MISP
/
misp-dashboard
mirror of https://github.com/MISP/misp-dashboard
2
0
Fork 0
Code Issues Releases Wiki Activity
A dashboard for a real-time overview of threat intelligence from MISP instances
296 Commits
8 Branches
5 Tags
9.6 MiB
JavaScript 75.9%
Python 14.3%
HTML 7.6%
Shell 1.3%
CSS 0.9%
 
 
 
 
 
Go to file
Sami Mokaddem 92ccd8517e update: start_all.sh 2017-12-04 14:36:30 +01:00
config fix: Added keyname in configuration 2017-12-01 15:09:26 +01:00
data feature: Added geolocation of phone numbers 2017-11-27 16:32:02 +01:00
screenshots update: Readme + added screenshots 2017-11-21 16:45:20 +01:00
static UI: Reduced size of panel so that it does not overflow in the page. 2017-12-04 11:49:30 +01:00
templates UI: Reduced size of panel so that it does not overflow in the page. 2017-12-04 11:49:30 +01:00
LICENSE add: LICENSE added 2017-10-28 10:33:24 +02:00
README.md update: updated readme 2017-12-04 14:01:06 +01:00
contributor_helper.py ui: Restrained number of orgs in fame and prevented datatable to go over 2017-12-01 16:02:28 +01:00
geo_helper.py refacto: rmoved prints and added return in case phone number can't be 2017-12-01 15:52:50 +01:00
give_honors_to_org.py Draft support of trophies in ZMQ 2017-11-14 14:05:54 +01:00
install_dependencies.sh feature: Added geolocation of phone numbers 2017-11-27 16:32:02 +01:00
retreive_map_pic.py Started support of MISP ZMQ 2017-10-13 15:03:09 +02:00
server.py ui: Restrained number of orgs in fame and prevented datatable to go over 2017-12-01 16:02:28 +01:00
start_all.sh update: start_all.sh 2017-12-04 14:36:30 +01:00
trendings_helper.py refact: moved redis keyname in the helper constructor. Permit to have 2017-11-29 16:46:45 +01:00
users_helper.py fix: Fixed tons of bugs related to migration of handle_contribution to 2017-12-01 15:39:17 +01:00
util.py fix: Fixed tons of bugs related to migration of handle_contribution to 2017-12-01 15:39:17 +01:00
zmq_dispatcher.py Refacto: removed useless args and vars 2017-12-04 11:14:25 +01:00
zmq_subscriber.py Refacto: removed useless args and vars 2017-12-04 11:14:25 +01:00

README.md

MISP-Dashboard

An experimental dashboard showing live data and statistics from the ZMQ of one or more MISP instances.

Installation

  • Launch ./install_dependencies.sh from the MISP-Dashboard directory
  • Update the configuration file config.cfg so that it matches your system
    • Fields that you may change:
      • RedisGlobal -> host
      • RedisGlobal -> port
      • RedisGlobal -> zmq_url
      • RedisGlobal -> misp_web_url
      • RedisMap -> pathMaxMindDB

Updating by pulling

  • Re-launch ./install_dependencies.sh to fetch new required dependencies
  • Re-update your configuration file config.cfg

Starting the System

  • Be sure to have a running redis server
    • e.g. redis-server -p 6250
  • Activate your virtualenv . ./DASHENV/bin/activate
  • Listen to the MISP feed by starting the zmq_subscriber ./zmq_subscriber.py
  • Start the dispatcher to process received messages ./zmq_dispatcher.py
  • Start the Flask server ./server.py
  • Access the interface at http://localhost:8001/

Features

Live Dashboard

  • Possibility to subscribe to multiple ZMQ feeds
  • Shows direct contribution made by organisations
  • Shows live resolvable posted locations

Dashboard live

Geolocalisation Dashboard

  • Provides historical geolocalised information to support security teams, CSIRTs or SOC finding threats in their constituency
  • Possibility to get geospatial information from specific regions

Dashbaord geo

Contributors Dashboard

Shows:

  • The monthly rank of all organisation
  • The last organisation that contributed (dynamic updates)
  • The contribution level of all organisation
  • Each category of contribution per organisation
  • The current ranking of the selected organisation (dynamic updates)

Includes:

  • Gamification of the platform:
    • Two different levels of ranking with unique icons
    • Exclusive obtainable badges for source code contributors and donator

Dashboard contributor Dashboard contributor2

Users Dashboard

  • Shows when and how the platform is used:
    • Login punchcard and overtime
    • Contribution vs login

Dashboard users

Trendings Dashboard

  • Provides real time information to support security teams, CSIRTs or SOC showing current threats and activity
    • Shows most active events, categories and tags
    • Shows sightings and discussion overtime

Dashboard users

zmq_subscriber options


A zmq subscriber. It subscribe to a ZMQ then redispatch it to the MISP-dashboard

optional arguments:
  -h, --help            show this help message and exit
  -n ZMQNAME, --name ZMQNAME
                        The ZMQ feed name
  -u ZMQURL, --url ZMQURL
                        The URL to connect to

License

Images and logos are handmade for:

  • rankingMISPOrg/
  • rankingMISPMonthly/
  • MISPHonorableIcons/

Note that:

  • Part of MISPHonorableIcons/1.svg comes from octicons.github.com (CC0 - No Rights Reserved)
  • Part of MISPHonorableIcons/2.svg comes from Zeptozephyr (CC0 - No Rights Reserved)
Copyright (C) 2017 CIRCL - Computer Incident Response Center Luxembourg (c/o smile, security made in Lëtzebuerg, Groupement d'Intérêt Economique)
Copyright (c) 2017 Sami Mokaddem


This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.