MISP
Last updated
Was this helpful?
Last updated
Was this helpful?
Share.Store.Correlate.Analyse.
Targeted attacks.Financial Fraud.Counter-terrorism.
Seeing helps understanding.
MISP comes with many visualization options helping analysts find the answers they are looking for.
MISP is more than Software
It is also a massive collection of open taxonomies that can be used in any software.
AM!TT for disinformation,
ATT&CK for threat actors, TTPs,
Attack4fraud, TLP, GDPR, Veris, admiralty, estimative language, document classification, and much more!
is to share more, smarter and faster
with your friends and allies
than your adversaries would like to.
Sharing is key to fast and effective detection of attacks. Quite often similar organizations are targeted by the same Threat Actor, in the same or different Campaign. MISP will make it easier for you to share with, but also to receive from trusted partners and trust-groups. Sharing also enabled collaborative analysis and prevents you from doing the work someone else already did before.
Having access to a large amount of Threat information through MISP Threat Sharing communities gives you outstanding opportunities to aggregate this information and take the process of trying to understand how all this data fits together telling a broader story to the next level. We are transforming technical data or indicators of compromise (IOCs) into cyber threat intelligence. MISP comes with many visualization options helping analysts find the answers they are looking for.
The MISP Threat Sharing project consists of multiple initiatives, from software to facilitate threat analysis and sharing to freely usable structured Cyber Threat Information and Taxonomies.
The MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.
MISP Portal
MISP Galaxies & Taxonomies
MISP Docu & Trainings
PyMISP
MISP modules are autonomous modules that can be used to extend MISP for new services such as expansion, import and export.
The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities without modifying core components.
MISP Modules
MISP is an open source software and it is also a large community of MISP users creating, maintaining and operating communities of users or organizations sharing information about threats or cyber security indicators worldwide.
September 15, 2023
[logs] add time based filter. Quite useful when you have a large set of logs.
[audit] add last password change timestamp for users.
[UI] show which attributes/objects are new and awaiting publication still.
[console:TrainingShell] Added deleteAllSyncs function.
[feeds] add Ellio threat list.
[internal] improved parameter parsing.
Properly filter out query parameters.
Method call on null.
Fixed invalid ordering errors.
Do not require jobId for AdminShell jobGenerateCorrelation, create a new job if jobId is null. fixes #9206.
[dashboard:organisationMapWidget] Do not require the config to have start and end date.
[restSearch] exact match for values starting with %, fixes #9258.
Unable to enrich individual shadow attribute.
Unable to enrich individual attribute, fixes #9267.
[stix2 import] Fixed debugging message for errors and warnings when the debug option is set.
Unable to enrich individual shadow attribute.
Unable to enrich individual attribute, fixes #9267.
Disable submodule update section when MISP.self_update is disabled, to allow not carrying git dependencies in docker.
Update of target sectors in threat-actor database. This now includes the known target sectors as meta.
Various updates to the threat-actor database.
Various improvements to the generation tools.
Fix the url of the VirusTotal collection in the VirusTotal expansion module.
Isn’t it sad to have a lot of data and not use it because it’s too much work? Thanks to MISP you can store your IOCs in a structured manner, and thus enjoy the correlation, automated exports for IDS, or SIEM, in STIX or OpenIOC and synchronize to other MISPs. You can now leverage the value of your data without effort and in an automated manner. .
The primary goal of MISP is to be used. This is why simplicity is the driving force behind the project. Storing and especially using information about threats and malware should not be difficult. MISP is there to help you of your data without unmanageable complexity.
Threat Intelligence is much more than . This is why MISP provides , , visualization and even allows you to integrate with other for further analysis thanks to its .
The MISP Threat Sharing ecosystem is all about accessibility and interoperability: The is , data format and API are completely and for you can rely on and .
Many MISP are already available like MITRE ATT&CK, Exploit-Kit, Microsoft Activity Group actor, Preventive Measure, Ransomware, TDS, Threat actor or Tool used by adversaries.
provide a set of already defined classifications modeling estimative language, CSIRTs/CERTs classifications, national classifications or threat model classification.
In a continuous effort since 2016, frequently gives practical training sessions about MISP. The purpose is to reach out to security analysts using MISP as a threat intelligence platform along with users using it as an information sharing platform.
All the are open source, include slides and a virtual machine preconfigured with the latest version of MISP. if you are looking for custom training.
is a Python library to access MISP platforms via their REST API.
PyMISP allows you to fetch events, add or update events/attributes, add or update samples or search for attributes programmatically.
For more information: slides from MISP .
MISP 2.4.176 released with various improvements and bugs fixed. This version also includes major improvements in the library especially on the storing relationships and the description of relationships in the MISP standard format.
Various fixes to MISP objects such as , and .
added to the MISP warning-lists.
added.
Various bugs fixed where fixed in PyMISP. For more details, .
The MISP projet has its own Mastodon server - don’t forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.
The latest video of MISP Training - Advanced, Developer session, from API to MISP internals is now available .
is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don’t hesitate to get in touch with us if you need specific services.
