MISP (“Malware Information Sharing Platform“) is a free software which was initially created by the Belgian Defence to exchange IOC’s with partners like the NCIRC (NATO). Today it became an independent project and is mainly developed by a group of motivated people. MISP is mainly used by CERT’s (“Computer Emergency Response Team”) but also private companies to exchange thousands on IOC’s on a daily basis.
To build the Docker image:
Change the ‘baseurl‘ parameter in /var/www/MISP/app/Config/config.php
Reconfigure Postfix to match your SMTP environment
To use MISP, point your browser to https://your-docker-server:443.
# git clone https://github.com/xme/misp-docker # cd misp-docker # docker build -t misp/misp --build-arg MYSQL_ROOT_PASSWORD=<mysql_root_pw> . # cat <<__END__ >env.txt MYSQL_ROOT_PASSWORD=my_strong_root_pw MYSQL_MISP_PASSWORD=my_strong_misp_pw __END__ # docker run -d -p 443:443 --env-file=env.txt --restart=always --name misp misp/mispOnce the container booted, there are still some manual operations to perform. Feel free to fine-tune it to your needs if you already know the tool.
Change the ‘baseurl‘ parameter in /var/www/MISP/app/Config/config.php
Reconfigure Postfix to match your SMTP environment
To use MISP, point your browser to https://your-docker-server:443.
The files are available on my github.com repository.
