Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

XSOAR MISP - sync

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

XSOAR MISP - sync

L3 Networker

Hi,
Does anyone have a #Cortex XSOAR sync with a MISP server (bidirectional sync)?

I have two objectives:

  1. I have several indicators on my XSOAR, and my goal is to upload these indicators to MISP (including adding the "XSOAR" tag).
  2. XSOAR should query MISP and update local indicators based on matches found in MISP.

Does anyone know if this is possible?
Is a playbook necessary for updates and synchronization?

Best regards
Tiago Marques
1 REPLY 1

L3 Networker

Hello,

 

Sadly I do not see we support mirroring for this integration so this will have to be through a job that runs every time the feed is updated or time based (#2) .

Then you could run the commands needed to update MISP with the information found on XSOAR. The MISP v3 integration has several commands that can add objects, events and attributes to MISP so that should assist in #1.

 

This would definitely have to be a custom playbook as we do not have any OOTB.

  • 660 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!