The NCFTA CDF integration ingests published MISP events from a user-provided, self-hosted MISP server instance. The MISP threat sharing platform is free and open source software that enables sharing of threat intelligence represented in the MISP data model format.

The integration ingests data from the following endpoint:

• POST {{user_fields.domain_name}}/events/restSearch.

Note: {{user_fields.domain_name}} must contain the protocol, such as https://).

The integration ingests the following system objects:

• Events
• Indicators
• Attachments
• Signatures
• Adversaries
• Attack Patterns
• Course of actions
• Intrusion Sets
• Malware
• Tools
• Attack Patterns