2. Automatic Update Guide

If you not use proxy , Run command to update TM-MISP to latest version

curl -L https://raw.githubusercontent.com/chackco/tm-misp/master/update.sh | sudo bash -s

If you use proxy , change to your proxy ip and port and Run this command to update TM-MISP to latest version, in example we use 10.1.1.1:8080 as sample proxy

curl -k -x 10.1.1.1:8080 -L https://raw.githubusercontent.com/chackco/tm-misp/master/update.sh | sudo bash -s 10.1.1.1:8080

Make sure you add new option in /var/www/MISP/PyMISP/examples/tmconfig.py

class CONFIG:
	pymisp_cmd_time = "1h"  # query PyMISP in time windows last 1 hour
	
	insert_mode = "manual"
	#insert_only_tm must be use with manual mode, this must be use with MISP custom tag TM-MISP
	insert_only_tm = "true" 
	
	# config for Apex Central integration
	use_url_base = 'https://8.8.8.8' 
	use_application_id = '7BB7B7E5-0000-1111-B9AE-7DD7E05941D6'
	use_api_key = '6549019E-0000-1111-ABA6-3F423AD418C5'  
	# Apex file_so action must be 'log' or 'block' or 'quarantine'
	use_action = 'log'
	
	# config for Deep Security
	# for Cloud One Workload security, ds_url_base = 'https://app.deepsecurity.trendmicro.com'
	ds_url_base = 'https://8.8.8.8:4119'
	ds_api_key = '2C0BF435-0000-1111-983B-4C2311F82DF3:nEaGaILarcAZLOrhMKkrX7SbfOuqtRkSIHC9wYlkY+I='

Add custom tag in MISP, if you need to use insert_only_tm mode

Figure 1: Add custom TAG in MISP

Make sure you add new option in /var/www/MISP/app/webroot/tmconfig.php

$vt_api_key="00000";
$ddd_url = "https://8.8.8.8/blu/urlshare.txt";

[ TM-MISP Project ]

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

2. Automatic Update Guide

Clone this wiki locally