OpenDXL
Security Intelligence Sharing
When a MISP event is published, the flow examines the event to determine if it contains hash-based attributes. If it does, a MAR search is performed to determine if any active endpoints contain the hashes. For each endpoint containing a hash, a sighting is added to the MISP event in addition to a comment that includes the associated endpoint information.
The Node-RED flow content for this solution: