Skip to main content

Automation (Crontab)

Since MISP threat intelligence continuously receives new Indicators of Compromise (IoCs), it is essential to automate the script execution. This ensures that Pandora FMS updates its Mega-Regex automatically, keeping the SIEM engine protected against the latest threats without manual intervention.


1. Edit the Crontab File

On the server where the script is located, edit the global crontab file /etc/crontab with administrative privileges using your preferred editor (e.g., vim, nano):

sudo vim /etc/crontab

2. Add the Scheduled Task

Add the following line at the end of the file to run the synchronization daily at 2:00 AM:

0 2 * * * root /usr/bin/python3 /usr/share/pandora_server/util/plugin/misp_to_pandora.py "<PANDORA_API_URL>" "<PANDORA_TOKEN>" "<MISP_URL>" "<MISP_KEY>" "200200" > /dev/null 2>&1

Replace <...> with your actual credentials and URLs, exactly as used in the manual test.


Important Details about the configuration:

  • 0 2 * * *: Runs the script at minute 0 of hour 2 (2:00 AM) every day of the month and week.

  • root: Specifies the user executing the action. Using root ensures there are no permission issues writing to the log file.

  • Absolute paths: Always use the full path to Python (/usr/bin/python3) and the script (/usr/share/pandora_server/util/plugin/misp_to_pandora.py) because the cron environment has a limited $PATH.

  • > /dev/null 2>&1: Silences cron’s standard output. No data is lost, as the script logs successes and errors in /var/log/pandora/misp_api_sync.log.

Save the changes and exit the editor. Cron automatically detects the update and applies the new scheduled task.