MISP Install - 1 Million (+) Free IoCs in 10 Minutes!

Подписаться 19 тыс.

Просмотров 48 тыс.

50% 1

Join me as we continue on to Phase 10 of the World's Best SIEM Stack Series, installing our own Threat Intel Database using MISP!
BLOG POST: / part-10-misp-threat-intel
🚩 CTF Challenge: ctf.socfortres...
📩 Contact Me: taylor.walton@socfortress.co
ℹ️ LinkedIn: / socfortressmdr
🧾 Our Blog: / socfortress
☕ Buy Me A Coffee: bit.ly/3woh21M
🚀 Security Operations Center as a Service: www.socfortres...
✅ Free For Life Tier: www.socfortres...
👨🏻‍💻 Professional Services: www.socfortres...
👾 Discord Channel: / discord
Series Playlist: • World's Best SIEM Stack

Опубликовано:

13 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 34

@jackylam5365 Год назад

Hi, For "Scheduled Tasks", it need to start the "scheduler" work first. Navigate to "Administrator" -> "Server Settings & Maintenance" -> "Workers" tab and scroll down to "Worker type: scheduler". If no worker, just start a new worker. If it is "dead", kill it and start a new. This is let "Scheduled Tasks" works like schedule fetch feeds, etc. Remember to set "Frequency" to 1-24. Hope it helps

@vinyldown8490 Год назад

what an amazing series. Thanks

@Foxi352 Год назад

Great content, as is the whole series. I think there is no need to import the feed json. Clicking the "Load default feed metadata" button should do the same afaik.

@cyrilokonkwo3323 3 месяца назад

For some reason, I've been unable to actually start using MISP after deployment, because the documentation and training I've seen so far is just not usable for beginners. Is there any other training that can be leveraged?

@monkinsane 7 месяцев назад

Awesome man!! MISP docker container build failed for me for some reason. (Ubuntu 22.04) I just installed on base machine instead (no docker) - that worked perfectly. Thanx for the hard work on these tutorials. Fantastic content.

@Trabalhopbworks 7 месяцев назад

Can you help me?? Did you started with the oficial MISP documentation on github??

@monkinsane 7 месяцев назад

@@Trabalhopbworks RU-vid keeps deleting my reply to you. Yes I used the install script.

@monkinsane 7 месяцев назад

Just be aware that both Wazuh Dashboard and MISP uses the same port by default - you'll need to change one of them to a different one.

@praveenpatil6687 10 месяцев назад

Dear Taylor, could you please help me with the below questions, thank you 1.Once we deploy MISP as a stand-alone, Where to link MISP to monitor alerts? SIEM/SOAR or EDR , LDAP , AWS or any other? (In other words: If I deploy MISP in server, how does it look for threats in our environment, what logs does it to need to check, what should I link MISP to AWS? LDAP? Any other? To check all the machines) 2.Do MISP gather information from various OSINT tools and compare the risk/threat in our environment ?

@riyasachan8500 7 месяцев назад

I am using docker-compose pull then docker-compose up -d but web page is not accessible. I am using digital ocean . Please give your suggestions.

@batista98854 Год назад

Awesome. Thanks from India. Please make more videos on misp and hive 👍

@johnbaby3763 Месяц назад

Does this still works, if I follow the steps?

@syedkashif5604 17 дней назад

I'm making a home lab will let you know if it works :D or you can help me if you have done the installation?

@wispyara 9 месяцев назад

You explained how to get attributes and etc. from MISP, am I right?

@user-zc2hc3qn1g Год назад

Hey there great content, thanks for your efforts. Quick question: Downloaded MISP from GitHub as per your video on Linux box, decided to run Defender scan which triggered malware alerts on 6 files, 3 of which are in tests folder. Did you also face this issue? Wanted to know if this MISP app is safe for production usage Many thanks

@dakshkalucha5408 Год назад

docker build is taking very long for me. It has taken 1 hour and still counting..... Took 1.5 hours and 3GB internet data to complete :)

@BoltThrower321 8 месяцев назад

Don't use docker, simple as that.

@ServusChristi777 Год назад

Why when I have added the feeds am I only seeing events up to 2016? Are these providers not putting data anymore?

@amirsohail1704 Год назад

I am running the script from the root user, are not running the script. Why please help me

@amirsohail1704 Год назад

In Ubuntu machine 22.4

@aimanilyasa4365 Год назад

what CLI is he using?

@barryabrams6071 10 месяцев назад

Has anyone installed MISP Container on Docker using an AWS EC2 Instance loaded with Ubuntu Version 22.04? I have tried this with CoolAcid misp-docker and Harvard-itsecurity/docker-misp. I checked to ensure everything is installed, up, and running but I can't connect to the MISP Login Page with localhost, IP Address, or Port Number. I have noticed MySQL is not up and running. Should I edit this with a new IP or port number? If so, what file should I edit?

@monkinsane 7 месяцев назад

Mine wouldn't even build the docker for MISP on Ubuntu 22.04 I ended up installing it barebones on the machine via installer script from github (compiling from source) - maybe give that a try.

@Trabalhopbworks 7 месяцев назад

Can you explain better?? i am with version 22.04, How Can I start?? @@monkinsane