Add ETP as a MISP enrichment module
Before you begin
- Make sure that your organization is licensed for ETP.
- Make sure that you have Open API credentials. For more information, see Authenticate with EdgeGrid and Get Started with APIs.
- Install the MISP platform 2.4 and later. To download and install MISP, see Download and Install MISP.
- Make sure that you set up Python 3.6 or later.
- Make sure that you install the akamai.edgegrid package. For more information, see Authenticate with EdgeGrid.
- Go to the Akamai-MISP GitHub page.
- Download the akamai_ioc.py file.
Add the python file to the MISP expansion directory.
- Open a command prompt and run it as an administrator. (On a Unix platform, make sure you run commands as a root user.)
Enter this command to copy the file to the MISP expansion modules
cp /local/path/akamai_ioc.py <path_to_misp_modules>/site-packages/misp_modules/modules/expansion/where <path_to_misp_modules> is the location where MISP modules are installed.
Enter this command to restart the MISP modules:
systemctl restart misp-modules
In MISP, set up the ETP
Do one of the
- In the MISP navigation menu, select Administration > Server Settings and Maintenance and click the Plugin Settings tab.
- Enter this URL
into your browser to go to the MISP Plugin
where <misp_server_hostname> is the hostname that your organization uses for the MISP server.
- Navigate to the Enrichment section and search for the akamai_ioc plugin.
- For the Plugin.Enrichment_akamai_ioc_access_enabled setting, enter true.
- For the Plugin.Enrichment_akamai_ioc_client_secret setting, enter the client secret.
- For the Plugin.Enrichment_akamai_ioc_apiURL setting, specify the API host information by entering https://<host>/ where <host> is your API host.
- For the Plugin.Enrichment_akamai_ioc_access_token setting, enter your access token.
- For the Plugin.Enrichment_akamai_ioc_client_token setting, enter the client token.
- For the
enter the ID that is associated with your contract.
Note: If you don’t have this ID number, you can find it in a URL of Enterprise Threat Protector. For example, in the following URLs, 99999 is the contract ID.
- Enterprise Center User
- Original ETP User Interface:
- Do one of the following: