ESET Online Help

Search
Select the topic

MISP

The ESET Malware Information Sharing Platform (MISP) server contains IoCs described in the reports. Every time a new report is available, the administrator receives an email notification. Historical reports are also available.

PDFs in MISP

The reports are in PDF format.

Currently, only PDF attachments are present as a plain attribute in the MISP Event. In addition, the ETI Portal download link to PDF and ETI Portal Report UUID will be added as an object attribute in the Report object of the MISP Event; see the example below.

ETI Portal Report ID:

type: other

category: External analysis

comment: ETI Portal Report ID

value: ETI Portal Report ID in the format of UUID, for example, 1351b9c3-b176-4de3-9234-2fe03c2913d5

ETI Portal download link (PDF):

type: other

category: External analysis

comment: ETI Portal download link (PDF)

value: ETI Portal download link to PDF, for example, https://preview-eti.eset.com/reports/apt/download/1351b9c3-b176-4de3-9234-2fe03c2913d5


note

Only customers migrated to the ESET Threat Intelligence Portal can utilize the ETI Portal download link (PDF) and ETI Portal ID from the MISP event.

ETI Portal Report ID

ETI Portal Report ID can be utilized using the ESET Threat Intelligence APIv2.

The ESET Threat Intelligence API documentation (Swagger/OpenAPI) is available by this link. To use the ESET Threat Intelligence API, you must have ESET Threat Intelligence Portal API credentials generated.

To get the APT report download PDF link, use the https://preview-eti.eset.com/v2/apt-reports/{reportUuid}/files endpoint. Alternatively, you can use the direct API download link: https://preview-eti.eset.com/v2/apt-reports/{reportUuid}/download/pdf.

ETI Portal download link (PDF)

ETI Portal download link (PDF) directs to the ESET Threat Intelligence Portal UI, which requires authentication using your ESET Business Account/ESET PROTECT Hub login credentials. MISP UI and ESET Threat Intelligence Portal UI users can utilize the link to download PDFs in the browser.

The detailed MISP changes list is available in the MISP changes—impact on users and steps to take chapter and the Release Notes under Version 2.3.0.0.

JSON

Below is an example of a MISP event in JSON format.