MISP-to-EIQ is a simple Python script that will connect to your MISP instance, download the given MISP Event ID and send it to an EclecticIQ instance as a valid EclecticIQ JSON entity of the given type.

For configuration options, refer to the README.md in the config/ directory.

• Python 3 (uses 'requests', 'urllib3', 'datetime')
• EIQlib module from Sebastiaan Groot (eiqjson.py and eiqcalls.py)
• A MISP account with a valid API token
• An EclecticIQ account (user+pass) and EIQ 'Source' token

• Clone the repository
• Create a 'settings.py' file in the config/ directory (refer to the README.md)
• Run ./misp-to-eiq.py [-v] <#> (-v for verbose, # should be a valid MISP Event ID)

Running ./misp-to-eiq.py without command-line options or -h will display help:

-v / --verbose will display progress/error info
-c / --confidence lets you set the confidence level for the EclecticIQ entity
-i / --impact lets you set the (likely) impact for the EclecticIQ entity
-t / --type lets you choose what to ingest the MISP event as: [i]ndicator or [s]ighting
-s / --simulate do not actually ingest anything into EclecticIQ, just pretend (useful with -v)
-n / --name override the default TITLETAG setting from the configuration file
-d / --duplicate do not update the existing entity in EclecticIQ, but create duplicates (default: disabled)

(c) 2018 Arnim Eijkhoudt and Sebastiaan Groot (for his great EIQ lib / submodule)

This software is GPLv3 licensed, except where otherwise indicated.