diff --git a/misp_modules/modules/export_mod/cef_export.py b/misp_modules/modules/export_mod/cef_export.py
new file mode 100755
index 0000000..3f2ff61
--- /dev/null
+++ b/misp_modules/modules/export_mod/cef_export.py
@@ -0,0 +1,81 @@
+import json
+import base64
+import datetime
+
+misperrors = {'error': 'Error'}
+
+# possible module-types: 'expansion', 'hover' or both
+moduleinfo = {'version': '1', 'author': 'Hannah Ward',
+              'description': 'Export a module in CEF format',
+              'module-type': ['export']}
+
+# config fields that your code expects from the site admin
+moduleconfig = ["Default_Severity", "Device_Vendor", "Device_Product", "Device_Version"]
+
+cefmapping = {"ip-src":"src", "ip-dst":"dst", "hostname":"dhost", "domain":"dhost",
+              "md5":"fileHash", "sha1":"fileHash", "sha256":"fileHash",
+              "url":"request"}
+
+mispattributes = {'input':list(cefmapping.keys())}
+outputFileExtension = "cef"
+responseType = "application/txt"
+
+def handler(q=False):
+    if q is False:
+        return False
+    request = json.loads(q)
+    if "config" in request:
+      config  = request["config"]
+    else:
+      config  = {"Default_Severity":1, "Device_Vendor":"MISP", "Device_Product":"MISP", "Device_Version":1}
+
+    data = request["data"]
+    response = ""
+    for ev in data:
+      event = ev["Attribute"]
+      for attr in event:
+        if attr["type"] in cefmapping:
+          response += "{} host CEF:0|{}|{}|{}|{}|{}|{}|{}={}\n".format(
+                            datetime.datetime.fromtimestamp(int(attr["timestamp"])).strftime("%b %d %H:%M:%S"),
+                            config["Device_Vendor"],
+                            config["Device_Product"],
+                            config["Device_Version"],
+                            attr["category"],
+                            attr["category"],
+                            config["Default_Severity"],
+                            cefmapping[attr["type"]],
+                            attr["value"],
+                    )     
+                        
+    r = {"response":[], "data":str(base64.b64encode(bytes(response, 'utf-8')), 'utf-8')}
+    return r
+
+
+def introspection():
+  modulesetup = {}
+  try:
+        responseType
+        modulesetup['responseType'] = responseType
+  except NameError:
+      pass
+  try:
+      userConfig
+      modulesetup['userConfig'] = userConfig
+  except NameError:
+      pass
+  try:
+      outputFileExtension
+      modulesetup['outputFileExtension'] = outputFileExtension
+  except NameError:
+      pass
+  try:
+      inputSource
+      modulesetup['inputSource'] = inputSource
+  except NameError:
+      pass
+  return modulesetup
+
+def version():
+    moduleinfo['config'] = moduleconfig
+    return moduleinfo
+