One of the great aspects of MISP, is the use of tags to give an indication of what needs to be done with an indicator within an event. Whole events may be assigned tags, but in this article I am going to talk to marking specific indicators with a Course of Action which implies a response when / if that indicator as been encountered.
- Deploying (and using) TheHive4 [Part 1]
- Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.
- Building the Assemblyline Analyzer for TheHive’s Cortex.
- TheHive 4.1.0 Deployment and Integration with MISP
Since the last write up I published on TheHive, there have been some significant changes and updates to TheHive. So for this post I will be walking through the installation and deployment of TheHive4 (4.0.5) and the connection to MISP, Cortex and enabling Webhooks.
Lately I have been playing with having MISP be the Intelligence Sharing platform for a number of business intelligence functions. However, the main issue with MISP (from a user’s perspective) is the interface, and how a less technical person would generate information for the platform.
This is where pairing MISP and Maltego together goes really well, and even results in less technical people being able to generate technical data for incorporation into intelligence operations.