Parameter

Description

--misp_url

URL or IP address at which the MISP instance is available.

If your MISP instance uses an SSL certificate to establish secure connections over HTTPS, then the URL must begin with the https:// protocol specifier. Otherwise, the converter will not be able to add, modify, or delete events and attributes in MISP during working with the MISP API.

The misp_url parameter is mandatory.

--auth_key

Key for gaining access to the MISP instance.

The auth_key parameter is mandatory.

--proxy

Proxy settings in the http://username:password@address:port format. This is the proxy server for gaining access to the MISP instance.

The proxy parameter is optional. If the parameter is not specified, no proxy server is used.

--feed_file

Path to the feed file to be initially imported. It can be an absolute or relative path. A relative path is calculated relative to the import_to_misp.py file. Only local paths are supported; SMB, FTP, or HTTP paths are not supported.

The feed_file parameter must be specified if the deleted_file and added_file parameters are not specified. Otherwise, it must not be specified.

--deleted_file

Path to the diff feed file that contains deleted records. It can be an absolute or relative path. A relative path is calculated relative to the import_to_misp.py file. Only local paths are supported; SMB, FTP, or HTTP paths are not supported.

The deleted_file parameter must be specified if the added_file parameter is specified. Otherwise, it must not be specified.

--added_file

Path to the diff file that contains added records. It can be an absolute or relative path. A relative path is calculated relative to the import_to_misp.py file. Only local paths are supported; SMB, FTP, or HTTP paths are not supported.

The added_file parameter must be specified if the deleted_file parameter is specified. Otherwise, it must not be specified.

--work_dir

Path to the working directory. It can be an absolute or relative path. A relative path is calculated relative to the import_to_misp.py file. Only local paths are supported; SMB, FTP, or HTTP paths are not supported.

To prevent the feed file from being overwritten with a temporary file, do not specify the directory containing the feed file (see the description of the feed_file parameter) in the work_dir parameter.

The work_dir parameter is mandatory.

--attributes_limit

Maximum number of attributes that a MISP event will contain. It must be a non-negative integer (0 means no limit). Section "Configuring Kaspersky Threat Feed App for MISP" contains recommendations on choosing the value of the attributes_limit parameter (by choosing the value of the RECORDS_COUNT parameter in the settings.py script).

The attributes_limit parameter is optional. If it is not specified, no limit for the number of attributes is set.

-nv

--no_verification

Disables the SSL certificate verification that is performed when connecting to a MISP instance by HTTPS.

Use this parameter if you use a self-signed certificate on your MISP instance. Otherwise, the converter will lack the capability to add, modify, or delete events and attributes in MISP during work with the MISP API.

This parameter is intended for evaluation purposes only. Using this parameter in a production environment may create security issues.