Skip to content

McHughSecurity

  • Home
  • Blog
  • Security Operations
  • DFIR
    • Reverse Engineering
      • Dynamic Analysis
      • Static Analysis
  • Vuln. Mgmt
  • Intelligence
    • Open-Source Intelligence
    • Threat Intelligence
      • AIL Framework
      • MISP – Open Source Threat Intelligence Platform
      • OpenCTI
  • Threat Modelling
    • Attack Libraries
    • Attack Trees
    • Mitigating Techniques
    • SaaS Threat Modelling
    • Threat Models
    • Tools
    • Validating Threat Mitigations
  • Toggle search form
  • [Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise Build
  • Building CCCS’ AssemblyLine for Static Analysis Static Analysis
  • What is Cyber Threat Intelligence? Blog
  • Loading Windows Event Logs to Elasticsearch Digital Forensics & Incident Response
  • Cuckoo Dynamic Malware Analysis Digital Forensics & Incident Response
  • [Part 2] Building a Threat Integration and Testing Lab – Elastic Cloud Enterprise (On-Premises) Build
  • TheHive 4.1.0 Deployment and Integration with MISP Build
  • External Analysis with VirusTotal Digital Forensics & Incident Response

Tag: #misp

Deploying MISP on DigitalOcean or Vultr Cloud Hosting

Posted on July 31, 2021April 16, 2022 By A.McHugh No Comments on Deploying MISP on DigitalOcean or Vultr Cloud Hosting

I have found myself deploying MISP on very small instances lately, mostly to function as a clearinghouse for intelligence I have been generating. So it begs the question – Does MISP run in DigitalOcean or Vultr hosting?

Read More “Deploying MISP on DigitalOcean or Vultr Cloud Hosting” »

Frameworks

Using MISP in an air-gapped environment

Posted on March 20, 2021 By A.McHugh No Comments on Using MISP in an air-gapped environment

MISP works really well in an internet connected environment in gathering and creating correlations. However, in air-gapped environments the ability to query MISP for indicators is still incredibly useful, except that an air-gapped environment doesn’t ordinarilly have an Internet connection.

In this article I describe how MISP may be used in an Internet denied environment by leveraging off an existing Internet-connected instance.

Read More “Using MISP in an air-gapped environment” »

Design, MISP - Open Source Threat Intelligence Platform

TheHive 4.1.0 Deployment and Integration with MISP

Posted on March 20, 2021 By A.McHugh 16 Comments on TheHive 4.1.0 Deployment and Integration with MISP
  1. Deploying (and using) TheHive4 [Part 1]
  2. Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.
  3. Building the Assemblyline Analyzer for TheHive’s Cortex.
  4. TheHive 4.1.0 Deployment and Integration with MISP

Every few months, StrangeBee puts out an update to TheHive (Security Incident Response Platform). This month they have added Elasticsearch as an index engine to alleviate issues with using Cassandra, and they have integrated support for MISP galaxies as well!

Now Incident Responders using TheHive can export IOCs and Galaxy assignment directly from TheHive to MISP.

Read More “TheHive 4.1.0 Deployment and Integration with MISP” »

Build, Digital Forensics & Incident Response

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Search

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Archives

  • April 2022
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • September 2020
  • April 2020
  • March 2020
  • January 2020
  • May 2019
  • Auto-updating Ubuntu 20.04 in less than 2 minutes Operate
  • [Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform Build
  • Deploying (and using) TheHive4 [Part 1] Build
  • [Part 2] Building a Threat Integration and Testing Lab – Elastic Cloud Enterprise (On-Premises) Build
  • Exporting Maltego Graphs to MISP Intelligence
  • Building Structured Threat Intelligence (STIX) from FBI notices MISP - Open Source Threat Intelligence Platform
  • TraceLabs Missing Persons 11th of April 2020 Open-Source Intelligence
  • What is Cyber Threat Intelligence? Blog

Categories

  • AIL Framework
  • Blog
  • Build
  • Design
  • Digital Forensics & Incident Response
  • Frameworks
  • Intelligence
  • MISP – Open Source Threat Intelligence Platform
  • Open-Source Intelligence
  • Operate
  • Security Operations
  • Static Analysis
  • Threat Intelligence

Copyright © 2022 McHughSecurity.

Powered by PressBook News Dark theme