Integrate DFIR-IRIS, MISP and TimeSketch

Posted on January 31, 2022 in open source, security

Leave a reply

Scripts to integrate DFIR-IRIS, MISP and TimeSketch

I published a set of scripts that I use to integrate

Threat events and indicators stored in MISP;
CSIRT case handling data such as events, IOCs, timelines, assets and evidences in DFIR-IRIS;
Analysis events on PCAP and EVTX files in TimeSketch.

The Python scripts tie everything together between MISP, IRIS and TimeSketch. The scripts and example usage, with screenshots, are published in a Github repository: https://github.com/cudeso/dfir-iris-misp-timesketch.

The scripts make it possible to document threat elements in MISP, then query TimeSketch for any of their occurrences and afterwards import the events in IRIS, both in timeline and notes. Afterwards you can use the data in IRIS to create an incident report.

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information