MISP API

The MISP Platform is a very popular open source Threat Intelligence Management and sharing platform, IDSTower support importing IOCs stored in MISP via the MISP API, this guide explain how to add a MISP API feed to IDSTower.

To add a MISP API feed to IDSTower, please follow the below steps:

  1. Navigate to Settings->Feeds Tab->Add New Feed.

  2. Set the Feed Name and Feed url.

  3. If you MISP instance uses self-signed certificates, enable the “Ignore TLS Errors” option.

  4. Under type select “MISP API”.

  5. Under authentication, select “API Key” as authentication type.

  6. Enter the API Key for the MISP feed.

  7. Click on “Verify Connection”, in this step IDSTower will verify that both the URL and the authentication credentials provided are valid.

  8. Update the feed import settings if needed, then click on “Add Feed”.

  9. The feed is now added and the IOCs will be imported periodically to IDSTower and send to Suricata hosts, you can trigger the feed download immediately by clicking on “Update” on the feed section.

In the following video, you can see the steps to add a local MISP API feed to IDSTower:

../_images/add_MISP_API_feed_to_Suricata.gif