Open Source Threat Intelligence and Sharing Platform

Share.Store.Correlate.Analyse.
Targeted attacks.Financial Fraud.Counter-terrorism.

Visualization & Dashboards

Seeing helps understanding.

MISP comes with many visualization options helping analysts find the answers they are looking for.

A galaxy of information

MISP is more than Software

It is also a massive collection of open taxonomies that can be used in any software.

AM!TT for disinformation,
ATT&CK for threat actors, TTPs,
Attack4fraud, TLP, GDPR, Veris, admiralty, estimative language, document classification, and much more!

The art of information sharing

is to share more, smarter and faster
with your friends and allies
than your adversaries would like to.

The key is Automation

Isn’t it sad to have a lot of data and not use it because it’s too much work? Thanks to MISP you can store your IOCs in a structured manner, and thus enjoy the correlation, automated exports for IDS, or SIEM, in STIX or OpenIOC and synchronize to other MISPs. You can now leverage the value of your data without effort and in an automated manner. Check out MISP features.

Simplify Threats

The primary goal of MISP is to be used. This is why simplicity is the driving force behind the project. Storing and especially using information about threats and malware should not be difficult. MISP is there to help you get the maximum out of your data without unmanageable complexity.

By giving you will receive

Sharing is key to fast and effective detection of attacks. Quite often similar organizations are targeted by the same Threat Actor, in the same or different Campaign. MISP will make it easier for you to share with, but also to receive from trusted partners and trust-groups. Sharing also enabled collaborative analysis and prevents you from doing the work someone else already did before.
Join one of the existing MISP communities.

Threat Intelligence

Threat Intelligence is much more than Indicators of Compromise. This is why MISP provides metadata tagging, feeds, visualization and even allows you to integrate with other tools for further analysis thanks to its open protocols and data formats.

Visualization

Having access to a large amount of Threat information through MISP Threat Sharing communities gives you outstanding opportunities to aggregate this information and take the process of trying to understand how all this data fits together telling a broader story to the next level. We are transforming technical data or indicators of compromise (IOCs) into cyber threat intelligence. MISP comes with many visualization options helping analysts find the answers they are looking for.

Open & Free

The MISP Threat Sharing ecosystem is all about accessibility and interoperability: The software is free to use, data format and API are completely open standards and for support you can rely on community and professional services.

Want to test and evaluate MISP?

Download now

Initiatives

The MISP Threat Sharing project consists of multiple initiatives, from software to facilitate threat analysis and sharing to freely usable structured Cyber Threat Information and Taxonomies.

  • The MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.

    MISP Portal

  • Many MISP galaxy clusters are already available like MITRE ATT&CK, Exploit-Kit, Microsoft Activity Group actor, Preventive Measure, Ransomware, TDS, Threat actor or Tool used by adversaries.

    Taxonomies provide a set of already defined classifications modeling estimative language, CSIRTs/CERTs classifications, national classifications or threat model classification.

    MISP Galaxies & Taxonomies

  • In a continuous effort since 2016, CIRCL frequently gives practical training sessions about MISP. The purpose is to reach out to security analysts using MISP as a threat intelligence platform along with users using it as an information sharing platform.

    All the training materials are open source, include slides and a virtual machine preconfigured with the latest version of MISP. Reach out if you are looking for custom training.

    MISP Docu & Trainings

  • PyMISP is a Python library to access MISP platforms via their REST API.

    PyMISP allows you to fetch events, add or update events/attributes, add or update samples or search for attributes programmatically. Discover more

    PyMISP

  • MISP modules are autonomous modules that can be used to extend MISP for new services such as expansion, import and export.

    The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities without modifying core components.

    For more information: Extending MISP with Python modules slides from MISP training.

    MISP Modules

Do you want to join a community?

MISP is an open source software and it is also a large community of MISP users creating, maintaining and operating communities of users or organizations sharing information about threats or cyber security indicators worldwide.

Find communities

From our blog

In addition to the news stories below, check out the press, events, hackathon, MISP Summit pages and full news archive.

Read more

MISP-STIX 2026.3.13 Released

By Christian Studer on March 16, 2026

MISP-STIX v2026.3.13: Improved Indicator-Observable Matching and Expanded STIX Coverage

Introduction

misp-stix is the Python library powering bidirectional conversion between MISP and STIX (versions 1.x, 2.0, and 2.1).
It is used by MISP core software, available as misp-stix on PyPI, and also available directly as a conversion service on cti-transmute.org.

Continue reading

Read more

MISP Workbench `v1.0` (beta) Released

By Luciano Righetti on March 13, 2026

MISP Workbench – First Release v1.0 (beta)

MISP Workbench is a powerful analyst-focused platform designed to tame the challenge of working with large volumes of threat intelligence at scale. It is capable of ingesting data from multiple origins — including MISP instances, external feeds, and other threat intelligence sources — and consolidates them into a unified workspace where analysts can actually get things done. At its core, MISP Workbench puts the analyst in control: query across your entire data corpus, enrich and process indicators, pivot between related intelligence, and push curated results back to MISP or downstream consumers — all from one place. Whether you’re triaging a large batch of incoming indicators, hunting for patterns across feeds, or preparing a finished intelligence product, MISP Workbench is built to cut through the noise and accelerate the workflow from raw data to actionable insight.

Continue reading

Read more

Have You Ever Thought About Drones in MISP?

on March 10, 2026

Have You Ever Thought About Drones in MISP?

The Drone Threat

Unmanned Aerial Vehicles (UAVs), commonly referred to as drones, are increasingly present in civilian, industrial and military environments. While they provide many legitimate capabilities, they also introduce new security risks. In recent years, incidents have illustrated how drones are becoming a recurring operational and security concern across multiple sectors.

Continue reading

Read more

The Economic Power of Federated Threat Intelligence

on March 4, 2026

The Economic Power of Federated Threat Intelligence

Introduction: Why Policy Matters to Developers

As developers of the MISP project, we spend most of our time thinking about UUIDs, JSON schemas, and API synchronization performance. However, every so often, a piece of academic research comes along that reminds us why this work matters beyond the code.

Continue reading