Scribd
Upload
30 views7 pages

Data Collection Through External Sources

The document outlines the process of collecting Indicator of Compromise (IoC) data using MISP and AlienVault OTX. MISP is described as an open-source platform for sharing and analyzing cybersecurity threats, while OTX enables gathering and sharing threat indicators through a Python script. Both tools enhance threat detection and response by facilitating collaboration and structured data collection among organizations.

Uploaded by

Praneetha Cherukuri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
30 views7 pages

Data Collection Through External Sources

The document outlines the process of collecting Indicator of Compromise (IoC) data using MISP and AlienVault OTX. MISP is described as an open-source platform for sharing and analyzing cybersecurity threats, while OTX enables gathering and sharing threat indicators through a Python script. Both tools enhance threat detection and response by facilitating collaboration and structured data collection among organizations.

Uploaded by

Praneetha Cherukuri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

A.

Navya Sri IMF202501DUSI66 Lab-8 (Roll No:49)

Data Collection through External Sources


IoC Data Collection using MISP (Malware Information Sharing Platform)
MISP (Malware Information Sharing Platform) is an open-source threat intelligence
platform designed for collecting, sharing, and analyzing cybersecurity threats. It
enables organizations to collaborate on threat data, detect patterns, and enhance
security defenses by sharing indicators of compromise (IOCs) in a structured format.
To Access MISP, we have to go to browser and give localhost address i.e, [Link]
And we will get Access to MISP page where we have to login.
User: admin@[Link]
And you will have to set your password.

In MISP, you can add your own organization, create and manage users, and access
the Events page to view, share, and analyze threat intelligence. This helps
organizations collaborate effectively and improve threat detection.
We can list events and also add new events.
[Link] Sri IMF202501DUSI66 Lab-8 (Roll No:49)

By clicking Sync Actions, we can access the Feeds. In feeds, we can list the
available feeds and also add the new feeds.
By clicking on the fields, we have to enable the fields if they are not enabled.

After enabling the feeds, Go to Administration and search for Jobs.


[Link] Sri IMF202501DUSI66 Lab-8 (Roll No:49)

In jobs, we can see the progress of the feeds to collect threat intelligence.

We can find information about many events like the threat actor, their attack pattern,
their tags and also their TTP’s, etc.
[Link] Sri IMF202501DUSI66 Lab-8 (Roll No:49)

We can also see that the number of feeds also will be increased.

MISP enables efficient IOC data collection, allowing organizations to gather, share,
and analyze threat intelligence collaboratively. By leveraging structured data and
automated feeds, MISP enhances threat detection and response, strengthening
overall cybersecurity defenses.

IoC Data Collection using OTX (AlienVault OTX)


IOC Data Collection using OTX (AlienVault OTX) enables security teams to gather,
analyze, and share threat indicators such as IPs, domains, hashes, and URLs. By
leveraging community-driven intelligence, OTX enhances threat detection and
response.
To collect information from AlienVault otx, we have to install otxv2 in ubuntu which is
done by the following command.

Now to do IOC collection in AlienVault OTX, we have to write a python file with the
help of pentestgpt or [Link].
To create a python file, give the command as follows.
[Link] Sri IMF202501DUSI66 Lab-8 (Roll No:49)

Now, write the python script in this fetch_ip.py file.

Here, we will give the API key of our AlienVault OTX.

And for pulse ID, we will give the details of following pulse.
[Link] Sri IMF202501DUSI66 Lab-8 (Roll No:49)

Now, we have to save that python file. And run it.

We can also use cronjobs to schedule tasks to run this file by following commands.
This following command is used to view the cronjob that we created.
[Link] Sri IMF202501DUSI66 Lab-8 (Roll No:49)

This command is used to edit the cronjob that we created.

Information regarding that pulse is stored in the ransomware_iocs.json file that is


shown below.

In this way, we collected information like IP address from a pulse using a python
script. We can also collect information from more than one pulse at a time.

You might also like