Malware Information Sharing Platform (MISP) is a tool for the collection, storing, distributing, and sharing of cybersecurity indicators and threats. MISP was specifically designed to be used for security incident analysis so that security pros can share structured information.
With MISP you are better prepared to correlate the indicators of compromise from targeted attacks.
I’m going to walk you through the installation of the MISP core, using an automated script, on Ubuntu Server 18.04.
SEE: SSL Certificate Best Practices Policy (TechRepublic Premium)
A running instance of Ubuntu Server 18.04
A user with sudo privileges
The first thing you’ll want to do is update and upgrade your instance of Ubuntu. Although MISP will attempt to do this during the running of the script, it can’t handle every situation it comes across. For one thing, the MISP installer will fail if you have even a single unsigned repository on your system. So if you know you use an unsigned repository, you’ll want to temporarily move the apt source file.
For instance, if you have an unsigned source file, named source.list, in your sources.list.d directory, move it with the command:
After the installation of MISP, you can move that file back.
To update and upgrade your Ubuntu Server instance, issue the following commands:
If the kernel is upgraded, you’ll need to make sure to reboot the server, so the changes will take effect.
With that out of the way, it’s time to install MISP. First, clone the MISP project from it’s GitHub page with the command:
Change into the newly-created directory with the command:
Give the installer script the proper permissions with the command:
Now you can run the script with the command:
The installation will take some time (roughly five or 10 minutes, depending the speed of your network connection and hardware), so return to some other admin tasks until it completes.
When the installation completes, point a web browser to https://SERVER_IP/users/login (where SERVER_IP is the IP address of the hosting server). When presented with the login page, use the credentials [email protected] (username) and admin (password) (Figure A).
Figure A
Logging in to MISP for the first time.
If you get an error that users/login cannot be found on the server, it means you’re trying to log in with Firefox. For some reason MISP has problems with Firefox, so log in with a different browser.
Once you successfully log in, you’ll be prompted to change the password (Figure B).
Figure B
Changing the default MISP password.
After you’ve changed the password, you’re ready to start using MISP. You can start adding events, managing dashboards, and so much more.
How to become a cybersecurity pro: A cheat sheet (TechRepublic)
Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
Windows 10 security: A guide for business leaders (TechRepublic Premium)
Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
All the VPN terms you need to know (CNET)
Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.