About MISP

Malware Information Sharing Platform (MISP) is an open-source software solution for collecting, storing, distributing, sharing, and correlating Indicators of Compromise. There can be Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information, or even counter-terrorism information. The objective of MISP is to foster the sharing of structured information within the security community. MISP provides functionalities to support exchange of information but also consumption of the information by Intrusion Detection Systems (IDS), log analysis tools, and SIEM software.

The MISP features include the following:

• Importing indicators from MISP, STIX™, OpenIOC, text, and CSV data
• Automatic information sharing about threats among various participants

  There are a number of open MISP communities in which you can participate.

• Automatic generating rules for IDS Bro, Snort®, and Suricata, and for various SIEM software programs

MISP includes many Python® modules for integration with various software programs:

• Expansion modules—Modules that enrich events with some data.

  Expansion modules can be of two types:

  • Hover type

    Modules that display enriched events without modifying the events.

  • Expansion type

    Modules that modify events by enriching them with data and displaying the result.

• Import modules—Modules that import indicators to MISP.
• Export modules—Modules that export data from MISP (for example, to SIEM software).

Page top