#MISP #Microsoft Sentinel #Threat Intelligence

Tool Release: misp-filter-builder

Todays post is a short and sweet one. I have previously explored MISP-filters for the MISP2Sentinel solution. The filters and the MISP OpenAPI spec site are a tad confusing and hard to work with.

Introducing misp-filter-builder

Fair warning, this tool is made with Github Spark as I just got access and wanted to take it for a spin. Through some prompting and a fair bit of testing I’ve (or have I simply directed a website?) created a simple MISP filter builder website.

misp filter builder

There are some bugs still that I’m working on, such as validation not quite working on every field yet. Examples of this is the Last field fails to validate empty payloads (which is correct), but both 7d (valid payload) and AAAAAAAAAAAA are seen as valid.

If there are any other bugs you find, let me know on bluesky or somewhere!

Project website

The filter-builder can be found at https://lnfernux.github.io/misp-filter-builder/.

Also if you’re wondering about the .toml support, I’m working on a “port” of the misp2sentinel-solution to Rust.