Is there an easy way to get threal intel from MISP into IDR? I’m very new to MISP so still trying to work my way around it and figure out the best way to use the data it provides.
ICON has a Plugin that can do this for you.
We are currently implementing MISP and we are using ICON to manage it across multiple applications that do not have a native integration
Thank you for the response, I am an ICON customer. Can this be setup to say once a day download the latest IPs, Hashes, Domains and create a community threat in IDR? That way I’ll be alerted on any activity. I typically don’t add threat intel direct to block lists.
yes, that is what we do because IOCs don’t change that frequent. You would use a timer trigger set to once a day at the ## hour.
I am not an IDR customer, but I have read that IDR does have ICON use (there was a recent thread about this)