misp.py

[nobbyhegel]

Hi, I'm having issues with the misp.py reporting module in cuckoo. Essentially I've a misp server running and I can't seem to generate any input from my cuckoo box that entering into misp. I've placed misp.py in the reporting directory and I've enable [misp] in the reporting.conf file, where I've also entered the api key and url. I know my cuckoo is trying to contact the misp as the apace2 logs on the Misp web server show the following .

.7.6 Linux/3.19.0-25-generic" 192.168.2.49 - - [11/Jul/2016:13:16:25 +0100] "GET /servers/getVersion HTTP/1.1" 200 330 "-" "python-requests/2.2.1 CPython/2.7.6 Linux/3.19.0-25-generic" 192.168.2.49 - - [11/Jul/2016:13:16:26 +0100] "GET /attributes/describeTypes.json HTTP/1.1" 200 5131 "-" "python-requests/2.2.1 CPython/2.7.6 Linux/3.19.0-25-generic" 192.168.2.49 - - [11/Jul/2016:13:16:26 +0100] "POST /events/restSearch/download HTTP/1.1" 404 640 "-" "python-requests/2.2.1 CPython/2.7.6 Linux/3.19.0-25-generic" 192.168.2.49 - - [11/Jul/2016:13:16:27 +0100] "GET /servers/getVersion HTTP/1.1" 200 330 "-" "python-requests/2.2.1 CPython/2.7.6 Linux/3.19.0-25-generic"

Anybody got any ideas or how-to guides for MISP-Cuckoo integration.

reporting.conf

[misp] enabled = no apikey = yV4gAaOWvUFe ............ url = http://192.168.2.9/

[doomedraven]

Misp already in that folder, and you need to activate upload iocs option in reporting conf in misp section and also enable it ;)

[nobbyhegel]

Thanks for that - actually was enabled but ended up typing no into the example. I've looked for the correct syntax upload iocs option but can't seem to find it. Would you be able to provide me with correct syntax? Thanks again

[doomedraven]

@nobbyhegel https://github.com/spender-sandbox/cuckoo-modified/blob/master/conf/reporting.conf#L127 <- here you have it

[nobbyhegel]

that's great - worked. Thanks again for the help

[doomedraven]

Cool, then close issue ;)