Import MISP JSON
Draft
Level: Intermediate
Goal: Bring MISP event or attribute exports into IOC Library.
Real-Life Scenario
The CTI team already stores curated events in MISP and wants those observables searchable in AdversaryGraph without manual copy-paste.
When To Use This
Use this workflow when you need a structured analyst workflow and want the output to remain traceable to evidence.
Steps
- Create or expose a MISP JSON export URL.
- Open IOC Library source panel and connect the MISP source.
- Sync and filter by the MISP source label.
- Review imported observables and tags.
- Enrich or export only approved data.
Expected Result
MISP-backed IOC records searchable in AdversaryGraph.
Review Notes
- Keep source labels and evidence attached to every accepted result.
- Treat actor matches, enrichment hits, and matrix overlap as analytical signals until corroborated.
- Export only reviewed findings for customer, SOC, detection engineering, or executive use.