Support

Support for business applications

Kaspersky Threat Data Feeds
Kaspersky Threat Data Feeds
Knowledge Base
FAQ Forum Contact support Recovery tools Product videos
 
 

How to integrate Kaspersky Threat Data Feeds with Malware Information Sharing Platform (MISP) for Linux

Latest update: May 16, 2023 ID: 14787
 
 
 
 

Malware Information Sharing Platform (MISP) is an open-source software solution for analyzing threats and exchanging information. Kaspersky offers the two ways of integrating Kaspersky Threat Data Feeds with MISP: by using Kaspersky Threat Feed App for MISP version 1.x and version 2.x.

Both applications allow you to import and update Kaspersky Threat Data Feeds in a MISP instance.

 
 
 
 

Kaspersky Threat Feed App for MISP version 1.x

In case of Kaspersky Threat Feed App for MISP version 1.x, every feed is imported as a MISP event. Indicators from the feeds are added to events as attributes.

To integrate with MISP:

  1. Download Kaspersky Threat Feed App for MISP version 1.x (SHA256: 552c5706b5ae0827211d4457002d074cc51caf0c8dce67674a3ba5d2ba0f2f00).
  2. Follow the instructions in this article to install the package.
 
 
 
 

Kaspersky Threat Feed App for MISP version 2.x

Kaspersky Threat Feed App for MISP version 2.xhas the following features in comparison with Kaspersky Threat Feed App for MISP v1:

  • The application imports Kaspersky Threat Data Feeds using the Feeds feature of MISP by converting the feeds to MISP JSON format (Kaspersky Threat Feed for MISP version 1.x uses the API for importing feeds). Every record from Kaspersky Threat Data Feeds is imported as a MISP event.
  • This allows the users to correlate records based on their context (in Kaspersky Threat Feed for MISP version 1.x, MISP events include all records from every data feed).

Kaspersky Threat Feed App for MISP version 2.x is well suited for the analysis (looking for the relations between different indicators) of threat intelligence.

For obtaining better performance of initial and successive import, follow the recommendations on how to prepare and configure MISP in order to work with Kaspersky Threat Data Feeds.

To integrate with MISP:

  1. Download Kaspersky Threat Feed App for MISP version 2.x (SHA256: 0e50e394f74f770192b9d4bdf56c956076541b5324e56b208055517b64d57a37).
  2. Follow the instructions in this article to install the package.
 
 
 
 
 
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.