MISP is a threat intelligence platform for gathering, sharing, storing, and correlating indicators of compromise of targeted attacks, threat intelligence, financial fraud information, and vulnerability information.
It can be configured to ingest MISP-formatted data feeds. To ingest the data provided by Malware Patrol following these steps:
1) In the customer portal or evaluation portal, search for the feed of interest. Once you find it, look for the MISP compatible data feed link. Right-click on it and choose Copy link location.
2) Open your MISP instance and click on Sync Actions / List Feeds.
3) On the left menu, click Add Feed.
4) Fill the field Name as Malware Patrol “_data_feed_name_ (for example Malware Patrol C2s)”. On Provider put Malware Patrol. Choose Network on Input Source.
5) The field URL should contain the link location you have copied from the customer portal or evaluation portal.
6) On Source Format, choose MISP Feed.
7) Click on Add Basic Auth and complete the fields with your Username and Password for the customer portal or evaluation portal. Then click on Add Basic Auth Header.
8) Adjust Distribution, Default Tag and Filter rules appropriately for your environment.
9) Click Add.
10) Back to the list of feeds, select the Malware Patrol data feed and click Enable selected.
11) Still in the list of feeds, for the Malware Patrol data feed, click in the last icon on the right named Download. Your MISP instance will download the current feed file, parse them and add to your instance.
Malware Patrol also provides data feeds via MISP server synchronization. Please contact your account manager for details.
If you encounter any difficulties during the configuration process, feel free to contact our tech support at support (@) malwarepatrol.net
Configuration guides for other systems can be found on our Tech Support page.
Share this post: