intelmq icon indicating copy to clipboard operation
intelmq copied to clipboard
verified publisher icon certtools

(wish-list): MISP to intelmq exporter

Open aaronkaplan opened this issue 2 months ago • 2 comments

(currently in the MISP API workshop)

It would be great to use MISP as an input source. And for MISP there are exporters which can send data somewhere. So, for this it could emit IDF JSON essentially based on a a MISP RestSearch/ API call.

This could allow us to filter (with the MISP RestSearch/ API call) for specific things and export only those as a feed to IntelMQ.

Build on top of the pihole script example from @iglocska from the workshop. Yay!

aaronkaplan avatar Oct 24 '25 09:10 aaronkaplan

There is already a MISP collector: https://docs.intelmq.org/latest/user/bots/#misp-generic

sebix avatar Oct 24 '25 09:10 sebix

I know . But I was more talking about using the "misp exporter" to pre-convert to IDF and then this becomes way simpler.

aaronkaplan avatar Oct 24 '25 09:10 aaronkaplan