Closed zero77 closed 2 years ago
stamparm
commented
2 years ago automatic integration of MISP into Maltrail would not be a smart thing to do. i've used different MISPs in course of many years. amount of garbage inside is astonishing. project itself (MISP) is awesome, but the quality of stuff inside is borderline useful for automatic usage inside the IPS/IDS systems
zero77
commented
2 years ago Yes i think automatic blocking with MISP could end badly. Though, for alerting only it's a really good place to start, could it not be integrated and allow people to alert only.
adulau
commented
1 year ago I think the best would be to import with filtering from a MISP instance (and the level of quality depends of the community running the instance):
Importing with filtering would be interesting for maltrail users.
MikhailKasimov
commented
4 months ago Importing with filtering would be interesting for maltrail users.
Hello!
Looking on the list: https://www.misp-project.org/feeds/ , there is one simple question: why not to go in reverse direction and add, vice versa, Maltrail's domains black list into MISP?
Maltrail's domains black list aggregates domains from all /static/malware/* databases + from /static/malicious/magentocore.txt (database of Magecart-related domains).
Format: plain text: https://raw.githubusercontent.com/stamparm/aux/master/maltrail-malware-domains.txt
MISP Threat Sharing is an open source threat intelligence platform.
Could you please add support for MiSP Integration as it provides over a hundred sources of IOC and threat intel around each ioc. I think that adding MiSP Integration could really improve the detection and reporting capabilities of maltrail.
Website: https://www.misp-project.org/ Git: https://github.com/MISP/MISP
API Text Export Document: https://misp.gitbooks.io/misp-book/content/automation/#text-export= Full API Document: https://misp.gitbooks.io/misp-book/content/automation/