When the converter finishes processing the feeds, it creates a set of folders in the WORK_DIR folder that is defined during the installation. Each folder represents one feed from Kaspersky Threat Data Feeds as a MISP Feed.
To load those feeds into a MISP instance, add a set of MISP feeds to your MISP instance according to the MISP documentation.
After the feeds are added to a MISP instance, you can configure the fetching of events from those feeds using the MISP UI. As an alternative, you can use MISP API. For example, you can use the curl utility:
curl --insecure -i -X GET -H "Authorization: %auth_key%" -H "Accept: application/json" -H "content-type: application/json" %misp_url%/feeds/fetchFromFeed/%feed_id%
In the above command, replace:
%auth_key% with the AUTH key of a MISP instance,%misp_url% with the URL or IP address of a MISP instance, and%feed_id% with the feed identifier that was assigned to it by MISP. Feed identifiers are available in the MISP UI.The --insecure parameter causes curl to establish insecure SSL connections. This may create security issues. Use it only for evaluation purposes.
The fetching of events from feeds was tested on a computer with a 3.0 GHz CPU, four cores, and 24 GB of RAM. Further improving the hardware of the computer does not significantly affect the performance. For a feed that includes no more than 200 000 records, the first fetching process takes the following approximate amounts of time: