Node-RED Flow: Add Hash Sightings to MISP Event using MAR

  • chrissmith added a new solution:


    When a MISP event is published, the flow examines the event to determine if it contains hash-based attributes. If it does, a MAR search is performed to determine if any active endpoints contain the hashes. For each endpoint containing a hash, a sighting is added to the MISP event in addition to a comment that includes the associated endpoint information.


    The Node-RED flow content for this solution: