implementing-threat-intelligence-platform
SKILL.md
Instructions
- Install dependencies:
pip install pymisp requests stix2 - Deploy MISP instance and generate an API key from Administration > Auth Keys.
- Use PyMISP to connect and create threat intelligence events:
- Create events with threat level, distribution, and analysis status
- Add attributes (ip-dst, domain, sha256, url) with to_ids flags
- Tag events with MITRE ATT&CK technique identifiers
- Correlate events across organizations
- Ingest from external feeds: URLhaus, Feodo Tracker, MalwareBazaar.
- Enrich IOCs via VirusTotal and AbuseIPDB APIs.
- Export correlated events as STIX 2.1 bundles.
python scripts/agent.py --misp-url https://misp.local --misp-key <api_key> --ingest-feeds --output misp_report.json
Examples
Create MISP Event with IOCs
from pymisp import PyMISP, MISPEvent, MISPAttribute
misp = PyMISP("https://misp.local", "api_key")
event = MISPEvent()
event.info = "Phishing Campaign - 2024-Q1"
event.threat_level_id = 2
event.add_attribute("ip-dst", "185.143.223.47", to_ids=True)
misp.add_event(event)
Weekly Installs
1
Repository
mukul975/anthro…y-skillsGitHub Stars
2.4K
First Seen
3 days ago
Security Audits
Installed on
amp1
cline1
opencode1
cursor1
kimi-cli1
codex1