MISP reporter for the Karton framework
Project description
karton-misp-pusher
Listens for new samples in the karton pipeline and uploads them to MISP.
Configs are parsed using the mwdb-iocextract project. This means, that we operate on a higher level than raw JSON configs, and makes it possible to correlate different samples and campaigns (for example, by the used crypto material).
Author: CERT.pl
Maintainers: nazywam
Consumes:
{
"type": "config",
}
Result:
Usage
First of all, make sure you have setup the core system: https://github.com/CERT-Polska/karton. More info here.
Then install karton-misp-pusher from PyPi:
$ pip install karton-misp-pusher
$ karton-misp-pusher --misp-url https://misp.url --misp-key SECRET123
You can also add optional xrefs to mwdb with --mwdb-url
, or skip MISP
verification with --misp-insecure
. For more options see --help
.
Adding Galaxy clusters relationship
It's possible to link new events to existing MISP Galaxy clusters using a mapping file.
The mapping file is a simple JSON document that assings a cluster UUID for each malware family in your ecosystem.
An example using the Malpedia MISP Galaxy would be:
{
"404keylogger": "6b87fada-86b3-449d-826d-a89858121b68",
"agenttesla": "b88e29cf-79d9-42bc-b369-0383b5e04380",
"amadey": "77f2c81f-be07-475a-8d77-f59b4847f696"
}
A value can be null, in which case configs of that family will be silently ignored instead of raising an error. This is useful if you want to ignore configs of a particular family.
With that ready you can then launch the karton service with the --galaxy-clusters-mapping
argument pointing to the file.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for karton_misp_pusher-1.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 385e35acf743f020897c0d608a233b066fee6d0f30dfe6380a601121daf2c738 |
|
MD5 | 8909d4efd6643d39c0bc9c419c241a04 |
|
BLAKE2b-256 | d36b7670a3823282309f7d44bcbae88cf176c5781ab77cc36b6a4d137f595698 |