Enrich IPs with MISP

📘
This note remains unpublished.

automatically query every IP in Axonius against the MISP database.

Enrich IPs with MISP runs a AKAssets enriches assets retrieved from the saved query supplied as a trigger (or from the assets selected in the asset table).

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

📘
Note:

Not all asset types are supported for all Enforcement Actions.

See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.

See Actions supported for Vulnerabilities.

See Actions supported for Software.

Required Fields

These fields must be configured to run the Enforcement Set.

Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.

Use stored credentials from the AKAssets adapter - Select this option to use the first connected AKAssets adapter credentials.
Domain - The AKAssets domain or IP address.
Certificate File -
Key File -
Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Working with Axonius Compute Nodes.

Additional Fields

These fields are optional.

Gateway Name - Select the Gateway through which to connect to perform the action.

APIs

Axonius uses the MISP APIs.

Required Permissions

The values supplied in Connection Settings above must have read/write permissions.

For more details about other Enforcement Actions available, see Action Library.

Updated about 11 hours ago