Skip to main content

MISP Plugin

MISP hover plugin allows you to get knowledge from CrowdSec's CTI API upon hovering an IP in your MISP instance.

Installation

Setting up plugin server

The plugin is included in MISP's official plugin repo.

The development version can be found on crowdsec's fork.

Install the fork via by following instructions given here . Make sure to subsitute repository address as required.

Configure the plugin

Navigate to plugin settings page at http://<your_misp_address>/servers/serverSettings/Plugin
Click on Enrichment.
Set the value of Plugin.Enrichment_crowdsec_enabled to true
Set the value of Plugin.Enrichment_crowdsec_api_key to your CTI API key. See instructions to obtain it
Set the value of Plugin.Enrichment_crowdsec_api_version to "v2".

Done !

Usage

Simply click on hover button on any IP attribute.

MISP hover

Upon clicking the hover icon, you will see the enrichements on this IP obtained from CrowdSec's CTI.

MISP CrowdSec Hover

Installation
- Setting up plugin server
- Configure the plugin
Usage

CrowdSec Console

CrowdSec Console

This website uses cookies to help us improve. Click "accept" to allow us to continue using cookies.