About MISP

Malware Information Sharing Platform (MISP) is an open-source software solution for collecting, storing, distributing, sharing, and correlating Indicators of Compromise. There can be Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information, or even counter-terrorism information. The objective of MISP is to foster the sharing of structured information within the security community. MISP provides functionality to support not only the exchange of information but also the consumption of information by Intrusion Detection Systems (IDS), log analysis tools, and SIEM software.

MISP features include the following:

• Importing indicators from MISP, STIX™, OpenIOC, text, and CSV data
• Automatic information sharing about threats among various participants

  There are several open MISP communities you can participate in.

• Automatic generating rules for IDS Bro, Snort®, and Suricata, and for various SIEM software programs

MISP includes many Python® modules for integration with various software programs:

• Expansion modules—Modules that enrich events with some data.

  Expansion modules can be of two types:

  • Hover type

    Modules that display enriched events without modifying the events.

  • Expansion type

    Modules that modify events by enriching them with data and displaying the result.

• Import modules—Modules that import indicators to MISP.
• Export modules—Modules that export data from MISP (for example, to SIEM software).

Page top