Closed shimonmodi closed 1 year ago
Thanks @shimonmodi - can you clarify the MISP title change? Did you want to change the Filebeat module title to ensure users are aware it's a Filebeat module, but keep the agent integration name intact? For some reason, when you search for 'threat', the MISP filebeat module returns, but not the agent integration. Would love to figure that one out too.
@jamiehynds - thats correct. The only change is to the title of the MISP Filebeat module. The agent integration is accurately titled and doesn't need any change.
As for MISP filebeat module only showing up when searching for threat, the only reason I can think of is that a text search is being executed. MISTP Filebeat currently has threat intel logs
in the title, but MISP agent integration doesn't. When we update the description text it should show up.
Which means we will want to update the description text for MISP (the agent integration as well). I will update the check list to reflect that.
Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
I spoke with a user today, who didn't realise we have a MISP integration with agent, due to it not appearing within the integrations page under a 'threat intelligence' search.
On the overview page of the Security app, we have a link to enable TI sources:
This takes you to the integrations page, pre-populated with a search for "Threat Intelligence". MISP agent integration doesn't appear as it the description doesn't include "threat intelligence"
Closing as the task was completed.
Context: With the latest release of 8.1 there are multiple integration packages available for threat intelligence. We want to update the description for each threat intelligence integration package available in "Integrations" page in-product to be consistent and align with end user expectations.
Checklist: Update description for each integration package with the following:
Ingest threat intelligence indicators from URL Haus and Malware Bazaar feeds with Elastic Agent.
Ingest threat intelligence indicators from AlienVault Open Threat Exchange (OTX) with Elastic Agent.
Ingest threat intelligence indicators from Anomali with Elastic Agent.
Ingest threat intelligence indicators from Cybersixgill with Elastic Agent.
Ingest threat intelligence indicators from ThreatQuotient with Elastic Agent.
Ingest threat intelligence indicators from Recorded Future risk lists with Elastic Agent.
MISP (Filebeat)
. Change description toIngest threat intelligence indicators from MISP platform.
Ingest threat intelligence indicators from MISP platform with Elastic Agent.