In this post I go through the process of representing threat data from MISP in Elastic. The goal is to push attributes from MISP to Elastic and have a representation with a couple of pretty graphs. This is an alternative approach to using the MISP dashboard (and MISP-Dashboard, real-time visualization of MISP events).
The Filebeat component of Elastic contains a MISP module. This module queries the MISP REST API for recently published event and attribute … Read more.