MISP

The MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. You can find more information about MISP here.

To integrate with MISP, it is necessary to have a pre-installed MISP instance.

Integrating MetaDefender Sandbox with MISP

To create an integration, navigate to the Admin panel.

Select "Settings" from the menu bar, and you'll find the MISP tab under Configuration.

Enter your MISP API key and MISP API URL, check the "MISP_ENABLED" checkbox, and then save the settings.

note that in order for Sandbox results to be added as events to MISP, the url format should be:

<MISP URL>/events/add

If everything is correct, click on the "Save" button.

If MISP integration is enabled, then Malicious and Likely Malicious results will be published.

If all settings are correct, events will appear in the MISP instance. For example:
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard

See the "Technical Datasheet" for a complete list of features: https://docs.opswat.com/filescan/datasheet/technical-datasheet

On This Page
MISPIntegrating MetaDefender Sandbox with MISP