https://github.com/ecrimelabs/securityonion-ecrimelabs

Implementation of informaiton from MISP through the eCrimeLabs API and into SecurityOnion
https://github.com/ecrimelabs/securityonion-ecrimelabs

ecrimelabs misp securityonion

Last synced: about 2 months ago
JSON representation

Implementation of informaiton from MISP through the eCrimeLabs API and into SecurityOnion

• Host: GitHub
• URL: https://github.com/ecrimelabs/securityonion-ecrimelabs
• Owner: eCrimeLabs
• License: mit
• Created: 2018-09-01T07:17:02.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2018-09-11T18:05:51.000Z (over 6 years ago)
• Last Synced: 2024-08-03T17:12:12.867Z (5 months ago)
• Topics: ecrimelabs, misp, securityonion
• Language: Shell
• Size: 22.5 KB
• Stars: 7
• Watchers: 4
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-network-stuff - **4**星

README

        
# SecurityOnion-eCrimeLabs

Implementation of information from MISP through the eCrimeLabs API and into SecurityOnion

**Prerequisites:**

- Security Onion (installed,configured)

- eCrimeLabs Broker API access and API Key

- Download and Configure (on Master or Standalone)

**Clone the repo:**

```

git clone https://github.com/eCrimeLabs/securityonion-ecrimelabs

```

**Run the setup script:**

```

sudo bash securityonion-ecrimelabs/setup-ecrimelabs

```

**Update rules (if desired):**

```

/usr/sbin/download-ecrimelabs

sudo rule-update

```

**Confirm rules in place:**

```

cat /etc/nsm/rules/alert.ecrimelabs.rules

cat /etc/nsm/rules/incident.ecrimelabs.rules

```

**Confirm Bro Intel in place:**

```

cat /opt/bro/share/bro/intel/ecrimelabs-intel.dat

```

A cron job will run every 2 hours to download new NIDS rules and Intel.

------

Remember to modify **ecrimelabscfg**

The setup will allways pull the incident feed, and here from it is up to the individual

implementation on what other feeds will be extracted.