Loginsoft, a leading cyber engineering services company has integrated its partner’s feed with MISP Open Source software for Threat Information sharing.
The Malware Information Sharing Platform (MISP) is an open source repository for sharing, storing and correlating Indicators of Compromises of targeted attacks. This integration allows organization’s security analysts to search for event attributes (files, IPs, hash, malware, URLs, etc.) in MISP from Threat Intelligence sources.
MISP users benefit from the collaborative knowledge about existing malware or threats. The aim of this trusted platform is to help improving the counter-measures used against targeted attacks and set-up preventive actions and detection.
MISP Integration includes:
- Query Cyber Threat Intelligence source using Third Party API
- Feed response is converted into MISP Events (JSON format files) that are stored either on a Local Web Server or in the Cloud
- MISP Events can be imported into MISP platform in two ways:
- Using MISP Instances Synchronization
- Using Feeds that are configured in the MISP platform
- Scheduler is used to automate importing of events into MISP platform at a scheduled time
Python v3.8 is used for the integration.
High Level Design for Integration:
List of events imported into MISP Platform:
Sample Event with Attributes:
About Loginsoft
For over 20 years, leading companies in Telecom, Cybersecurity, Healthcare, Banking, New Media, and more have come to rely on Loginsoft as a trusted resource for technology talent. From startups, to product and enterprises rely on our services. Whether Onsite, Offsite, or Offshore, we deliver. With a track record of successful partnerships with leading technology companies globally, and specifically in the past 6 years with Cybersecurity product companies, Loginsoft offers a comprehensive range of security offerings, including Software Supply Chain, Vulnerability Management, Threat Intelligence, Cloud Security, Cybersecurity Platform Integrations, creating content packs for Cloud SIEM, Logs onboarding and more. Our commitment to innovation and expertise has positioned us as a trusted player in the cybersecurity space. Loginsoft continues to provide traditional IT services which include Software development & Support, QA automation, Data Science & AI, etc.
Expertise in Integrations with Threat Intelligence and Security Products: Built more than 250+ integrations with leading TIP, SIEM, SOAR, and Ticketing Platforms such as Cortex XSOAR, Anomali, ThreatQ, Splunk, IBM QRadar & Resilient, Microsoft Azure Sentinel, ServiceNow, Swimlane, Siemplify, MISP, Maltego, Cryptocurrency Digital Exchange Platforms, CISCO, Datadog, Symantec, Carbonblack, F5, Fortinet, and so on. Loginsoft is a partner with industry leading technology vendors Palo Alto, Splunk, Elastic, IBM Security, etc.
In addition, Loginsoft offers Research as a service: We're more than just experts in cybersecurity; we're your accredited in-house research team focused on unraveling the complexities of cybersecurity and future technologies. From Application Security to Threat Research, our seasoned professionals have cultivated expertise in every facet of the field. We've earned the trust of over 20 security platform companies, who count on our research and analysis to strengthen their cybersecurity solutions.
Interested to learn more? Let’s start a conversation.
