search

MISP / MISP

MISP (core software) - Open Source Threat Intelligence and Sharing Platform
https://www.misp-project.org/
GNU Affero General Public License v3.0
5.33k stars 1.39k forks source link

Carbon Black feed #2666

Open dewiestr opened 6 years ago

dewiestr commented 6 years ago

Hi guys,

I would like to make a feature request regarding a commercial product like Carbon Black response. The idea would be based on cbfeeds ( https://github.com/carbonblack/cbfeeds ) to generate a MD5 list and domain based list that would be used by Carbon Black Response (HIPS). This would be identical as the suricata export for example.

Regards,

If you would like to report a bug, please fill the template bellow

Work environment

Questions Answers
Type of issue Bug, Question, Feature Request, support...
OS version (server) Debian, ubuntu, CentOS, RedHat, ...
OS version (client) XP, Seven, 10, Ubuntu, ...
PHP version 5.4, 5.5, 5.6, 7.0, 7.1...
MISP version / git hash 2.4.XX, hash of the commit
Browser If applicable

Expected behavior

Actual behavior

Steps to reproduce the behavior

Logs, screenshots, configuration dump, ...

dewiestr commented 5 years ago

It has been a while since this was open, but it Seems like ecrime did something already. https://github.com/eCrimeLabs/MISP2CbR/blob/master/MISP2CBR.py

It might be still be more useful to create a module out of it, wouldn't it ?