iris-web icon indicating copy to clipboard operation
iris-web copied to clipboard

Published 20 hours ago verified publisher icon dfir-iris

[FR] OpenCTI-Integration

Open nhs28 opened this issue 2 years ago • 2 comments

Is your feature request related to a problem? Please describe. The MISP extension really helps during IR. Another cool integration would be the usage of the OpenCTI-API.

Describe the solution you'd like A module using the OpenCTI Python Client would help to ingest threat intelligence into IRIS cases.

nhs28 avatar Apr 19 '22 09:04 nhs28

Hello! First of all we plan to improve the MISP module, but the OpenCTI Python client seems pretty simple to use so we'll look into it. We are not really OpenCTI users so it would be of great help if you have any feedback or ideas on what specific objects/events would be interesting to implement on the IRIS module side.

Ektoplasma avatar Apr 19 '22 14:04 Ektoplasma

FWIW, we too are implementing Open-CTI across our incident response teams. Having the ability to enhance IOCs input into IRIS with our CTI platform would be very powerful.

biffboxx avatar Sep 15 '22 22:09 biffboxx

I think this is a great idea and hope it happens.

gru3zi avatar Nov 09 '22 12:11 gru3zi