How to Block Malware Samples from Being Sent to My Instance? #10204
Replies: 1 comment
-
|
Sure, there is a howto in order to block malware attachment. https://www.circl.lu/doc/misp/faq/#how-to-block-attachment-and-malware-sample-to-be-ingested |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I noticed that my instance is receiving malware samples in some IOCs. The EDR always detects and removes these samples as threats (which they technically are). I have the option to add the MISP directory that stores these samples as an exception in the EDR policy, but since we are not analyzing samples in our environment, I would rather prevent these samples from being sent to my instance and receive only the IOCs.
I checked the MISP configuration files but couldn't find an option to enable this setting. Is it possible to block the delivery of malware samples in MISP? If so, where can I configure this?
Thanks in advance!
Beta Was this translation helpful? Give feedback.
All reactions