DoveHawk

Threat Hunting with Zeek (formerly Bro) and MISP

This module uses Zeek’s built-in Intelligence Framework to load and monitor signatures from MISP automatically. Indicators are downloaded from MISP every 4 hours and hits, called sightings, are reported back to MISP immediately.