If you're looking for a platform to help with the collection and sharing of cybersecurity events, you need not look any further than MISP. Jack Wallen shows you how to install this tool.
Malware Information Sharing Platform (MISP) is a tool for the collection, storing, distributing, and sharing of cybersecurity indicators and threats. MISP was specifically designed to be used for security incident analysis so that security pros can share structured information.
With MISP you are better prepared to correlate the indicators of compromise from targeted attacks.
I'm going to walk you through the installation of the MISP core, using an automated script, on Ubuntu Server 18.04.
SEE: SSL Certificate Best Practices Policy (TechRepublic Premium)
What you'll need
A running instance of Ubuntu Server 18.04
A user with sudo privileges
How to update/upgrade Ubuntu
The first thing you'll want to do is update and upgrade your instance of Ubuntu. Although MISP will attempt to do this during the running of the script, it can't handle every situation it comes across. For one thing, the MISP installer will fail if you have even a single unsigned repository on your system. So if you know you use an unsigned repository, you'll want to temporarily move the apt source file.
For instance, if you have an unsigned source file, named source.list, in your sources.list.d directory, move it with the command:
sudo mv /etc/apt/sources.list.d/source.list ~/
After the installation of MISP, you can move that file back.
To update and upgrade your Ubuntu Server instance, issue the following commands:
sudo apt-get update sudo apt-get upgrade -y
If the kernel is upgraded, you'll need to make sure to reboot the server, so the changes will take effect.
How to install MISP
With that out of the way, it's time to install MISP. First, clone the MISP project from it's GitHub page with the command:
git clone https://github.com/da667/AutoMISP.git
Change into the newly-created directory with the command:
Give the installer script the proper permissions with the command:
chmod +x auto-MISP-ubuntu.sh
Now you can run the script with the command:
The installation will take some time (roughly five or 10 minutes, depending the speed of your network connection and hardware), so return to some other admin tasks until it completes.
When the installation completes, point a web browser to https://SERVER_IP/users/login (where SERVER_IP is the IP address of the hosting server). When presented with the login page, use the credentials email@example.com (username) and admin (password) (Figure A).
If you get an error that users/login cannot be found on the server, it means you're trying to log in with Firefox. For some reason MISP has problems with Firefox, so log in with a different browser.
Once you successfully log in, you'll be prompted to change the password (Figure B).
After you've changed the password, you're ready to start using MISP. You can start adding events, managing dashboards, and so much more.
How to become a cybersecurity pro: A cheat sheet (TechRepublic)
Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
Windows 10 security: A guide for business leaders (TechRepublic Premium)
Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)