Skip to content

weslambert/securityonion-misp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
mispcfg
mispcfg
 
 
so-misp-configure
so-misp-configure
 
 
so-misp-download
so-misp-download
 
 
so-misp-setup
so-misp-setup
 
 

Repository files navigation

securityonion-misp

Grab NIDS rules and Zeek Intel generated from a MISP instance and use them in Security Onion:
See: https://www.circl.lu/doc/misp/automation/#nids-rules-export

Prerequisites:

  • Security Onion (installed,configured)
  • MISP Instance and API Key

Download and Configure (on Master or Standalone)

  • Clone the repo:
    git clone https://github.com/weslambert/securityonion-misp
  • Run the setup script:
    sudo securityonion-misp/so-misp-setup
  • Update rules (if desired):
    sudo so-rule-update
  • Confirm rules in place:
    grep -i misp /opt/so/rules/nids/all.rules
  • Confirm Zeek Intel in place:
    cat /opt/so/conf/zeek/policy/intel/misp-intel.dat

A cron job will run every morning at 6:01AM to download new NIDS rules and Intel.

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

34 stars

Watchers

10 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages