I'm trying to access a MISP instance from the MISP42Splunk App. I've configured the correct API key and MISP Base URL. I do not however, see an option to specify a client certificate to be presented to the MISP server and i think that breaks the integration. Do you know if there is an option to specify a client cert in MISP42Splunk or some other means?
Thanks.
Hi,
This is not available yet. Could you open an issue on github to get it implemented
Please check version 2.2.0 on github as I don’t have a lab set up yet to test it
Thanks a million Remi. MISP42Splunk 2.2.0 works on Windows 10.
Manually deleted the MISP42splunk folder in the Splunk /etc folder . Reinstalled MISP42Splunk using "install App from file" option. Restarted Splunk.
Specified the Client certificate as .PEM file, the same format as usually presented via the MISP API.
Ran reports on the dashboard and saw event data being successfully captured from the MISP instance.
Thanks for the prompt action.