MISP is a threat intelligence platform for gathering, sharing, storing, and correlating indicators of compromise of targeted attacks, threat intelligence, financial fraud information, and vulnerability information.
It can be configured to ingest MISP-formatted data feeds. To ingest the data provided by Malware Patrol following these steps:
1) In the customer portal or evaluation portal, search for the feed of interest. Once you find it, look for the “MISP compatible data feed†link. Right-click on it and choose “Copy link locationâ€.
2) Open your MISP instance and click on “Sync Actions / List Feedsâ€.
3) On the left menu, click “Add Feedâ€.
4) Fill the field “Name†as “Malware Patrol – _data_feed_name_†(for example Malware Patrol – C2s). On “Provider†put “Malware Patrolâ€. Choose “Network†on “Input Sourceâ€.
5) The field “URL†should contain the link location you have copied from the customer portal or evaluation portal.
6) On “Source Formatâ€, choose “MISP Feedâ€.
7) Click on “Add Basic Auth†and complete the fields with your “Username†and “Password†for the customer portal or evaluation portal. Then click on “Add Basic Auth Headerâ€.
8) Adjust “Distributionâ€, “Default Tag†and “Filter rules†appropriately for your environment.
9) Click “Addâ€.
10) Back to the list of feeds, select the Malware Patrol data feed and click “Enable selectedâ€.
11) Still in the list of feeds, for the Malware Patrol data feed, click in the last icon on the right named “Downloadâ€. Your MISP instance will download the current feed file, parse them and add to your instance.
Malware Patrol also provides data feeds via MISP server synchronization. Please contact your account manager for details.
If you encounter any difficulties during the configuration process, feel free to contact our tech support at support (@) malwarepatrol.net
Configuration guides for other systems can be found on our Tech Support page.
Share this post: