The MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.
Wazuh and MISP integration
Wazuh–MISP Integration: Real-Time Threat Detection with File Hashes
The goal of this tutorial is to integrate MISP with Wazuh, enabling automated threat intelligence correlation. When a new file is created on a monitored endpoint, Wazuh will query its hash against indicators stored in the MISP instance. If a match is found, Wazuh will automatically generate an alert, enhancing detection and response capabilities.