Installing Kaspersky Threat Feed App for MISP

This section explains how to install Kaspersky Threat Feed App for MISP.

To install Kaspersky Threat Feed App for MISP:

  1. Unpack the distribution kit to the desired directory.

    This directory is called %service_dir% in this document.

    We highly recommend that the utility be unpacked to and run from the home folder of the current user. This will prevent intentional or unintentional file changes that may be introduced by other users.

  2. Rename your certificate for downloading feeds to feeds.pem and copy it to the %service_dir%/feed_util subdirectory.
  3. Read the End User License Agreement (EULA). You can find the terms of the EULA in the %service_dir%/doc/EULA.txt file.

    If you agree to the terms of the EULA, proceed to the next step. If you do not agree to the terms of the EULA, cancel the installation.

  4. If you are going to use a proxy server to access Kaspersky servers to download feeds, run the following command once from the %service_dir%/feed_util subdirectory:

    kl_feed_util --set-proxy %PROXY% -c template.conf

    Here %PROXY% is the setting that specifies the proxy server parameters for accessing the Kaspersky servers.

  5. Open the %service_dir%/feed_util/template.conf file for editing.
  6. Accept the EULA by changing the value of the <EULA> element in the template.conf file to <EULA>accepted</EULA>.

    Kaspersky Feed Utility runs only if the EULA is accepted.

  7. Save and close the template.conf file.
  8. By default, the converted MISP-format feeds are saved to the %service_dir%/workdir directory. If you want to save them to a different directory, do the following:
    1. Open the %service_dir%/defs.py file for editing.
    2. Find the following line:

      WORK_DIR = os.path.join(BASE_DIR, 'workdir')

    3. In the WORK_DIR parameter, specify the path to the directory where you want to store MISP-format feeds.

      You can set WORK_DIR to an absolute path as follows:

      WORK_DIR = '%absolute_path%' (replace %absolute_path% with the absolute path to the directory).

    4. Save and close the %service_dir%/defs.py file.

      Make sure that the user account that runs the MISP instance has access rights to the WORK_DIR directory so that the MISP instance can download the converted feeds.

  9. Install the libraries listed in the requirements.txt file that are not present on the computer.

    Do this by running the following command:

    pip install -r %service_dir%/requirements.txt

    Depending on the configuration of your operating system, the Python package installer may use a different command to install modules. For example, pip3.

  10. Configure Kaspersky Threat Feed App for MISP by editing the %service_dir%/settings.py file.
  11. Run the first feed conversion process manually. For more information about running the converter from the command line, see the "Command-line parameters" section).

After the installation, you can load converted feeds into MISP and schedule feeds conversion by using the cron utility.

Page top