MISP Threat Sharing
SCENARIO INFORMATION
DESCRIPTION:
This scenario serves as a guide on how to use the Malware Information Sharing Platform & Threat Sharing system.
Malware Information Sharing Platform & Threat Sharing lab covers the core usage of MISP system. The MISP software can be installed on a Linux operating system (preferred on Ubuntu OS) , In order to quickly start with the platform, there is a free virtual machine version available from CIRCL (Computer Incident Response Center Luxembourg). In this lab we will be working with CIRCL MISP virtual machine. The VM is installed with all the necessary components to startup with MISP. The following topics will be practiced in the lab session:
– Overview of MISP Web Interface.
– Events Management.
– Feeds Management.
– Search for events.
– Exporting events as IDS rules.
– Testing exported MISP IDS rules in Suricata.
OBJECTIVES AND OUTCOME:
After completing this scenario you will be able to :
– Use the MISP system.
PRE-REQUISITES:
In order to get the full benefit from this scenario, it is suggested that you have competence in the following area:
– Basic knowledge in Linux operating systems.
RECOMMENDED READING:
It is suggested that you consult with these recommended reading resources and pre-existing scenarios:
https://www.misp-project.org/documentation/
AUTHOR:
This scenario was created by Sathish Govindharajan.
