Check out https://github.com/tylabs/dovehawk dovehawk to integrate misp with zeek directly and handle content signatures in addition to indicators
Threat Bus: a real-time pub/sub broker to get intelligence/indicators from @MISPProject and feed your @Zeekurity in real-time & get sightings from your NIDS to MISP. A clever way to connect efficiently open source security tools. Thanks to @tenzir_company https://github.com/tenzir/threatbus …pic.twitter.com/vn25bMPix8
-
-
- Još 2 druga odgovora
Novi razgovor -
-
-
Thanks for shoutout! Now we don’t have to announce the project
. It’s still in early alpha but we are developing this based on needs in a SOC that relies predominantly on OSS. SightingDB for intel backpropagation to @MISPProject is on our roadmap. -
We soon need to pick
@inliniac’s brain soon on how to add@Suricata_IDS support. We thought about datasets, but ideally have something that is sub-linear in space to the amount of intel to match. (Cuckoo, Vacuum, XOR filters, etc.) The@Zeekurity plugin has still the same issue.
Kraj razgovora
Novi razgovor -
-
-
Awesome stuff from
@Zeekurity - when you don't want to just burn your money on a taxii, be more clever and just ride the Threat Bus! -
UBER joke
- Još 2 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.