This is a Maltego MISP integration tool allowing you to view (read-only) data from a MISP instance.
It also allows browsing through the MITRE ATT&CK entities.
Currently supported MISP elements are : Event, Attribute, Object (incl relations), Tag, Taxonomy, Galaxy (incl relations).
Once installed you can start by creating a MISPEvent entity, then load the Machine EventToAll or the transform EventToAttributes.
Alternatively initiate a transform on an existing Maltego entity.
The currently supported entities are: AS, DNSName, Domain, EmailAddress, File, Hash, IPv4Address, NSRecord, Person, PhoneNumber, URL, Website
Also added functionality to upload attributes back to MISP. However, you need to add Property field "EventID" to all Maltego entities, that needs to be uploaded. This is due to the fact, that script needs to know to which Event the attributes should be uploaded.
Installation is fairly easy by using pip, just read the steps in the documentation.
The User Guide gives some example use-cases.
This software is licensed under GNU Affero General Public License version 3
- Copyright (C) 2018 Christophe Vandeplas
Note: Before being rewritten from scratch this project was maintained by Emmanuel Bouillon. The code is available in the v1 branch.
The logo is CC-BY-SA and was designed by Françoise Penninckx
The icons in the intelligence-icons folder are from intelligence-icons licensed CC-BY-SA - Françoise Penninckx, Brett Jordan