config.ini

[general]
misp_auth_key = mxVt2yZWkS39XemrgtyhbfYts7ZeeheQ50dXKLHO # or as environment variable
misp_tag_filter = tlp:white,tlp:green
misp_category_filter = Network activity,Payload delivery,Artifacts dropped,Payload installation,Persistence mechanism
misp_server = <FQDN or IP of MISP Server>

qradar_auth_key = 811aacf9-ef79-456h-98d4-5d27b7a94844 # or as environment variable
qradar_server = <FQDN or IP of QRadar Server>

# In minutes
frequency = 60
# Only load new attributes since the last interval
fetch_incremental = True

[refset_attributes]
# Map which MISP attributes (e.g. url, dst-ip, src-ip, domain) to copy into which reference set
MISP_IP_IOC = ip-dst,ip-src
MISP_Host_IOC = domain,hostname,domain
MISP_Url_IOC = url,uri
MISP_Filehash_IOC = md5,sha1,sha256