Search everything...

Skill

implementing-threat-intelligence-platform

Builds MISP-backed threat intelligence platform: ingests IOCs from feeds like URLhaus, enriches with VirusTotal/AbuseIPDB, associates via Galaxy/MITRE ATT&CK, exports STIX 2.1 bundles using PyMISP.

Python

security

npx claudepluginhub killvxk/cybersecurity-skills-zh

Tool Access

This skill uses the workspace's default tool permissions.

Preview

1. 安装依赖：`pip install pymisp requests stix2`

Supporting Assets

LICENSEreferences/api-reference.mdscripts/agent.py

SKILL.md

Similar Skills

performing-threat-intelligence-sharing-with-misp

Uses PyMISP to create, enrich, and share threat intelligence events on MISP platform, managing IOCs, integrating feeds, exporting STIX, and handling community sharing workflows.

3 files

cybersecurity-skills-zh

collecting-threat-intelligence-with-misp

5.9k

Deploys MISP via Docker, configures threat feeds, and uses PyMISP API to collect, correlate IOCs from community/commercial sources for security operations.

7 files

cybersecurity-skills

performing-threat-intelligence-sharing-with-misp

Uses PyMISP to create, enrich, and share threat intelligence events on MISP, managing IOCs, feeds, STIX exports, and community sharing. For security assessments and incident response.

asi

Stats

Stars10

Forks1

Last CommitMar 17, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

implementing-threat-intelligence-platform | cybersecurity-skills-zh | ClaudePluginHub

Back to Skills

Skill

implementing-threat-intelligence-platform

From cybersecurity-skills-zh

Builds MISP-backed threat intelligence platform: ingests IOCs from feeds like URLhaus, enriches with VirusTotal/AbuseIPDB, associates via Galaxy/MITRE ATT&CK, exports STIX 2.1 bundles using PyMISP.

Python

security

npx claudepluginhub killvxk/cybersecurity-skills-zh

Tool Access

This skill uses the workspace's default tool permissions.

Preview

1. 安装依赖：`pip install pymisp requests stix2`

Supporting Assets

LICENSEreferences/api-reference.mdscripts/agent.py

SKILL.md

操作说明

安装依赖：pip install pymisp requests stix2
部署 MISP 实例并从"管理 > 认证密钥"生成 API 密钥。
使用 PyMISP 连接并创建威胁情报事件：
- 创建包含威胁级别、分发和分析状态的事件
- 添加带 to_ids 标志的属性（ip-dst、domain、sha256、url）
- 用 MITRE ATT&CK 技术标识符标记事件
- 跨组织关联事件
从外部 Feed 摄入：URLhaus、Feodo Tracker、MalwareBazaar。
通过 VirusTotal 和 AbuseIPDB API 富化 IOC。
将关联事件导出为 STIX 2.1 Bundle。

python scripts/agent.py --misp-url https://misp.local --misp-key <api_key> --ingest-feeds --output misp_report.json

示例

创建带 IOC 的 MISP 事件

from pymisp import PyMISP, MISPEvent, MISPAttribute
misp = PyMISP("https://misp.local", "api_key")
event = MISPEvent()
event.info = "网络钓鱼活动 - 2024-Q1"
event.threat_level_id = 2
event.add_attribute("ip-dst", "185.143.223.47", to_ids=True)
misp.add_event(event)

Similar Skills

performing-threat-intelligence-sharing-with-misp

Uses PyMISP to create, enrich, and share threat intelligence events on MISP platform, managing IOCs, integrating feeds, exporting STIX, and handling community sharing workflows.

3 files

cybersecurity-skills-zh

collecting-threat-intelligence-with-misp

5.9k

Deploys MISP via Docker, configures threat feeds, and uses PyMISP API to collect, correlate IOCs from community/commercial sources for security operations.

7 files

cybersecurity-skills

performing-threat-intelligence-sharing-with-misp

Uses PyMISP to create, enrich, and share threat intelligence events on MISP, managing IOCs, feeds, STIX exports, and community sharing. For security assessments and incident response.

asi

Stats

Stars10

Forks1

Last CommitMar 17, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.