Skip to content

Latest commit

 

History

History

grouping

Folders and files

NameName
Last commit message
Last commit date

parent directory

..

data-processing @ 401c063

data-processing @ 401c063

 
 

misp-galaxy @ f708bb1

misp-galaxy @ f708bb1

 
 

ssdc @ 9ac58fc

ssdc @ 9ac58fc

 
 

static

static

 
 

templates

templates

 
 

README.md

README.md

 
 

auto_group.py

auto_group.py

 
 

config.default.py

config.default.py

 
 

connector.py

connector.py

 
 

fti.py

fti.py

 
 

pecorrelator.py

pecorrelator.py

 
 

requirements.txt

requirements.txt

 
 

ssdeep_processing.py

ssdeep_processing.py

 
 

update_thirdparty.sh

update_thirdparty.sh

 
 

website.py

website.py

 
 

README.md

Group events

Implementation

Use the full content of the MISP MySQL database and helps the analyst to group the events by adversaries, tools, and any other caracteristics the analyst wants.

Requirements

  • sudo apt-get install python-dev libfuzzy-dev
  • access to the redis database created by backend/make_snapshot.py
  • python packages: pip install -r requirements.txt

Setup webservice to query the database

  • Configure the connection to redis in config.py:
redis_socket = '<path to the redis socket>'
  • Run a redis server listening on the socket you defined in the config file
  • Run update_thirdparty.sh
  • Run website.py

Optional

In order to pre-group the events, you'll need to go the following:

  1. Fetch the misp-galaxy
    • git submodule init
    • git submodule update
  2. Index MISP database: fti.py
  3. Group the event: auto_group.py