Skip to content

MISP

Misp is an open source threat intelligence platform for cyber defense.

Install

 $ sudo apt install -y python3-pip
 $ sudo -H python3 -m pip install pytz -U
 $ sudo -H python3 -m pip install misp-lib-stix2 
 $ sudo useradd -m misp
 $ wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh && bash /tmp/INSTALL.sh -A -D
 $ sudo usermod misp -s /sbin/nologin
 # Watch the terminal regarding password information
 https://ip-of-server
 user: admin@admin.test
 Pass: admin
 # Change password and username .

Change the database Passwords

 # script autogenerates db passwrods stored here > /home/misp/msql.txt
 # CAUTION!!!! Changing the DB Password breaks MISP. WORK IN PROGRESS.........
 $ mariadb -u root -p
 maraidb> use mysql;
 mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'password';
 mysql> ALTER USER 'misp'@'localhost' IDENTIFIED BY 'password';
 mysql> FLUSH PRIVILEGES;
 mysql> exit
 # Verify new passwords work.
 $ mariadb -u root -p
 $ mariadb -u misp -p

 # Optional Out going mail
 $ sudo postconf -e 'relayhost = example.com'
 $ sudo postfix reload

Install Options

 -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 Please specify what type of MISP setup you want to install.
 -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 /tmp/INSTALL.sh -c | Install ONLY MISP Core
                 -M | MISP modules
                 -m | Mail 2 MISP
                 -S | Experimental ssdeep correlations
                 -A | Install all of the above
 -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
                 -C | Only do pre-install checks and exit
 -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
                 -u | Do an unattended Install, no questions asked
                 -U | Attempt and upgrade of selected item
                 -N | Nuke this MISP Instance
                 -f | Force test install on current Ubuntu LTS schim, add -B for 18.04 -> 18.10, or -BB 18.10 -> 19.10)
 Options can be combined: /tmp/INSTALL.sh -c -D # Will install Core+Dashboard
 -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 Recommended is either a barebone MISP install (ideal for syncing from other instances) or
 MISP + modules - /tmp/INSTALL.sh -c -M
 Interesting environment variables that get considered are:
 MISP_USER/MISP_PASSWORD # Local username on machine, default: misp/opensslGeneratedPassword
 PATH_TO_MISP # Where MISP will be installed, default: /var/www/MISP (recommended)

References

 https://www.misp-project.org/
 https://misp.github.io/MISP/
 https://www.circl.lu/doc/misp/administration/
 https://www.misp-project.org/misp-training/cheatsheet.pdf