misp42splunk
misp42splunk copied to clipboard
remg427
A Splunk app to use MISP in background
MISP42
Dear Rami, we are having problems with connecting MISP42 and Splunk. After putting data in configuration tab (misp istance, misp url, misp api key) we still cannot see MISP istance...
Related to #249 , I tried creating the attributes directly using this: ``` | mispsight misp_instance=MISP_Feed field=src_ip | search NOT misp_value=* | makejson first_seen,type,category,value,to_ids output=json_request | misprest misp_instance=MISP_Feed method="POST" target="/attributes/add/999999"...
Hi @remg427 , When I read the documentation about warning list it says: **"By default MISP will only trigger hits for warninglists if the attribute IDS flag is set. This...
Hello, I would like to ask a question, however I'm not sure if is more related to Splunk or misp42 app. We succesfully connected MISP > splunk42splunk application > splunk,...
the restsearch API supports filtering events by org and that could and should be a native feature in the Splunk app
We have confirmed connectivity of this app to our MISP instance, using command: **| mispcollect misp_instance=Preprod eventid="81" endpoint="events"** We however try to run the command below: **index=* src=* | regex...
Hello, I am getting this error while trying to get IOCs from my misp instance to splunk: [MC503] DEBUG urlib3 POST request failed error=: Failed to establish a new connection:...
Hello, First of all many thanks for this tool, It has really help me to make the interconnection between MISP and Splunk, I was wondering if is there any reason...
Hello team, I managed to sent sightings from Splunk to MISP (both by attribute uuid and by value). But when updating sighting by value, also all attributes with zero ("0")...
Hi, The 'last' field is deprecated in MISP. The right parameter tu use is timestamp, using the last field, the request take a lot longuer than expected and can generate...
