Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hazcod/misp2sentinel

A Python integration that fetches Threat Intelligence from MISP and publishes it to Microsoft Sentinel SIEM.
https://github.com/hazcod/misp2sentinel

azure misp sentinel

Last synced: 3 months ago
JSON representation

A Python integration that fetches Threat Intelligence from MISP and publishes it to Microsoft Sentinel SIEM.

Host: GitHub
URL: https://github.com/hazcod/misp2sentinel
Owner: hazcod
License: apache-2.0
Created: 2022-12-02T13:31:37.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2024-02-08T04:29:54.000Z (12 months ago)
Last Synced: 2024-05-02T05:09:43.708Z (9 months ago)
Topics: azure, misp, sentinel
Language: Python
Homepage:
Size: 93.8 KB
Stars: 6
Watchers: 2
Forks: 0
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# MISP2Sentinel

A Python script that ingests alert telemetry from MISP and inserts it into Microsoft Sentinel via the Graph API.

It will use environment variables (see `dev.env` below) to connect to both.

## Usage

Example docker run:

```shell
# dev.env is the file as specified below which contains the configuration
% docker run --name=misp2sentinel -t --rm --env-file=dev.env --read-only --tmpfs=/data ghcr.io/hazcod/sentinel2misp/sentinel2misp:latest
```

## Build

With `make` and `docker` installed locally:

```shell
% make build
```

## Local development

First create a local development file called `dev.env`:

```env
MISP_EVENT_LIMIT=1
MISP_BASE_URL=https://
MISP_KEY=
MISP_EVENT_TIMEFRAME=7d

AZ_TENANT_ID=
AZ_MISP_CLIENT_ID=
AZ_MISP_CLIENT_SECRET=
AZ_SUBSCRIPTION=
AZ_SENTINEL_RG=
AZ_SENTINEL_WORKSPACE_NAME=
AZ_DAYS_TO_EXPIRE=
```

And now build & run the docker container:

```shell
% make
```