2.6.2. MISP Server

The connection to a MISP server (Malware Information Sharing Platform) makes it possible to retrieve the Indices of Compromises in the form of detection rules.
After connecting to a MISP, it becomes a possible source of rules for the Sigflow detection engine.
The connection status and configuration of the MISP connection is described in MISP Connection Configuration Screen.

Note

Connection to MIPS server is experimental The integration was tested with MISP version 2.4.159. In case of problems, contact GATEWATCHER support.

For connection configuration implementation, refer to Configuring the connection to the MISP.
To implement the new rule source, see `Config - sigflow/sources` screen of the legacy web UI.