With the latest update of the Cratos API to version 1.45 (https://www.ecrimelabs.com/cratos-threat-api) we now support direct integration between MISP and Carbon Black’s CB Response (https://www.carbonblack.com/products/cb-response/) through delivery with Threat Intelligence Feeds.
With this latest addition of features you can consume specific data sets automatically from your MISP instance directly into Carbon Black Response, and thereby making the power of your threat data even more operational as you can choose to alert, block or even hunt with the data.
Howto integrate your MISP instance with Cb Response
The integration into Cb Reponse is simple.
Login into your Cb Response portal click “Threat Intelligence” and “Add new Feed” here you paste the URL to your Cratos API.
When the feed has been added, remember to “Enable” this and do a full sync
As Shown above there are 4 different feeds, with indicators choosen to be shared from a MISP instance
incident
alert
block
hunt
With this in place the MISP data will regularly get updated into your Cb Response installation.