Enriching ELK with Threat Intelligence

I recently stood up a MISP instance in the lab to gather some Open Source Intelligence (OSINT). The goal of this exercise is to enrich data going into my Elastic Stack in order to identify when machines are talking to known bad actors or running known malicious executables.

I run Elastic Stack via Docker, and it is a small instance nothing fancy, you can read more about it the article I wrote…