This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

How I can ingest MISP data to chronicle for enrichment

Posted on 04-11-2023 01:09 AM
Antonino_La2
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi everyone, I was wondering how I can ingest MISP data to chronicle for enrichment. I would like to ingest the data with a forwarder that I use to ingest other data already. My question is: how I should define the collector section of my configuration file?

0 3 627
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
Tomtomfridman
Staff
Reply posted on --/--/---- --:-- AM

This comment was originally sent by Gal Polak
Hi @Antonino_La2 have you seen this post? https://secopscommunity.com/discussion/515/can-i-integrate-chronicle-siem-with-misp-or-a-similar-pla...

You might find it helpful.

0 Likes

Posted on --/--/---- --:-- AM
Antonino_La2
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi @Tomtomfridman I've read that post already but I can't find anything about how to send MISP data to the forwarder. How I should write the collector section for MISP data?

0 Likes

Posted on --/--/---- --:-- AM
pigram86
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Could always send MISP to OpenCTI, then use the OpenCTI STIX.

0 Likes