Who Uses MISP?
(MISP) is an open-source platform and open standards ecosystem designed to support the sharing, storage, and correlation of threat intelligence, security information, and operational knowledge. Since its creation, MISP has evolved into a widely adopted framework used by diverse communities across the cybersecurity, public safety, research, and critical infrastructure sectors.
MISP is not only a platform but also a collaborative ecosystem of tools, formats, and standards that enables organisations to exchange structured intelligence efficiently. These include the MISP data model, MISP taxonomies, galaxies, warning lists, object templates, and a wide range of integrations with detection, analysis, and automation tools. Together, these components allow communities to describe, classify, and share information about threats, incidents, vulnerabilities, fraud, and emerging risks in a consistent and machine-readable way.
Over the years, the MISP ecosystem has expanded far beyond traditional cyber threat intelligence use cases. Communities now use MISP to share information about malware campaigns, vulnerabilities, fraud schemes, disinformation operations, supply chain risks, critical infrastructure threats, and even emerging domains such as drone monitoring or other operational intelligence. This flexibility comes from the extensible data model and the ability for communities to adapt the platform to their specific operational needs.
The following list illustrates the broad range of organisations, sectors, and operational roles that use MISP and its surrounding ecosystem of tools and standards. It highlights how MISP supports collaboration between technical defenders, analysts, researchers, and policy actors across multiple domains.
While this list cannot be exhaustive, it reflects the diversity of communities that rely on MISP to share intelligence, coordinate responses, and improve collective situational awareness.
The diversity of these users demonstrates the core philosophy behind MISP: enabling trusted information sharing communities through open standards, interoperable tooling, and collaborative knowledge building.
Government and Public Sector
- National cybersecurity agencies
- Governmental, national and sectorial CERTs / CSIRTs
- Military cyber defense units
- Intelligence agencies
- Law enforcement agencies
- National security operations centers (SOC)
- Ministries responsible for:
- Interior
- Defense
- Digital affairs
- Critical infrastructure protection
- Intergovernmental organizations (e.g., EU bodies)
- Public sector SOC teams
- Election security monitoring teams
International and Intergovernmental Organizations
- NATO cyber defense units
- EU institutions and agencies
- Regional cybersecurity coordination centers
- International cyber cooperation initiatives
- Global threat intelligence collaboration platforms
- Information sharing alliances
CERT / CSIRT Communities
- National CERTs
- Government CSIRTs
- Sectorial CSIRTs
- Academic CSIRTs
- Corporate incident response teams
- FIRST member organizations
- Incident response communities and networks
Financial Sector
- Banks
- Payment processors
- Financial market infrastructures
- Stock exchanges
- Insurance companies
- Fintech companies
- Anti-fraud intelligence units
- Financial sector information sharing groups
Critical Infrastructure Operators
- Energy providers
- Power grid operators
- Oil and gas companies
- Water utilities
- Transportation operators
- Aviation sector
- Railway operators
- Maritime operators
- Telecommunications providers
- Satellite operators
Healthcare Sector
- Hospitals
- Healthcare networks
- Pharmaceutical companies
- Medical research organizations
- Public health cybersecurity teams
Private Companies
- Large enterprises
- Managed security service providers (MSSPs)
- Managed detection and response providers (MDRs)
- Cybersecurity consulting firms
- Cloud service providers
- Software vendors
- Hardware vendors
- SaaS providers
- Internet service providers (ISPs)
Security Operations and Threat Intelligence Teams
- SOC teams
- Threat intelligence teams
- Threat hunting teams
- Digital forensics teams
- Incident response teams
- Malware analysis teams
- Red teams and blue teams
- Vulnerability management teams
Research and Academic Institutions
- Universities
- Security research laboratories
- Cybersecurity research groups
- Academic CSIRTs
- Malware research labs
- Threat intelligence research projects
Open Source and Security Communities
- Open-source security projects
- Threat intelligence sharing communities
- Independent security researchers
- Bug bounty communities
- OSINT communities
- Cybersecurity non-profits
Industry Information Sharing Communities
- ISACs (Information Sharing and Analysis Centers)
- ISAOs (Information Sharing and Analysis Organizations)
- Sector-specific intelligence communities
- Regional cybersecurity collaboration groups
- Supply chain intelligence sharing groups
Fraud and Financial Crime Investigators
- Anti-fraud teams
- Anti-money laundering (AML) teams
- Payment fraud investigators
- Financial crime intelligence teams
- Law enforcement fraud units
Security Vendors and Product Developers
- Antivirus vendors
- Endpoint detection and response vendors
- Threat intelligence platform vendors
- SIEM vendors
- Detection engineering teams
- Security analytics platform providers
Operational Technology (OT) and ICS Security Teams
- Industrial control system operators
- SCADA security teams
- Manufacturing cybersecurity teams
- Industrial SOCs
- Smart grid operators
Communities Using MISP for Non-Traditional Threat Intelligence
- Counter-terrorism intelligence communities
- Disinformation analysis groups
- Election monitoring teams
- Drone monitoring / airspace security communities
- Supply chain security communities
- Vulnerability intelligence sharing groups
- Fraud intelligence sharing groups
Individual Personas Using MISP
- Security analysts
- Threat intelligence analysts
- Malware researchers
- Incident responders
- Digital forensics investigators
- Vulnerability researchers
- Cyber threat hunters
- Security engineers