Installing Kaspersky Threat Feed App for MISP

This section explains how to install Kaspersky Threat Feed App for MISP.

To install Kaspersky Threat Feed App for MISP:

  1. Unpack the distribution kit to the desired directory.

    This directory is called %service_dir% in this document.

  2. Rename your certificate for downloading feeds to feeds.pem and copy it to the %service_dir%/feed_util subdirectory.
  3. Read the End User License Agreement (EULA). You can find the terms of the EULA in the %service_dir%/EULA.txt file.

    If you agree to the terms of the EULA, proceed to the next step. If you do not agree to the terms of the EULA, cancel the installation.

  4. Open the %service_dir%/feed_util/template.conf file for editing.
  5. Accept the EULA by changing the value of the <EULA> element in the template.conf file to <EULA>accepted</EULA>.

    Kaspersky Feed Utility runs only if the EULA is accepted.

  6. Save and close the template.conf file.
  7. By default, the converted MISP-format feeds are saved to the %service_dir%/workdir directory. If you want to save them to a different directory, do the following:
    1. Open the %service_dir%/defs.py file for editing.
    2. Find the following line:

      WORK_DIR = os.path.join(BASE_DIR, 'workdir')

    3. In the WORK_DIR parameter, specify the path to the directory where you want to store MISP-format feeds.

      You can set WORK_DIR to an absolute path as follows:

      WORK_DIR = '%absolute_path%' (replace %absolute_path% with an absolute path to the directory).

    4. Save and close the %service_dir%/defs.py file.

      When the converter and the MISP instance operate on the same computer, the user account that runs the MISP instance must have access rights to the WORK_DIR directory so that the MISP instance can download the converted feeds.

  8. Install the libraries listed in the requirements.txt file that are not present on the computer.

    Do this by running the following command:

    pip install -r %service_dir%/requirements.txt

    Depending on the configuration of your operating system, Python package installer can use a different command to install modules. For example, pip3.

  9. Configure Kaspersky Threat Feed App for MISP by editing the %service_dir%/settings.py file.
  10. If you are going to use a proxy server to gain access to Kaspersky servers to download feeds, from the Feed Utility directory run the following command once:

    kl_feed_util --set-proxy %PROXY% -c template.conf

    Here %PROXY% is the setting that specifies the proxy server parameters for gaining access to the Kaspersky servers.

  11. Run the first feed conversion process manually. For more information about running the converter from the command line, see Command-line parameters).

After the installation, you can schedule the feeds conversion by using the cron utility.

Page top