Prerequisites - jbarlow-mcafee/opendxl-misp-service-python GitHub Wiki
To use the MISP DXL Python service the following prerequisites must be satisfied:
-
OpenDXL Python Client library installed
-
The OpenDXL Python Client prerequisites must be satisfied
-
MISP server installed and configured.
The following page provides several different options for installing MISP:
One option for getting a MISP environment up and running fairly quickly is the "Docker container" approach provided at https://github.com/opendxl-community/docker-misp. Note that this docker-misp project is a fork of the https://github.com/harvard-itsecurity/docker-misp project.
The opendxl-community fork aims to enable the ability to pull an all-in-one MISP container from Docker Hub and launch an image from it with little to no additional configuration. For a more robust setup, it would be better to refer to the upstream https://github.com/harvard-itsecurity/docker-misp project.
-
(Optional) MISP ZeroMQ notification configured.
If you intend to use the ZeroMQ notification functionality with the OpenDXL MISP Python service, you will need to enable the ZeroMQ plugin in MISP. From the MISP web server UI, do the following:
- Navigate to the
Server Settings & Maintenance
page under theAdministration
menu. - Select the
Plugin Settings
tab. - Expand the
ZeroMQ
option in the plugin list. - Set the
Plugin.ZeroMQ_enable
setting totrue
.
This step is needed to enable the DXL MISP service to be able to receive notification messages from the MISP ZeroMQ server. For more information, see the documentation for the MISP ZeroMQ configuration and the
zeroMqNotificationTopics
setting in the service configuration file. - Navigate to the
-
Python 2.7.9 or higher in the Python 2.x series or Python 3.4.0 or higher in the Python 3.x series installed within a Windows or Linux environment.