[Bro] [bro] misp2bro
elhoim at gmail.com
Sun Apr 17 07:28:42 PDT 2016
Is there an error message in the xml file?
If yes, could you post it?
If you want to write your own script to download IOCs, there is the
PyMISP library @ https://github.com/MISP/PyMISP/
This library is really great because it abstracts most of the details
needed to create a script for interacting with a MISP instance.
Then you can just grep your bro logs, or generate bro IOCs lists that
can be used to match.
On Sun, Apr 17, 2016 at 6:19 AM, Tim Desrochers <tgdesrochers at gmail.com> wrote:
> Anyone using MISP? I installed MISP as a test and it seems pretty useful.
> What I can't seem to get working is the misp2bro script written to export
> indicators in MISP to bro format.
> When I run the script it appears to crash and give the error:
> Traceback (most recent call last):
> File "misp2bro.py", line 288, in <module>
> if makeBroFiles(parseXML(EXPORT_FILE)):
> File "misp2bro.py", line 168, in makeBroFiles
> if int(event.find('attribute_count').text):
> AttributeError: 'NoneType' object has no attribute 'text'
> If I run it again there is no crash but that is because the md5 it generates
> matches the previous hash so no action is taken on the downloaded xml.
> Has anyone used this, I could use a hand getting it working.
> Bro mailing list
> bro at bro-ids.org
More information about the Bro