https://github.com/hazcod/mispsent

A tool that exports MISP threat intelligence attributes to Microsoft Sentinel SIEM.
https://github.com/hazcod/mispsent

misp sentinel siem ti

Last synced: 4 months ago
JSON representation

A tool that exports MISP threat intelligence attributes to Microsoft Sentinel SIEM.

• Host: GitHub
• URL: https://github.com/hazcod/mispsent
• Owner: hazcod
• Created: 2023-08-31T19:41:26.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2024-12-12T07:16:03.000Z (over 1 year ago)
• Last Synced: 2025-01-17T12:57:26.785Z (over 1 year ago)
• Topics: misp, sentinel, siem, ti
• Language: Go
• Homepage:
• Size: 48.8 KB
• Stars: 1
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

          
# mispsent

A tool that exports threat intelligence indicators from MISP and pushes these into Microsoft Sentinel SIEM.

## Configuration

Create a YAML configuration file with the required configuration, or specify environment variables:

```yaml

log:

  level: info

misp:

  base_url: https://misp.XXX.XXX/

  access_key: "XXX"

  days_to_fetch: 3

mssentinel:

  app_id: "XXX"

  secret_key: "XXX"

  tenant_id: "XXX"

  subscription_id: "XXX"

  resource_group: "XXX"

  workspace_name: "XXX"

  expires_months: 6

```

## Building

With `go` and `make` installed:

```shell

% make build

```

## Running

```shell

% make

```