This guide provides instructions on how to activate the MISP connector within VirusTotal. Once activated, VirusTotal reports will display threat intelligence information about IoCs (Indicators of Compromise) sourced from the events found in your configured MISP instance.
Before you can begin the connector set up, ensure that you have the following prerequisites in place:
Access to MISP: You must have access to a running instance of MISP, either self-hosted or via a trusted organization.
API Key: Obtain an API key from your MISP instance. This key will be required for authentication during the integration setup.
Follow these steps to get the MISP API key:
Access to the MISP instance: Log in to the MISP instance.
Navigate to your user profile: If you don't find it navigate directly to the url
Add a new auth key: Under
Auth keysclick on the
+ Add authentication key.
Configure it: Leave the
Allowed IPsempty and mark the
Before you can view MISP events information in VirusTotal reports, you must set up the MISP connector and provide your API key. Follow these steps:
- Access the
Technology Integrationspage via the left menu and then click on the
Connectors (Third party to VT). This page serves as the hub for all your configured connectors.
Here you can perform different actions described in details in the
Manage the connector section.
Add a connector". A dialog will guide you through configuring the connector in two straightforward steps.
Select the MISP connector.
- Provide a name, the API key and the url of your MISP instance.
- Save the connector.
Once completed, all members of your group will have access to the MISP information in the IoC reports.
The user who adds the connector and the admins of the group to which it belongs, has the authority to edit or delete the connector.
Additionally, all users within your group can enable or disable the connector, this action affects individually to the user.
Once the MISP connector is configured, all members of your group will start seeing additional context in the reports.
For each IoC, you will receive, the MISP events ids and descriptions that contains the IoC, and the tags and the severity of each event.
This connector is officially suported by VirusTotal, please contact us if you have any question.
Updated about 1 month ago