MISP (Malware Information Sharing Platform) Setup

MISP feeds

How to Set Up a MISP VM

  1. Download a MISP VM.
  2. Start the VM.
  3. In a browser on your host machine, open https://localhost:8443. Ignore the certificate warning (MISP uses a self-signed certificate).
  4. Log in with the default username admin@admin.test and password admin. When prompted, change the password.
  5. Click Edit My Profile and change email address if you want to receive emails for the default admin account.
  6. Click Sync Actions > List Feeds. Click Load default feed metadata.
  7. Check the boxes for any feeds you want to enable, then click Enable selected.
  8. Click Fetch and store all feed data.
  9. Click Administration > Jobs and ensure the fetch_feed job succeeded. If it didn’t, check the error log at /var/log/apache2/misp.local_error.log. When I first tried, mine failed because my VM lost Internet connectivity when I changed networks and enabled the VPN on my host.
  10. Click Administration > Add User and create a non-admin user account for your regular use of MISP.
  11. Log out, then log back in as the new user.
  12. You’ll see the Home page, which shows events.

Additional Resources

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Chad Warner

Chad Warner

Cyber threat intelligence (CTI), cybersecurity, & privacy enthusiast. Seeking a CTI job. Bookworm. Fan of Tolkien & LEGO.