-
Notifications
You must be signed in to change notification settings - Fork 1
4. Post Setup
chackco edited this page Feb 22, 2021
·
1 revision
- Click main menu [Event Actions] > [Add Events]
- Type in Event Info and click "Submit"
If you have SHA-1 hash to test add it to MISP web console
- Click left menu [Add Attribute]
- Click (choose one) under Category change it to "Payload delivery"
- Click Combobox under Type change it to "sha1"
- Paste SHA-1 hash value of malware and click "Submit"
If you have SHA256 hash to test, add it to MISP web console
- click left menu [Add Attribute]
- Click (choose one) under Category change it to "Payload delivery"
- Click Combobox under Type change it to "sha256"
- Paste SHA256 hash value of malware and click "Submit"
You need to publish these hash before we can sync up to Trend Micro
- Click left menu [Publish Event]
- Click on "Yes"
- Run test to see result
sudo /home/misp/tm-api.sh
- verify in Apex Central web console main menu > [Threat Intel] > [Custom Intelligence]
- See tab "User-Defined Suspicious Object"
- You should see line that has source from TM-MISP
- You can change action and expire date in Apex Central sub menu
- Check result from https://MISP_IP/tm-misp.php
Figure 1: TM-MISP Web UI
- done!
[ TM-MISP Project ]