MISP WarningList
Connector Category: Enrichment Tool
About Integration
MISP WarningList is a list of well-known indicators that can be associated with potential false positives, errors, or mistakes.Intel Exchange integrates with the MISP WarningList platform to enrich URLs, Hash, IP, and domain.
Configure MISP WarningList as an Enrichment Tool
Configure MISP WarningList to enrich URLs, hashes, IPs, and domains.
Before you Start
Ensure you have the view, update, and create permissions for Enrichment Tools.
Steps
To configure MISP WarningList as an enrichment, follow these steps:
Sign in to Intel Exchange, and go to Administration > Enrichment Management > Enrichment Tools.
Search and select the MISP WarningList enrichment tool.
Click Add Account.
Enter the following details:
Account Name: Enter a unique account name to identify the instance. For example, MISP Enrichment.
Verify SSL: Select Verify SSL to verify the SSL certificate and secure the connection between the Intel Exchange and MISP WarningList servers. By default, Verify SSL is selected.
Note
We recommend you enable Verify SSL. If you disable this option, Intel Exchange may configure an instance for an expired SSL certificate. This may not establish the connection properly and Intel Exchange will not be able to notify you in case of a broken or improper connection.
Click Save.
After adding an account successfully, you can view and enable the URL, hash, and domain enrichment types. Additionally, you can configure Quota to restrict the number of enrichment requests sent from Intel Exchange to MISP WarningList. After the quota expires, you cannot make enrichment requests until the quota resets for the next quota duration. For more information, see Define Quota in Configure Enrichment Tools.
To understand the number of API calls and quota units consumed by the MISP WarningList enrichment tool per polling, refer to the following table:
Enrichment Tool | Feed Enrichment Type | No. of API calls | Quota Consumed |
---|---|---|---|
MISP WarningList | Retrieve MISP warning list | 1 | 1 |
Retrieve Hash Detail | 1 | 1 | |
Retrieve Domain Detail | 1 | 1 | |
Retrieve URL Detail | 1 | 1 | |
Retrieve IP Detail | 1 | 1 |
You can configure an enrichment policy to automatically enrich threat data objects using the MISP WarningList enrichment tool. For more information, see Configure Enrichment Policy.