A dashboard for a real-time overview of threat intelligence from MISP instances

Go to file

Alexandre Dulaunoy 0099458b9e add: LICENSE added		2017-10-28 10:33:24 +02:00
config	Display the number of log message in a dynamic chart + started support of multiple feeds	2017-08-24 16:02:28 +02:00
static	STILL MESSING WITH DEPS	2017-10-27 22:44:46 +02:00
templates	Added MISP logo	2017-10-27 22:19:51 +02:00
LICENSE	add: LICENSE added	2017-10-28 10:33:24 +02:00
README.md	Create README.md	2017-10-27 23:03:23 +02:00
config.cfg	fix: make GeoLite City downloaded by default	2017-10-28 10:27:31 +02:00
install_dependencies.sh	fix: make GeoLite City downloaded by default	2017-10-28 10:27:31 +02:00
retreive_map_pic.py	Started support of MISP ZMQ	2017-10-13 15:03:09 +02:00
server.py	switching to globalRedis + harmonization ui live-dashboard	2017-10-27 16:36:27 +02:00
start.sh	Display the number of log message in a dynamic chart + started support of multiple feeds	2017-08-24 16:02:28 +02:00
zmq_subscriber.py	switching to globalRedis + harmonization ui live-dashboard	2017-10-27 16:36:27 +02:00

README.md

MISP-Dashboard

A Dashboard showing live data and statistics from the MISP ZMQ

Installation

Launch ./install_dependencies.sh from the MISP-Dashboard directory
Update the configuration file config.cfg so that it matches your system
- Fields that you may change:
  - RedisGlobal -> host
  - RedisGlobal -> port
  - RedisLog -> zmq_url
  - RedisMap -> pathMaxMindDB

Starting the System

Activate your virtualenv . ./DASHENV/bin/activate
Listen to the MISP feed by starting the zmq_subscriber ./zmq_subscriber.py
Start the Flask server ./server.py

zmq_subscriber options


A zmq subscriber. It subscribe to a ZMQ then redispatch it to the MISP-dashboard

optional arguments:
  -h, --help            show this help message and exit
  -n ZMQNAME, --name ZMQNAME
                        The ZMQ feed name
  -u ZMQURL, --url ZMQURL
                        The URL to connect to