Blogs

MISP reporting

April 17, 2025

MISP reporting

Introduction

MISP already offers several ways to examine what is happening on your instance:

  • Statistics page - available via Global Actions ▸ Statistics – shows headline figures for events, attributes, users, organisations and sightings. (Tip: append .json to the URL to retrieve the raw data.)
  • Dashboard plug‑ins - provide live widgets on usage, trending attribute values and popular tags.
  • Periodic summary - delivers a snapshot of recent activity straight to your inbox.
  • Visualisation in PowerBI - uses PowerBI to visualise MISP data.

These tools are invaluable for quick checks, yet they stop short of answering a few questions:

Continue reading

Latest misp-stix Release: Enhanced Support for Analyst Data

February 7, 2025

MISP Analyst Data Format: Enhancing STIX 2.1 Integration

The MISP Analyst Data format, part of the broader MISP-standard.org ecosystem, represents a significant step forward in structuring and exchanging cyber threat intelligence. Developed in collaboration with industry partners, this format builds upon the lessons learned from OASIS STIX, addressing its practical shortcomings while ensuring greater efficiency, flexibility, and usability for analysts.

Continue reading

FlowIntel 1.3.1 released and MISP integration

December 9, 2024

FlowIntel 1.3.1 released and MISP integration

FlowIntel is a lightweight and flexible platform built to help teams manage their tasks and cases efficiently. It offers a range of features, from detailed documentation tools to integration with external platforms, ensuring that workflows remain seamless and adaptable to various needs.

Continue reading

MISP ioC retrosearch with misp42 Splunk app.

By Remi Seguy

October 22, 2024

Introduction

Hi, in this blog post I am going to share how I have built a framework on Splunk to retrosearch on MISP indicators of compromise.

Continue reading

SkillAegis

August 14, 2024

Design and Execute Cyber Threat Intelligence Scenarios with SkillAegis

Practical experience is essential for skill development, and effective training must be both engaging and capable of identifying gaps in understanding. That’s why we’re pleased to launch version 1.0.0 of SkillAegis, your new training companion.

Continue reading

Maltego Integration with MISP

By Maltego

July 16, 2024

Maltego Integration with MISP

Understanding How Maltego Integrates with MISP Data for Enhanced Cyber Threat Analysis

Table of contents

Introduction

Many organizations run MISP instances with other cybersecurity tools and OSINT for data-driven investigations. Investigators can integrate both internal and external data to map with MISP data in various ways. This blog details how to look up information directly in the MISP community using MISP Transforms on Maltego Graph, highlighting its seamless integration for efficient and comprehensive investigations.

Continue reading

Collaborative Threat Intelligence Sharing and Automated Information Exchange - Insights from the JTAN Project Experience

July 1, 2024

The JTAN (Joint Threat Analysis Network) Project, co-funded by the European Union’s CEF program, addresses the critical need for efficient and effective threat intelligence sharing among cybersecurity teams. As cyber threats grow in complexity and scale, the ability to quickly exchange and analyze threat data across organizations has become essential for maintaining robust security.

Continue reading

Using your MISP IoCs in Kunai (the open source EDR for Linux)

April 19, 2024

Using your MISP IoCs in Kunai

Kunai is an open-source security monitoring tool, specifically designed to address the threat-hunting and threat-detection problematic on Linux. It has been inspired by Microsoft Sysmon, to provide a Sysmon alike experience to the end user. However, it comes with some more advanced features such as fine grained event filtering, detection rules and IoC matching. In this blog post, we are going to introduce how to implement real time MISP IoC matching in a very short amount of time.

Continue reading

MISP - Elastic Stack - Docker Lab

By Luciano Righetti

April 5, 2024

MISP - Elastic Stack - Docker

This lab explains how to connect MISP to the Elastic Stack in order to leverage IOCs from MISP and trigger alerts based on user defined rules.

Continue reading

Partnership Collaboration between the MISP Project and the Yeti Platform

March 28, 2024

The MISP Project, renowned for its threat intelligence sharing platform, and Yeti Platform, the Forensics Intelligence platform supporting CTI and DFIR practitioners, are coming together to create a more robust and interconnected open source landscape.

Continue reading

Poppy a new Bloom filter format and open source project

March 25, 2024

Poppy a new Bloom filter format and open source library

Introduction

At CIRCL we use regularly bloom filters for some of our use cases especially in digital forensic. Such as providing a small, fast and shareable caching mechanism for Hashlookup database which can be used by incident responders.

Continue reading

Introducing Standalone Functionality to MISP Modules - A New Era of Flexibility and Efficiency

March 12, 2024

Introducing Standalone Functionality to MISP Modules: A New Era of Flexibility and Efficiency

In the ever-evolving landscape of information security, the need for adaptable and efficient tools has never been greater. The MISP project, known for facilitating the sharing of structured threat information, has taken a significant leap forward. We’re excited to announce a pivotal enhancement to the misp-modules, a collection of modules for MISP, extending their functionality to operate not only as an integral part of MISP but also as a standalone web application.

Continue reading

HarfangLab Use-Case with MISP

By Rémi Pointel

February 26, 2024

EDR Use-Cases with MISP

Historically, teams shared indicators of compromise (IOCs) via email in documents that were often difficult to analyze and challenging to automate for processing.

Continue reading

MISPbot

By Koen Van Impe

January 20, 2024

MISPbot

What is MISPbot?

The MISPbot is a simple tool to allow users to interact with MISP via Mastodon or Twitter.

Continue reading

Bridging the Gap: Introducing MISP Airgap for Secure Environments

By Niclas Dauster

January 12, 2024

Bridging the Gap: Introducing MISP Airgap for Secure Environments

In an era where cybersecurity threats are ever-evolving, the need for robust and secure information sharing platforms is paramount. Enter MISP (Threat Intelligence Sharing Platform), a renowned tool in the cybersecurity arsenal. But how do you deploy such a critical tool in the most secure environments, those that are air-gapped from the outside world? This is where the MISP airgap project comes into play.

Continue reading

Using Zeek's new JavaScript support for MISP integration

By Arne Welzel

January 3, 2024

Using Zeek’s new JavaScript support for MISP integration

With Zeek 6.0, experimental JavaScript support was added to Zeek, making Node.js and its vast ecosystem available to Zeek script developers to more easily integrate with external systems.

Continue reading

Current state of the MISP playbooks

By Koen Van Impe

December 8, 2023

Current state of the MISP playbooks

The MISP playbooks at https://github.com/MISP/misp-playbooks address common use-cases encountered by SOCs, CSIRTs or CTI teams to detect, react and analyse intelligence received by MISP. The project started early 2023 and as we’re now ending the year it’s time to look back at its current state and get an early glimpse of the future features.

Continue reading

MISP to Microsoft Sentinel integration with Upload Indicators API

By Koen Van Impe

August 26, 2023

MISP to Microsoft Sentinel integration

Introduction

The MISP to Microsoft Sentinel integration allows you to upload indicators from MISP to Microsoft Sentinel. It relies on PyMISP to get indicators from MISP and an Azure App to connect to Sentinel.

Continue reading

MISP now supports Signal Metadata Format Specification SigMF

August 23, 2023

As one of the outcomes of GeekWeek8, MISP now supports a new set of features useful for handling radio frequency information in the Signal Metadata Format Specification) (SigMF), commonly used in Software Defined Radio (SDR), digital signal processing and data analysis applications.

Continue reading

MISP to Azure Sentinel integration

By Koen Van Impe

April 3, 2023

MISP to Azure Sentinel integration

Introduction

The MISP to Azure / Sentinel integration allows you to upload indicators from MISP to Microsoft Sentinel. It relies on PyMISP to get indicators from MISP and an Azure App and Threat Intelligence Data Connector in Azure.

Continue reading

Search

Tags