MISP

The Polarity - MISP integration(s) enable a user to have an immediate understanding of their threat landscape when looking at indicators. Polarity has two integrations with MISP, 1 that enables a user to see the threat information on indicators and one to bulk submit indicators to MISP, enabling security analysts across teams to contribute and gain immediate awareness. Polarity - MISP - provides context around indicators in MISP. Polarity -MISP IOC Submission - enables analysts to bulk submit IOCs to MISP.

View on github

MISP Solutions

Security Operations, Threat Hunting, Incident Response

Configuring MISP

This integration requires you to complete a few extra steps in order to use it.

In order to use the Polarity - MISP integrations, instance URL and an API Key are required.

Both MISP and the MISP IOC submission integrations require the same configuration options.

Configuration Options

Indicator Types - IPs, Emails, Hashes, Domains

Url - The URL for your MISP server which should include the schema (i.e., http, https) and port if required.

API Key - API Key for the provided user. To create an API key within MISP, please navigate settings and create a Polarity API account.

Enable Adding Tags - If selected, users can add tags to an event in MISP.

Enable Removing Tags - If selected, users can remove tags from an event in MISP.

Allow IOC Deletion - If selected, analysts running the IOC Submission integration can delete indicators from Threatstream.

Resources

Blog

Integrations

Community Tech Tuesday

Content Library

Compare Editions

Brand Assets

Company

Community Sign In

About us

Careers

Partners

Support

Submit a ticket

Email us
Polarity Logo

© 2020-2024 Polarity.io, Inc.

Privacy Policy