ecrimelabs

eCrimeLabs Cratos API creates integration between MISP and Cb Response

eCrimeLabs Cratos API creates integration between MISP and Cb Response

With the latest update of the Cratos API we now support direct integration between MISP and Carbon Black’s CB Response (https://www.carbonblack.com/products/cb-response/) through delivery with Threat Intelligence Feeds.

With this latest addition of features you can consume specific data sets automatically from your MISP instance directly into Carbon Black Response, and thereby making the power of your threat data even more operational as you can choose to alert, block or even hunt with the data.

New tools released for integration with the eCrimeLabs Threat API

The integration to the eCrimeLabs Threat API continues to grow.

symantec-bluecoat.jpg

Previously we added integration to Symantec BlueCoat, RPZ DNS format and the latest support was the generation of Bro rules.

security-onion.png

The Bro IDS rules generation was implemented to create a full support for SecurityOnion (https://securityonion.net/)

 

with the continuous growth of integrations we are working on giving the power back to companies and corporations and allow for the usage of various sources of threat data from both open and closed source relations.

It is important to be able to react on the and incident and this is where the eCrimeLabs Threat API in corporation with MISP Threat data sharing platform and close the gap.

 

eCrimeLabsFeeds (https://github.com/eCrimeLabs/eCrimeLabsFeeds)

The tool allows to fetch all the feeds presented through the API. The following script can be used to fetch IOC data from the eCrimeLabs Broker API and stores it into files or bulk can be choosen. This is usefull if you want to push the data into your security solutions ourself or if you have an off-site engangement with no internet connection.

SecurityOnion eCrimeLabs (https://github.com/eCrimeLabs/securityonion-ecrimelabs)

This script allows for an easy integration of the eCrimeLabs feeds into any SecurityOnion installations.


The below illustration is the most used implementation of the eCrimeLabs solution.