MISP is a threat intelligence platform for gathering, sharing, storing, and correlating indicators of compromise of targeted attacks, threat intelligence, financial fraud information, and vulnerability information.
It can be configured to ingest MISP-formatted data feeds. To ingest the data provided by Malware Patrol following these steps:
1) In the customer portal or evaluation portal, search for the feed of interest. Once you find it, look for the “MISP compatible data feed” link. Right-click on it and choose “Copy link location”.
2) Open your MISP instance and click on “Sync Actions / List Feeds”.
3) On the left menu, click “Add Feed”.
4) Fill the field “Name” as “Malware Patrol – _data_feed_name_” (for example Malware Patrol – C2s). On “Provider” put “Malware Patrol”. Choose “Network” on “Input Source”.
5) The field “URL” should contain the link location you have copied from the customer portal or evaluation portal.
6) On “Source Format”, choose “MISP Feed”.
7) Click on “Add Basic Auth” and complete the fields with your “Username” and “Password” for the customer portal or evaluation portal. Then click on “Add Basic Auth Header”.
8) Adjust “Distribution”, “Default Tag” and “Filter rules” appropriately for your environment.
9) Click “Add”.
10) Back to the list of feeds, select the Malware Patrol data feed and click “Enable selected”.
11) Still in the list of feeds, for the Malware Patrol data feed, click in the last icon on the right named “Download”. Your MISP instance will download the current feed file, parse them and add to your instance.
Malware Patrol also provides data feeds via MISP server synchronization. Please contact your account manager for details.
If you encounter any difficulties during the configuration process, feel free to contact our tech support at support (@) malwarepatrol.net
Configuration guides for other systems can be found on our Tech Support page.