MISP is a threat intelligence platform for gathering, sharing, storing, and correlating indicators of compromise of targeted attacks, threat intelligence, financial fraud information, and vulnerability information.
It can be configured to ingest MISP-formatted data feeds. To ingest the data provided by Malware Patrol following these steps:
1) In the customer portal or evaluation portal, search for the feed of interest. Once you find it, look for the â€œMISP compatible data feedâ€ link. Right-click on it and choose â€œCopy link locationâ€.
2) Open your MISP instance and click on â€œSync Actions / List Feedsâ€.
3) On the left menu, click â€œAdd Feedâ€.
4) Fill the field â€œNameâ€ as â€œMalware Patrol â€“ _data_feed_name_â€ (for example Malware Patrol â€“ C2s). On â€œProviderâ€ put â€œMalware Patrolâ€. Choose â€œNetworkâ€ on â€œInput Sourceâ€.
5) The field â€œURLâ€ should contain the link location you have copied from the customer portal or evaluation portal.
6) On â€œSource Formatâ€, choose â€œMISP Feedâ€.
7) Click on â€œAdd Basic Authâ€ and complete the fields with your â€œUsernameâ€ and â€œPasswordâ€ for the customer portal or evaluation portal. Then click on â€œAdd Basic Auth Headerâ€.
8) Adjust â€œDistributionâ€, â€œDefault Tagâ€ and â€œFilter rulesâ€ appropriately for your environment.
9) Click â€œAddâ€.
10) Back to the list of feeds, select the Malware Patrol data feed and click â€œEnable selectedâ€.
11) Still in the list of feeds, for the Malware Patrol data feed, click in the last icon on the right named â€œDownloadâ€. Your MISP instance will download the current feed file, parse them and add to your instance.
Malware Patrol also provides data feeds via MISP server synchronization. Please contact your account manager for details.
If you encounter any difficulties during the configuration process, feel free to contact our tech support at support (@) malwarepatrol.net
Configuration guides for other systems can be found on our Tech Support page.