Add ETP as a MISP enrichment module

Before you begin

How to

  1. Go to the Akamai-MISP GitHub page.
  2. Download the file.
  3. Add the python file to the MISP expansion directory.
    1. Open a command prompt and run it as an administrator. (On a Unix platform, make sure you run commands as a root user.)
    2. Enter this command to copy the file to the MISP expansion modules directory.
      cp /local/path/ <path_to_misp_modules>/site-packages/misp_modules/modules/expansion/
      where <path_to_misp_modules> is the location where MISP modules are installed.
    3. Enter this command to restart the MISP modules:
      systemctl restart misp-modules
  4. In MISP, set up the ETP (akamai_ioc) plugin:
    1. Do one of the following:
      • In the MISP navigation menu, select Administration > Server Settings and Maintenance and click the Plugin Settings tab.
      • Enter this URL into your browser to go to the MISP Plugin settings:

        where <misp_server_hostname> is the hostname that your organization uses for the MISP server.

    2. Navigate to the Enrichment section and search for the akamai_ioc plugin.
    3. Enter this information:
      • For the Plugin.Enrichment_akamai_ioc_access_enabled setting, enter true.
      • For the Plugin.Enrichment_akamai_ioc_client_secret setting, enter the client secret.
      • For the Plugin.Enrichment_akamai_ioc_apiURL setting, specify the API host information by entering https://<host>/ where <host> is your API host.
      • For the Plugin.Enrichment_akamai_ioc_access_token setting, enter your access token.
      • For the Plugin.Enrichment_akamai_ioc_client_token setting, enter the client token.
      • For the Plugin.Enrichment_akamai_ioc_configID setting, enter the ID that is associated with your contract.

        Note: If you don’t have this ID number, you can find it in a URL of Enterprise Threat Protector. For example, in the following URLs, 99999 is the contract ID.

        • Original ETP User Interface:

        • Enterprise Center User Interface: