[MISP JSON Feeds] Create the connector

[ckane]

Use case

There are a lot of communities that publish MISP feeds as folders containing multiple JSON events, which contain the MISP event & attribute data. It is a potentially much faster alternative to the MISP connector, for OpenCTI users that don't already maintain a MISP instance.

Current Workaround

Stand up dedicated MISP instance, and use MISP connector - which is slow, especially for large events.

Proposed Solution

Create a new connector that can ingest the JSON feeds directly, and bypass a dedicated MISP instance. The connector should be able to support authenticated (if that exists in the MISP ecosystem) and unauthenticated feeds.

Additional Information

Example feed: https://www.botvrij.eu/data/feed-osint/

Documentation / specification: https://github.com/MISP/MISP-rfc, https://www.misp-project.org/feeds/, https://github.com/MISP/misp-rfc/blob/master/misp-core-format/raw.md.txt

If the feature request is approved, would you be willing to submit a PR?

I would but I don't have any code for this right now

[ThisIsNotTheUserYouAreLookingFor]

@SamuelHassine would I be right to assume that using this https://github.com/OpenCTI-Platform/connectors/blob/master/internal-import-file/import-file-stix/src/import-file-stix.py importer on anything I would enumerate from the index would work? Willing to give it a go in a PR if you can use the help :)