MISP is an open source software and it is also a large community of MISP users creating, maintaining and operating communities of users or organizations sharing information about threats or cyber security indicators worldwide. The MISP project doesn’t maintain an exhaustive list of all communities relying on MISP especially that some communities use MISP internally or privately.
Known Existing and Public MISP Communities
Each community might have specific rules to join them. Below is a brief overview of existing communities, feel free to contact the respective communities that fit your organization. Some of existing public communities might be interconnected and some might be in an island mode. By running MISP, these communities usually allow their members to connect using the MISP API, MISP user-interface or even to synchronize your MISP instance with their communities. If you want to add your MISP community to the list, don’t hesitate to contact us.
CIRCL MISP Community
CIRCL operates a fairly large MISP community (more than 800 organizations are members) mainly targeting private organizations, companies, financial organizations or IT security companies. For more information and how to join this community.
CiviCERT MISP Community
CiviCERT is an umbrella organizations formed by the partnership between Internet Content and Service Providers, Non Governmental Organizations and individuals that contribute some of their time and resources to the community in order to globally improve the security awareness of civil society. The community is fairly new but uses MISP to inform its constituents of malicious activities in their infrastructure.
Fidelis malware/RAT Community
CSSA Cyber Security Sharing & Analytics (CSSA)
CSSA was founded in November 2014 by seven major German companies as an alliance for jointly facing cyber security challenges in a proactive, fast and effective manner. Their community uses MISP as core software and to interconnect with others.
FIRST MISP Community
Since 1990, when FIRST was founded, its members have resolved an almost continuous stream of security-related attacks and incidents including handling thousands of security vulnerabilities affecting nearly all of the millions of computer systems and networks throughout the world connected by the ever growing Internet. FIRST brings together a wide variety of security and incident response teams including especially product security teams from the government, commercial, and academic sectors.
FIRST MISP instance allows FIRST members to efficiently share and store technical and non-technical information about malware samples, attackers and incidents. It also enables members who have not yet gained experience leveraging threat intelligence to connect with a wider community of organizations that have, increasing their own capabilities.
NATO MISP Community
The NATO Communications and Information (NCI) Agency operates a MISP community, for more information.
MISP Feed Communities
MISP integrates a functionality called feed that allows to fetch directly MISP events from a server without prior agreement. Two OSINT feeds are included by default in MISP and can be enabled in any new installation. Providers and partners can provide easily their feeds by using the simple PyMISP feed-generator. For more information, an article about “Using open source intelligence feeds, OSINT, with MISP”.
CIRCL OSINT Feed
CIRCL provides a MISP OSINT feed from various sources including their own analysis.
MISP URL location is https://www.circl.lu/doc/misp/feed-osint.
Botvrij.eu OSINT feed
Botvrij.eu provides a MISP OSINT feed out of public report.
MISP URL location is http://www.botvrij.eu/data/feed-osint.