Admin Guide

Synapse-MISP Admin Guide

Configuration

Adding MISP servers for global use

To add a global MISP server configuration:

> misp.setup.server.add fooserver https://foo.com fookey --global
Adding server config fooserver to Synapse-MISP
MISP server configuration "fooserver" added

Permissions

Package (synapse-misp) defines the following permissions:
power-ups.misp.user              : Controls user access to Synapse-MISP. ( default: false )
power-ups.misp.admin             : Controls adding global server configs to Synapse-MISP. ( default: false )

You may add rules to users/roles directly from storm:

> auth.user.addrule visi power-ups.misp.user
Added rule power-ups.misp.user to user visi.

or:

> auth.role.addrule ninjas power-ups.misp.user
Added rule power-ups.misp.user to role ninjas.

Tag Prefixes

The default tag prefix used by Synapse-MISP when ingesting data from a remote MISP server is:

rep.misp

The tag prefix can be configured on a per-server basis. When adding a new server, users can specify the --tagpref <prefix> option to the misp.setup.server.add command. For servers that are already configured, a tag prefix can be added/changed with the --tagpref <prefix> option to the misp.setup.server.update command. To remove a tag prefix, use the --del-tagpref option of the misp.setup.server.update command.

mTLS / Custom CA Certificate

Synapse-MISP supports two TLS certificate configurations for MISP servers and feeds:

  • Custom CA certificate only – use this when the MISP server presents a certificate signed by a CA that is not trusted by default.

  • CA certificate + client certificate + client key – use this for mutual TLS (mTLS), where the MISP server also requires the client to present a certificate.

Certificate values are PEM-encoded content strings (not file paths). Multi-line PEM values should be passed via Storm variables.

To add a server with a custom CA certificate:

misp.setup.server.add fooserver https://foo.com fookey --ca-cert $cacert

To add a server with full mTLS:

misp.setup.server.add fooserver https://foo.com fookey --ca-cert $cacert --client-mtls $clientcert $clientkey

To update an existing server configuration:

misp.setup.server.update fooserver --ca-cert $cacert
misp.setup.server.update fooserver --client-mtls $clientcert $clientkey

To remove a certificate from an existing configuration:

misp.setup.server.update fooserver --del-client-mtls
misp.setup.server.update fooserver --del-ca-cert

Exported APIs

Synapse-MISP does not currently export any APIs.