Skip to content
/ mispsent Public

A tool that exports MISP threat intelligence attributes to Microsoft Sentinel SIEM.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hazcod/mispsent

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
.github
.github
 
 
cmd
cmd
 
 
config
config
 
 
pkg
pkg
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

mispsent

A tool that exports threat intelligence indicators from MISP and pushes these into Microsoft Sentinel SIEM.

Configuration

Create a YAML configuration file with the required configuration, or specify environment variables:

log:
  level: info

misp:
  base_url: https://misp.XXX.XXX/
  access_key: "XXX"
  days_to_fetch: 3

mssentinel:
  app_id: "XXX"
  secret_key: "XXX"
  tenant_id: "XXX"
  subscription_id: "XXX"
  resource_group: "XXX"
  workspace_name: "XXX"
  expires_months: 6

Building

With go and make installed:

% make build

Running

% make

About

A tool that exports MISP threat intelligence attributes to Microsoft Sentinel SIEM.

Topics

sentinel siem misp ti

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases 16

v1.9.1 Latest
Aug 9, 2024
+ 15 releases

Packages

 
 
 

Contributors 2

  •  
  •  

Languages