In this blog post, I will explain how to install MISP on Ubuntu 18.04. MISP is an Open Source Threat Intelligence Platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.
There exists three possibilities for installing MISP:
- Manual as described in the MISP GitHub repository.
- Using an Ansible script, which can be found here.
- Through an automated bash script.
In this tutorial, we will focus on the automated bash script:
The GitHub project can be cloned with the following command:
git clone https://github.com/da667/AutoMISP.git
Please change the passwords in the bash script! Subsequently, we will make the bash script executable and run it:
chmod +x auto-MISP-ubuntu.sh ./auto-MISP-ubuntu.sh
The script will need some time and install MISP:
After, the script installed MISP, we can use a browser to connect to MISP:
The MISP standard credentials are: firstname.lastname@example.org / admin
After login, you have to change the password:
Thank you for reading. In future blog post, I will cover how to integrate MISP with Splunk.