Using the provided MISP VM ova file, import it on VirtualBox and respond to the questions below. Also, add a screenshot of every step. NOTE : you might want to add an Internal interface and assign an...

Using the provided MISP
VM ova file, import it on VirtualBox and respond to the questions
below. Also, add a screenshot of every step.

NOTE: you might
want to add an Internal interface and assign an IP address (edit the
file
/etc/network/interfaces), so
that you can connect to the WebApp from a browser.

1. 
   

   
   
   
   Why there are no events when clicking on Home?

   
   
   
   

2. 
   

   
   
   
   Go to Sync Actions → List Feeds to check the list of default
   
   feeds.

   
   
   
   

3. 
   

   
   
   
   Load all default feed metadata and check how it looks like.

   
   
   
   

4. 
   

   
   
   
   In Home there is still no events. What do you have to do to see, for
   
   instance, IPs blocked by Snort? Explain step by step.

   
   
   
   

5. 
   

   
   
   
   Prove that these events are available in Home.

   
   
   
   

6. 
   

   
   
   
   Click on the ID to populate information about this event. What kind
   
   of information is shown at the list at the bottom? What this
   
   information represents?

   
   
   
   

7. 
   

   
   
   
   Using ipgeolocation.io, locate one of the entries in the list.
   
   Choose it randomly.

   
   
   
   


8. 
   

   
   
   
   Go back to the list of feeds and add all related to malware (use the
   
   search engine). If it takes a while, check in Administration →
   
   Jobs the background tasks. Once done, prove again you got events
   
   from all of them.

   
   
   
   

9. 
   

   
   
   
   Show the details of URLhaus.

   
   
   
   

10. 
    

    
    
    
    In the Galaxies menu, you can search for topics. Show the
    
    information regarding malware stealer.

    
    
    
    

11. 
    

    
    
    
    What feed would you use for phishing URLs?

    
    
    
    

12. 
    

    
    
    
    And for spam?

    
    
    
    

Using the provided MISP VM ova file, import it on VirtualBox and respond to the questions below. Also, add a screenshot of every step. NOTE: you might want to add an Internal interface and assign an IP address (edit the file /etc/network/interfaces), so that you can connect to the WebApp from a browser. 1. Why there are no events when clicking on Home? 2. Go to Sync Actions → List Feeds to check the list of default feeds. 3. Load all default feed metadata and check how it looks like. 4. In Home there is still no events. What do you have to do to see, for instance, IPs blocked by Snort? Explain step by step. 5. Prove that these events are available in Home. 6. Click on the ID to populate information about this event. What kind of information is shown at the list at the bottom? What this information represents? 7. Using ipgeolocation.io, locate one of the entries in the list. Choose it randomly. 8. Go back to the list of feeds and add all related to malware (use the search engine). If it takes a while, check in Administration → Jobs the background tasks. Once done, prove again you got events from all of them. 9. Show the details of URLhaus. 10. In the Galaxies menu, you can search for topics. Show the information regarding malware stealer. 11. What feed would you use for phishing URLs? 12. And for spam?