History

Sami Mokaddem 820eb77cff fix: [feed-generator] Revert back the event initial search to use the index endpoint instead of RestSearch Relying on RestSearch was offering more flexibility than index in terms of filtering options, however, it might introduce a significant overhead potentially leading to timeout.		2021-11-17 12:35:26 +01:00
..
output	fix: revert rename, fix mypy	2021-06-21 11:39:08 -07:00
README.md	fix: revert rename, fix mypy	2021-06-21 11:39:08 -07:00
generate.py	fix: [feed-generator] Revert back the event initial search to use the index endpoint instead of RestSearch	2021-11-17 12:35:26 +01:00
settings.default.py	chg: [feed-generator] Added exclude malware samples option	2021-11-05 11:37:10 +01:00

README.md

What

This python script can be used to generate a MISP feed based on an existing MISP instance.

Installation

git clone https://github.com/MISP/PyMISP.git
cd examples/feed-generator
cp settings.default.py settings.py
vi settings.py #adjust your settings
python3 generate.py

Output

The generated feed will be stored in your outputdir. It contains the files:

manifest.json - containing the feed manifest (generic event information)
hashes.csv - listing the hashes of the attribute values
*.json - a large amount of json files

Importing in MISP

To import this feed into your MISP instance:

Sync Actions > List Feeds > Add feed
Fill in the form while ensuring the 'source format' is set to 'MISP Feed'

For more information about feeds please read: https://misp.gitbooks.io/misp-book/content/managing-feeds/