Skip to content

4. Post Setup

chackco edited this page Feb 22, 2021 · 1 revision

Add UDSO to MISP

  • Click main menu [Event Actions] > [Add Events]
  • Type in Event Info and click "Submit"

If you have SHA-1 hash to test add it to MISP web console

  • Click left menu [Add Attribute]
  • Click (choose one) under Category change it to "Payload delivery"
  • Click Combobox under Type change it to "sha1"
  • Paste SHA-1 hash value of malware and click "Submit"

If you have SHA256 hash to test, add it to MISP web console

  • click left menu [Add Attribute]
  • Click (choose one) under Category change it to "Payload delivery"
  • Click Combobox under Type change it to "sha256"
  • Paste SHA256 hash value of malware and click "Submit"

Synchronize data

You need to publish these hash before we can sync up to Trend Micro

  • Click left menu [Publish Event]
  • Click on "Yes"
  • Run test to see result
sudo /home/misp/tm-api.sh
  • verify in Apex Central web console main menu > [Threat Intel] > [Custom Intelligence]
  • See tab "User-Defined Suspicious Object"
  • You should see line that has source from TM-MISP
  • You can change action and expire date in Apex Central sub menu
  • Check result from https://MISP_IP/tm-misp.php

tm-misp web ui
Figure 1: TM-MISP Web UI

  • done!
Clone this wiki locally