Example script that uses MISP zmq to listen for events with relevant attachments that could be further analysed with some CinCan pipeline.

Usage: Edit and insert your misp URL and auth key.

Run on the environment you're running MISP in with the following command (or add relevant values with -r and -p):

python --host --only misp_json

Note that the script assumes the location of the document-pipeline repo is /opt/cincan/build/pipelines/document-pipeline/samples. If this is not correct, edit script variable "repository" with the correct local absolute path of the repo.