A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.

Connecting with MISP with LogicHub

1. Navigate to Automations > Integrations.
2. Search for MISP.
3. Click Details, then the + icon. Enter the required information in the following fields.
   • Label: Enter a connection name.
   • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
   • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
   • Remote Agent: Run this integration using the LogicHub Remote Agent.
   • Server URL: MISP Server URL.
   • API Key: The API key to connect to the MISP.
4. After you've entered all the details, click Connect.

Actions for MISP

Full Text Search

Perform a full text search on MISP.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Output

A JSON object containing multiple rows of result:

• has_error: True/False
• error: message/null

{
   "has_error": true,
   "error": "Search string is empty."
}

Release Notes

• v2.0.0 - Updated architecture to support IO via filesystem
• v1.0.8 - Added documentation link in the automation library.