Usage¶
To use OTX to MISP from the command line:
$ otx-misp --help
otx-misp¶
Downloads OTX pulses and add them to MISP.
usage: otx-misp [-h] [-o OTX] [-s SERVER] [-m MISP] [-t TIMESTAMP] [-c CONFIG]
[-w] [-a] [-u] [-n] [-d] [-v] [--no-tlp] [--discover-tags]
[--to-ids] [--distribution DISTRIBUTION]
[--threat-level THREAT_LEVEL] [--analysis ANALYSIS]
[--author-tag] [--bulk-tag BULK_TAG] [--dedup-titles]
[--stop-on-error]
-
-h
,
--help
¶
show this help message and exit
-
-o
<otx>
,
--otx
<otx>
¶ Alienvault OTX API key
-
-s
<server>
,
--server
<server>
¶ MISP server URL
-
-m
<misp>
,
--misp
<misp>
¶ MISP API key
-
-t
<timestamp>
,
--timestamp
<timestamp>
¶ Last import as Date/Time ISO format or UNIX timestamp
-
-c
<config>
,
--config-file
<config>
¶
-
-w
,
--write-config
¶
Write the configuration file
-
-a
,
--author
¶
Add the Pulse author name in the MISP Info field
-
-u
,
--update-timestamp
¶
Updates the timestamp in the configuaration file
-
-n
,
--no-publish
¶
Don’t publish the MISP event
-
-d
,
--dry-run
¶
Fetch the pulses but don’t create MISP events. Use -v[v] to see details.
-
-v
,
--verbose
¶
Verbosity, repeat to increase the verbosity level.
-
--no-tlp
¶
No Traffic Light Protocol tag
Discover tags to add to MISP events
-
--to-ids
¶
Mark IOCs as exportable to IDS
-
--distribution
<distribution>
¶ MISP distribution of events (organisation,community,connected,all), default: organisation
-
--threat-level
<threat_level>
¶ MISP threat level of events (high,medium,low,undefined), default: undefined
-
--analysis
<analysis>
¶ MISP analysis state of events (initial,ongoing,completed), default: completed
Add the pulse author as an event tag
-
--bulk-tag
<bulk_tag>
¶ Add a custom tag that will be added to all events (e.g. OTX)
-
--dedup-titles
¶
Search MISP for an existing event title and update it, rather than create a new one
-
--stop-on-error
¶
Stop import when an exception is raised
To use OTX to MISP in a project:
import otx_misp