35:26 +01:00
..
output
README.md
generate.py fix: [feed-generator] Revert back the event initial search to use the index endpoint instead of RestSearch 2021-11-17 12:35:26 +01:00
settings.default.py chg: [feed-generator] Added exclude malware samples option 2021-11-05 11:37:10 +01:00

README.md

What

This python script can be used to generate a MISP feed based on an existing MISP instance.

Installation

git clone https://github.com/MISP/PyMISP.git
cd examples/feed-generator
cp settings.default.py settings.py
vi settings.py #adjust your settings
python3 generate.py

Output

The generated feed will be stored in your outputdir. It contains the files:

  • manifest.json - containing the feed manifest (generic event information)
  • hashes.csv - listing the hashes of the attribute values
  • *.json - a large amount of json files

Importing in MISP

To import this feed into your MISP instance:

  • Sync Actions > List Feeds > Add feed
  • Fill in the form while ensuring the 'source format' is set to 'MISP Feed'

For more information about feeds please read: https://misp.gitbooks.io/misp-book/content/managing-feeds/