Data Collection through External Sources
Data Collection through External Sources
In MISP, you can add your own organization, create and manage users, and access
the Events page to view, share, and analyze threat intelligence. This helps
organizations collaborate effectively and improve threat detection.
We can list events and also add new events.
A.Navya Sri IMF202501DUSI66 Lab-8 (Roll No:49)
By clicking Sync Actions, we can access the Feeds. In feeds, we can list the
available feeds and also add the new feeds.
By clicking on the fields, we have to enable the fields if they are not enabled.
In jobs, we can see the progress of the feeds to collect threat intelligence.
We can find information about many events like the threat actor, their attack pattern,
their tags and also their TTP’s, etc.
A.Navya Sri IMF202501DUSI66 Lab-8 (Roll No:49)
We can also see that the number of feeds also will be increased.
MISP enables efficient IOC data collection, allowing organizations to gather, share,
and analyze threat intelligence collaboratively. By leveraging structured data and
automated feeds, MISP enhances threat detection and response, strengthening
overall cybersecurity defenses.
Now to do IOC collection in AlienVault OTX, we have to write a python file with the
help of pentestgpt or claude.ai.
To create a python file, give the command as follows.
A.Navya Sri IMF202501DUSI66 Lab-8 (Roll No:49)
And for pulse ID, we will give the details of following pulse.
A.Navya Sri IMF202501DUSI66 Lab-8 (Roll No:49)
We can also use cronjobs to schedule tasks to run this file by following commands.
This following command is used to view the cronjob that we created.
A.Navya Sri IMF202501DUSI66 Lab-8 (Roll No:49)
In this way, we collected information like IP address from a pulse using a python
script. We can also collect information from more than one pulse at a time.