Open Source Threat Intelligence and Sharing Platform

Share.Store.Correlate.Analyse.
Targeted attacks.Financial Fraud.Counter-terrorism.

Visualization & Dashboards

Seeing helps understanding.

MISP comes with many visualization options helping analysts find the answers they are looking for.

A galaxy of information

MISP is more than Software

It is also a massive collection of open taxonomies that can be used in any software.

AM!TT for disinformation,
ATT&CK for threat actors, TTPs,
Attack4fraud, TLP, GDPR, Veris, admiralty, estimative language, document classification, and much more!

The art of information sharing

is to share more, smarter and faster
with your friends and allies
than your adversaries would like to.

The key is Automation

Isn’t it sad to have a lot of data and not use it because it’s too much work? Thanks to MISP you can store your IOCs in a structured manner, and thus enjoy the correlation, automated exports for IDS, or SIEM, in STIX or OpenIOC and synchronize to other MISPs. You can now leverage the value of your data without effort and in an automated manner. Check out MISP features.

Simplify Threats

The primary goal of MISP is to be used. This is why simplicity is the driving force behind the project. Storing and especially using information about threats and malware should not be difficult. MISP is there to help you get the maximum out of your data without unmanageable complexity.

By giving you will receive

Sharing is key to fast and effective detection of attacks. Quite often similar organizations are targeted by the same Threat Actor, in the same or different Campaign. MISP will make it easier for you to share with, but also to receive from trusted partners and trust-groups. Sharing also enabled collaborative analysis and prevents you from doing the work someone else already did before.
Join one of the existing MISP communities.

Threat Intelligence

Threat Intelligence is much more than Indicators of Compromise. This is why MISP provides metadata tagging, feeds, visualization and even allows you to integrate with other tools for further analysis thanks to its open protocols and data formats.

Visualization

Having access to a large amount of Threat information through MISP Threat Sharing communities gives you outstanding opportunities to aggregate this information and take the process of trying to understand how all this data fits together telling a broader story to the next level. We are transforming technical data or indicators of compromise (IOCs) into cyber threat intelligence. MISP comes with many visualization options helping analysts find the answers they are looking for.

Open & Free

The MISP Threat Sharing ecosystem is all about accessibility and interoperability: The software is free to use, data format and API are completely open standards and for support you can rely on community and professional services.

Want to test and evaluate MISP?

Download now

Initiatives

The MISP Threat Sharing project consists of multiple initiatives, from software to facilitate threat analysis and sharing to freely usable structured Cyber Threat Information and Taxonomies.

  • The MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.

    MISP Portal

  • Many MISP galaxy clusters are already available like MITRE ATT&CK, Exploit-Kit, Microsoft Activity Group actor, Preventive Measure, Ransomware, TDS, Threat actor or Tool used by adversaries.

    Taxonomies provide a set of already defined classifications modeling estimative language, CSIRTs/CERTs classifications, national classifications or threat model classification.

    MISP Galaxies & Taxonomies

  • In a continuous effort since 2016, CIRCL frequently gives practical training sessions about MISP. The purpose is to reach out to security analysts using MISP as a threat intelligence platform along with users using it as an information sharing platform.

    All the training materials are open source, include slides and a virtual machine preconfigured with the latest version of MISP. Reach out if you are looking for custom training.

    MISP Docu & Trainings

  • PyMISP is a Python library to access MISP platforms via their REST API.

    PyMISP allows you to fetch events, add or update events/attributes, add or update samples or search for attributes programmatically. Discover more

    PyMISP

  • MISP modules are autonomous modules that can be used to extend MISP for new services such as expansion, import and export.

    The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities without modifying core components.

    For more information: Extending MISP with Python modules slides from MISP training.

    MISP Modules

Do you want to join a community?

MISP is an open source software and it is also a large community of MISP users creating, maintaining and operating communities of users or organizations sharing information about threats or cyber security indicators worldwide.

Find communities

From our blog

In addition to the news stories below, check out the press, events, hackathon, MISP Summit pages and full news archive.

Read more

MISP ioC retrosearch with misp42 Splunk app.

By Remi Seguy on October 22, 2024

Introduction

Hi, in this blog post I am going to share how I have built a framework on Splunk to retrosearch on MISP indicators of compromise.

Continue reading

Read more

MISP 2.4.198 released with many bugs fixed, security fixes and improvements.

on September 17, 2024

MISP v2.4.198 (2024-09-13)

Based on a set of fixes including a security fix, we are pleased to announce the immediate availability of MISP 2.4.198. You can find a list of the detailed changes along with new features further below. As with any security release, we highly encourage everyone to update their instance as soon as possible.

Continue reading

Read more

MISP 2.4.197 released with many bugs fixed, a security fix and improvements.

on September 2, 2024

Release Notes - v2.4.197 (2024-09-02)

New Features

  • Config Option: Added a new configuration option user_org_uuid_in_response_header to include a response header with the requesting user’s organization UUID. [Jeroen Pinoy]
  • Build: Display required STIX dependencies versions during the build process. [Jakub Onderka]
  • Bookmark now supports comment.

Changes

  • Version: Version bump. [iglocska]
  • Warning List: Updated the warning list. [Alexandre Dulaunoy]
  • Taxonomies: Updated to the latest version. [Alexandre Dulaunoy]
  • MISP Galaxy: Updated to the latest version. [Alexandre Dulaunoy]
  • PyMISP: Version bump. [Raphaël Vinot]
  • Internal Logging: Added logging when an event will not be published. [Jakub Onderka]
  • Global Menu - Bookmarks: Added comment field as the dropdown element’s title in the global menu bookmark. [Sami Mokaddem]
  • Database Upgrade - Bookmarks: Upgraded the database to support bookmark comments. [Sami Mokaddem]
  • Bookmark View: Added a missing comma for the new comment function and added a field for comments in the bookmark view. [Jan Z.]
  • Bookmark Index: Added a field to display comments in the bookmarks index. [Jan Z.]
  • Bookmark Add/Edit: Added a field to add and edit comments for bookmarks. [Jan Z.]
  • MISP Object: Updated to the latest version. [Alexandre Dulaunoy]

Fixes

  • UI/Footer: Improved UI footer to avoid confusion for some users. [Alexandre Dulaunoy]
  • IOC Import: Added a check to ensure the provided XML is valid. [Jakub Onderka]
  • Schema: Updated schema version. [Jakub Onderka]
  • UI: Fixed tag popover to return already parsed data. [Jakub Onderka]
  • Bookmarks - Add: Lower-cased the comment field. [Sami Mokaddem]
  • Sightings: Correctly retrieve sightings per the requested event. [Tom King]
  • Bookmarks - Verbose Returns: Fixed an issue with overly verbose returns from bookmarks when shared with the organization. This fix was reported by Sharad Kumar Dahal of Green Tick Nepal Pvt. Ltd. [iglocska] This fixes a security issue recorded as CVE-2024-45509.
  • Feed: When pulling feeds, events are now checked against specified rules if any rules are provided. [Benni0]

Other

  • Merged pull requests addressing issues with unpublished events logging, tag popover parsing, sightings restSearch performance, and STIX dependencies version display. [Jakub Onderka, Andras Iklody, Andrew Hicks]
  • Fixed issues related to sightings restSearch negation of organization ID. [Andrew Hicks]

For a complete list of updates, please refer to the changelog pages. Many thanks to all the diligent contributors that ensure that MISP keeps improving rapidly!

Continue reading

Read more

MISP 2.4.196 released with many bugs fixed and improvements.

on August 21, 2024

MISP 2.4.196 released with many bugs fixed and improvements.

New Features

  • Decaying Model: Introduced a new DecayingModel that leverages true positive and false positive sightings for better decision-making. [Marcel Slotema]
  • Log Search Enhancement: Added an optional hh:mm:ss accuracy to log searches, allowing for more precise time-based queries. This update also includes significant refactoring to improve code quality. [iglocska]
  • User Log Review: Improved the functionality of the “review user logs” button. It now links directly to logs relevant to the specific user, considering the new audit log system. Future enhancements will include email-based log searches. [iglocska]

Changes

  • PyMISP Update: Updated PyMISP to the latest version. [Raphaël Vinot]
  • Decaying Model Formulas: Enhanced error handling by catching undefined indexes in decaying model formulas. [Sami Mokaddem]
  • Attributes Search: Added support for sorting by publish_timestamp and introduced the X-Skipped-Elements-Count header to improve pagination during REST searches. [Benni0]
  • Reverse Proxy Handling: Fixed issues with base URL handling for reverse proxies, eliminating problematic redirects. Special thanks to Mitch Germansky for the extensive debugging. [iglocska]
  • MISP Components Update: Updated MISP Object, Galaxy, and STIX components to their latest versions. [Alexandre Dulaunoy, Christian Studer]

Fixes

  • STIX 2 Import: Updated the STIX 2 parsers following recent changes in MISP-STIX. [Christian Studer]
  • Base URL Setting: Adjusted the priority order in beforeFilter to avoid redis errors during benchmarking. [iglocska]
  • Image Helper: Allowed for variable-width organization logos without overlapping text. [iglocska]
  • Workflow Module: Ensured correct type return if redis fails to load during workflow:getEnabledModules. [Sami Mokaddem]
  • Settings Management: Fixed multiple issues related to changing instance settings, including improvements to CLI checks. [iglocska]
  • Attribute Search Ordering: Reverted ID-based sliding window ordering due to performance concerns. [iglocska]

Other

  • Merged several development branches to integrate recent changes, updates, and fixes from various contributors. Notably, the branches related to attribute search order, skipped elements count, and environment dependencies were integrated into the main branch. [iglocska, Christian Studer, Sami Mokaddem, Alexandre Dulaunoy, Stefano Ortolani, Andras Iklody]

For a complete list of updates, please refer to the changelog pages. Many thanks to all the diligent contributors that ensure that MISP keeps improving rapidly!

Continue reading