MISP integration

Nybble and MISP integration description.

MISP Automation API

Nybble use the MISP Automation API to search database for attributes.

The /attributes/restSearch function is used to query MISP and get JSON formatted results.

Parameters used by Nybble:

Name

Value

returnFormat

json

tags

Tags associated to event field (from MISP map).

type

Type associated to event field (from MISP map).

value

Value to enrich from event.

More information about MISP Automation API: https://misp.gitbooks.io/misp-book/content/automation/#restful-searches-with-json-result‚Äč

More information about MISP integration in Nybble configuration section.

MISP Mapping

MISP map file must be created and properly configured to enable enrichment.

The map file is used by Nybble to get and include the right parameters for each MISP API request.

More information about MISP map file in Nybble Mapping files configuration section.